fix(cdk): Remove fallback mechanism and properly configure user namespaces

devin-ai-integration[bot] · aaronsteers · devin-ai-integration[bot] · commit 4d62c3498777 · 2025-03-09T21:33:07.000Z
Co-Authored-By: Aaron &lt;AJ&gt; Steers &lt;aj@airbyte.io&gt;
diff --git a/devlog/2025-03-sandboxing-3.md b/devlog/2025-03-sandboxing-3.md
@@ -16,16 +16,16 @@ This error occurs because gVisor requires user namespace support for rootless co
 The key changes in this implementation:
 
 1. **Update OCI Configuration**:
-   - Add `umask` setting to the user configuration
-   - Ensure proper user namespace mapping
+   - Add proper user namespace configuration to the Linux namespaces section
+   - Ensure proper user configuration
 
-2. **Modify gVisor Wrapper Script**:
-   - Add `--network=host` flag to the runsc command
-   - Maintain the fallback mechanism to direct execution if runsc fails
+2. **Remove Fallback Mechanism**:
+   - Remove the fallback to direct execution to ensure proper sandboxing
+   - Focus on making gVisor work properly in production environments
 
 3. **Update Dockerfile**:
    - Configure kernel parameters to allow unprivileged user namespace cloning
-   - Maintain existing directory permissions
+   - Set appropriate permissions for directories
 
 ## Technical Approach
 
@@ -38,8 +38,8 @@ gVisor requires user namespace support for rootless containers. This is a fundam
 The solution addresses these issues by:
 
 1. Configuring the OCI bundle with proper user namespace settings
-2. Adding network host mode to the runsc command
-3. Setting kernel parameters to allow unprivileged user namespace cloning
+2. Setting kernel parameters to allow unprivileged user namespace cloning
+3. Removing the fallback mechanism to ensure proper sandboxing
 
 ## Testing Results
 
@@ -61,14 +61,30 @@ docker run --rm --privileged airbyte/source-declarative-manifest-gvisor spec
 docker run --rm --userns=host airbyte/source-declarative-manifest-gvisor spec
 ```
 
-While the user namespace error may still occur in some environments due to host-level restrictions, the fallback mechanism ensures the connector still functions by executing the command directly.
+The implementation now requires proper user namespace support to function, as the fallback mechanism has been removed to ensure proper sandboxing.
 
-## Considerations for Future Work
+## Production Deployment Requirements
 
-1. **Docker Runtime Configuration**: For production use, consider configuring the Docker daemon with user namespace remapping using the `userns-remap` option.
-2. **Host-Level Configuration**: Some environments may require additional host-level configuration to enable user namespaces.
-3. **Alternative Sandboxing Approaches**: If user namespace support cannot be enabled in the target environment, consider alternative sandboxing approaches like Firejail.
+For gVisor to work properly in production environments:
+
+1. **Docker Runtime Configuration**: Configure the Docker daemon with user namespace remapping using the `userns-remap` option in `/etc/docker/daemon.json`:
+   ```json
+   {
+     "userns-remap": "default"
+   }
+   ```
+
+2. **Host-Level Configuration**: Enable user namespaces at the host level:
+   ```bash
+   echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf
+   sysctl -w kernel.unprivileged_userns_clone=1
+   ```
+
+3. **Container Runtime Flags**: Run containers with the appropriate flags:
+   ```bash
+   docker run --security-opt seccomp=unconfined --security-opt apparmor=unconfined --userns=host
+   ```
 
 ## Conclusion
 
-This implementation addresses the user namespace issue in the gVisor sandboxing implementation by properly configuring the OCI bundle and adding necessary flags to the runsc command. The fallback mechanism ensures the connector still functions in environments without proper user namespace support.
+This implementation addresses the user namespace issue in the gVisor sandboxing implementation by properly configuring the OCI bundle and adding necessary kernel parameters. The removal of the fallback mechanism ensures that the connector will only run with proper sandboxing, which is essential for production use.
diff --git a/docker/sandbox-poc/Dockerfile.gvisor b/docker/sandbox-poc/Dockerfile.gvisor
@@ -5,7 +5,7 @@ USER root
 
 # Install dependencies
 RUN apt-get update && \
-    apt-get install -y curl gnupg apt-transport-https ca-certificates && \
+    apt-get install -y curl gnupg apt-transport-https ca-certificates procps uidmap && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
diff --git a/docker/sandbox-poc/scripts/gvisor-wrapper.sh b/docker/sandbox-poc/scripts/gvisor-wrapper.sh
@@ -6,6 +6,6 @@ shift
 # Use pre-created OCI bundle directory
 BUNDLE_DIR="/var/run/oci-bundle"
 
-# Run the command with runsc
+# Run the command with runsc (no fallback)
 cd $BUNDLE_DIR
-runsc -TESTONLY-unsafe-nonroot run --bundle=$BUNDLE_DIR container1 || python /airbyte/integration_code/main.py "$COMMAND" "$@"
+runsc -TESTONLY-unsafe-nonroot run --bundle=$BUNDLE_DIR container1
diff --git a/docker/sandbox-poc/scripts/oci-config.json b/docker/sandbox-poc/scripts/oci-config.json
@@ -19,5 +19,14 @@
   "root": {
     "path": "rootfs"
   },
-  "linux": {}
+  "linux": {
+    "namespaces": [
+      {"type": "mount"},
+      {"type": "network"},
+      {"type": "uts"},
+      {"type": "pid"},
+      {"type": "ipc"},
+      {"type": "user"}
+    ]
+  }
 }
