welsberr
/
ThreeGate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ThreeGate/docs/monty_hardening.md

83 lines
1.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Monty Hardening: AppArmor & Seccomp
This document describes optional OS-level hardening for the Monty execution lane.
Monty already limits capabilities at the interpreter level.
AppArmor/seccomp provide **defense in depth**.
---
## Threats Addressed
- Interpreter escape via implementation bug
- Unexpected syscall usage
- Accidental filesystem or network access
---
## Recommended AppArmor Profile (Conceptual)
Allow:
- read-only access to Python runtime
- memory allocation
- basic syscalls (read, write, exit)
Deny:
- file creation
- network syscalls
- process creation
- mount, ptrace, ioctl
Example sketch:
````
profile threegate-monty flags=(attach_disconnected) {
network deny,
file deny,
capability deny,
mount deny,
ptrace deny,
/usr/bin/python3 ixr,
/usr/lib/** r,
deny /** w,
}
```
(Exact paths depend on distro and container image.)
---
## Seccomp Strategy
If using Docker:
- Start from Docker default seccomp profile
- Remove:
- `clone`
- `fork`
- `execve`
- `socket*`
- Allow only:
- memory, signal, exit, basic I/O
---
## When to Enable
- Multi-user environments
- Long-running services
- High-assurance deployments
For local, single-user research systems, Montys interpreter restrictions may be sufficient.
---
## Summary
Monty does not *require* OS sandboxing, but benefits from it.
This layer is optional, not foundational.
Reference in New Issue View Git Blame Copy Permalink