# Monty Container Hardening (Runtime Enablement)

This guide enables optional seccomp/AppArmor hardening for the Monty execution lane.

## Prerequisites
- Docker/Compose supports `security_opt` and `profiles`.
- Host supports seccomp (most modern Linux).
- AppArmor (optional) is enabled on the host.

## Enable hardened profile (seccomp only)

From repo root:

```sh
docker compose \
  -f docker-compose.yml \
  -f infra/compose/docker-compose.monty-hardened.yml \
  --profile monty-hardened \
  up -d
````

This applies:

* seccomp “no-network syscall” blocklist
* read-only container filesystem
* tmpfs for /tmp and /var/tmp
* no-new-privileges
* cap_drop=ALL

## Enable AppArmor (optional)

1. Load the profile:

```sh
sudo apparmor_parser -r -W infra/apparmor/threegate-monty
```

2. Uncomment or add in `infra/compose/docker-compose.monty-hardened.yml`:

```yaml
security_opt:
  - apparmor:threegate-monty
```

3. Restart the service:

```sh
docker compose \
  -f docker-compose.yml \
  -f infra/compose/docker-compose.monty-hardened.yml \
  --profile monty-hardened \
  up -d --force-recreate
```

## Verification

* In the Monty container, attempts to open sockets should fail.
* Your normal Monty tool requests should still run.

## Why this is defense-in-depth

Monty already limits capabilities at the interpreter level, but:

* seccomp reduces syscall attack surface
* AppArmor adds filesystem and capability controls
* read-only root limits persistence

These controls are optional but recommended for higher-assurance deployments.