Workloads can modify systemd user services by means of mounting the device's file system and escaping SELinux.

[jordigilh]

Steps to reproduce:

• Run this workload:

apiVersion: management.project-flotta.io/v1alpha1
kind: EdgeWorkload
metadata:
  name: mount
  annotations:
    podman/run.oci.keep_original_groups: "1"
spec:
  deviceSelector:
    matchLabels:
      app: mount
  type: pod
  pod:
    spec:
      containers:
      - image: docker.io/eloycoto/logexample
        name: fedora
        volumeMounts:
        - mountPath: /home/flotta/
          name: home
        securityContext:
          seLinuxOptions:
            type: 'spc_t'
      restartPolicy: Always      
      volumes:
      - name: home
        hostPath:
          path: /var/home/flotta
          type: File

• Label the edgeworkload with app=mount so that the workload will run in the device
• SSH to the device and then su into the flotta user: su -l flotta -s /bin/bash
• Run a shell inside the container that runs the worlkoad: podman exec -it mount-fedora bash
• Remove the soft link mount.service found in /home/flotta/.config/systemd/user/default.target.wants/

[root@mount /]# ls -la /home/flotta/.config/systemd/user/default.target.wants
total 0
drwxr-xr-x. 2 root root  27 Aug  4 22:23 .
drwxr-xr-x. 4 root root 121 Aug  4 22:23 ..
lrwxrwxrwx. 1 root root  51 Aug  4 22:23 mount.service -> /var/home/flotta/.config/systemd/user/mount.service
[root@mount /]# rm /home/flotta/.config/systemd/user/default.target.wants/mount.service 
rm: remove symbolic link '/home/flotta/.config/systemd/user/default.target.wants/mount.service'? y
[root@mount /]#

• Exit the container and check that the file has been deleted:

[flotta@fedora user]$ ls -la default.target.wants/
total 0
drwxr-xr-x. 2 flotta flotta  6 Aug  4 18:11 .
drwxr-xr-x. 4 flotta flotta 83 Aug  4 18:12 ..

• Wait until the agent deletes the workload:

Aug 04 18:12:09 fedora yggdrasild[841]: [yggdrasild] 2022/08/04 18:12:09 /usr/libexec/yggdrasil/device-worker: workload not found: mount. Removing. DeviceID: 4233c45699b644b79107306e74bccbc5;
Aug 04 18:12:20 fedora yggdrasild[841]: [yggdrasild] 2022/08/04 18:12:20 /usr/libexec/yggdrasil/device-worker: workload mount removed. DeviceID: 4233c45699b644b79107306e74bccbc5;

Note: As a side effect, the edgeworkload is removed from the control plane as well as from the device.

[jordigilh]

Note that the side effect is due to uncommited code and it is not a reproducible outcome. However the fact that the container can modify the host's files is still applicable.

[jordigilh]

After discussing this issue with flotta members (@masayag @eloycoto @pkliczewski @tupyy ) we resolved in documenting this use case and suggesting using OPA (validating webhooks) to prevent workloads from mounting paths that are not allowed based on each deployment use case.