ThreeGate/docs/monty_container_hardening_runtime.md

Monty Container Hardening (Runtime Enablement)

This guide enables optional seccomp/AppArmor hardening for the Monty execution lane.

Prerequisites

• Docker/Compose supports security_opt and profiles.
• Host supports seccomp (most modern Linux).
• AppArmor (optional) is enabled on the host.

Enable hardened profile (seccomp only)

From repo root:

docker compose \
  -f docker-compose.yml \
  -f infra/compose/docker-compose.monty-hardened.yml \
  --profile monty-hardened \
  up -d

This applies:

• seccomp “no-network syscall” blocklist
• read-only container filesystem
• tmpfs for /tmp and /var/tmp
• no-new-privileges
• cap_drop=ALL

Enable AppArmor (optional)

1. Load the profile:

sudo apparmor_parser -r -W infra/apparmor/threegate-monty

2. Uncomment or add in infra/compose/docker-compose.monty-hardened.yml:

security_opt:
  - apparmor:threegate-monty

3. Restart the service:

docker compose \
  -f docker-compose.yml \
  -f infra/compose/docker-compose.monty-hardened.yml \
  --profile monty-hardened \
  up -d --force-recreate

Verification

• In the Monty container, attempts to open sockets should fail.
• Your normal Monty tool requests should still run.

Why this is defense-in-depth

Monty already limits capabilities at the interpreter level, but:

• seccomp reduces syscall attack surface
• AppArmor adds filesystem and capability controls
• read-only root limits persistence

These controls are optional but recommended for higher-assurance deployments.