[LXC] Address network policy gaps - model 2 (deny-all-except-proxy)#632
Open
dhoehna wants to merge 2 commits into
Open
[LXC] Address network policy gaps - model 2 (deny-all-except-proxy)#632dhoehna wants to merge 2 commits into
dhoehna wants to merge 2 commits into
Conversation
- Fail-fast when no veth in firewall mode (no more silent skip of the FORWARD hook). - Emit deny rules before allow rules (deny-wins); pure ordered rule-builder + tests. - Inject HTTP(S)_PROXY + iptables proxy-only egress; scrub all inherited proxy env vars first. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Copilot-Session: 3b78bec0-e139-4cfd-9c10-092ef986d4f4
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements a “deny-all-except-proxy” network model for the LXC backend, aiming to close enforcement gaps by failing fast when the FORWARD hook can’t be safely scoped, enforcing deny-wins rule ordering, and adding proxy-based egress restrictions plus proxy environment-variable hygiene for LXC executions.
Changes:
- Refactors LXC iptables rule construction into an ordered rule builder (deny before allow) and fails fast when a veth interface is unavailable for scoping.
- Adds LXC proxy enforcement that allows egress only to the configured proxy endpoint(s) and injects/scrubs proxy env vars for the container process.
- Extends LXC attach-run environment handling with a “force clear env” control to prevent inherited proxy variables from leaking when the caller env becomes empty after scrubbing.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/core/wxc_common/src/proxy_env.rs | New helper + unit tests for scrubbing and applying proxy-related env vars. |
| src/core/wxc_common/src/lib.rs | Exposes the new proxy_env module. |
| src/core/wxc_common/src/config_parser.rs | Allows network.proxy for lxc, adds LXC-specific validation and updates/extends tests. |
| src/backends/lxc/common/src/network_iptables.rs | Implements proxy-only egress rules, deny-wins ordering, and fail-fast veth scoping; adds tests. |
| src/backends/lxc/common/src/lxc_runner.rs | Uses apply_proxy_env and passes a force-clear-env flag into attach_run; includes proxy in “needs network” detection. |
| src/backends/lxc/common/src/lxc_bindings.rs | Adds force_clear_env support to attach_run argument building and tests it. |
…NS in proxy mode Addresses Copilot reviewer feedback on the deny-all-except-proxy model: - Reject network.proxy.localhost for LXC (127.0.0.1 is the container loopback, unreachable from the container netns); require network.proxy.url with a routable host. Update the LXC proxy test to use a url and add a rejection test. - In proxy mode, only open outbound DNS when the proxy is addressed by hostname; when it is an IP literal keep the sandbox fully closed. Fix the misleading log line and add a host_is_ip_literal helper + unit test. - Correct the build_attach_args doc comment: it is #[cfg(test)]-only; move the 'Linux + test builds' note onto build_attach_args_with_env_control. - Note in docs/schema.md that LXC requires a url proxy (not loopback). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Linked work item: AB#62830341 — [LXC] Address network policy gaps - model 2 (deny-all-except-proxy)
Summary
Implements the deny-all-except-proxy network model for LXC.
FORWARDhook (which previously left rules built but unenforced).HTTP_PROXY/HTTPS_PROXY(+ lowercase) into the container and restricts egress to the proxyaddress:port(DROP other outbound).HTTP_PROXY/HTTPS_PROXY/ALL_PROXY/FTP_PROXY/NO_PROXY(+ lowercase) before setting configured values, via a pureproxy_envhelper with unit tests.Validation
cargo fmt --all -- --check;cargo clippy --target x86_64-unknown-linux-gnu -p lxc_common -D warnings— cleancargo test -p wxc_common— 399 passedcargo check --target x86_64-unknown-linux-gnu -p lxc_common --tests— passIndependent of the sibling LXC branches.
Microsoft Reviewers: Open in CodeFlow