Honour allowed policies even when indirected through symlinks?

[plobsing]

Feature Overview

When a user has acknowledged a policy using aqua policy allow, one expects that the policy should be able to take effect. When symlinks are involved, a policy file can be found under a different path than the one that was used to acknowledge it. My expectation was that symlink aliases of allowed policies would work because what is authorized by aqua policy allow is the policy's content rather than the policy's location (as observed when changing the content of an already-allowed policy file: content changes prompt the user to re-ack).

Should Aqua enforce policies purely by policy content, ignoring policy locations entirely? Right now, policies under different paths get treated like they are entirely independent, even if they might have the same content or even the same file identity (device + inode).

Why is the feature needed?

Symlinks are sometimes used to compose environments on-the-fly. One example where this happens
is the Bazel build tool. Right now, Aqua and
Bazel have an odd interaction when policies are involved, which I've written up in more detail here.

Workaround

This is not a problem when not using symlinks, but that is not always an option.
Code written to be executed in a symlinked environment may critically rely on that and fail outside of that context.
For instance, code wired together by Bazel sometimes expects to find certain libraries or data files at locations relative to the working directory; chdir out of the sandbox root breaks those expections.

Example Code

❯ cd ~/aqua-bazel-policy-demo
❯ aqua policy allow
❯ ./hello_world.sh 
 ______________ 
< Hello World! >
 -------------- 
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||
❯ ln -s ~/aqua-bazel-policy-demo ~/aqua-bazel-policy-demo.symlink 
❯ cd ~/aqua-bazel-policy-demo.symlink
❯ ./hello_world.sh 
WARN[0000] The policy file is ignored unless it is allowed by "aqua policy allow" command.

$ aqua policy allow "/Users/peter/aqua-bazel-policy-demo.symlink/aqua-policy.yaml"

If you want to keep ignoring the policy file without the warning, please run "aqua policy deny" command.

$ aqua policy deny "/Users/peter/aqua-bazel-policy-demo.symlink/aqua-policy.yaml"

   aqua_version=2.28.1 doc="https://aquaproj.github.io/docs/reference/codes/003" env=darwin/arm64 exe_name=cowsay package_name=Code-Hex/Neo-cowsay package_version=v2.0.4 policy_file=/Users/peter/aqua-bazel-policy-demo.symlink/aqua-policy.yaml program=aqua
FATA[0000] aqua failed                                   aqua_version=2.28.1 doc="https://aquaproj.github.io/docs/reference/codes/002" env=darwin/arm64 error="install the package: this package isn't allowed" exe_name=cowsay package_name=Code-Hex/Neo-cowsay package_version=v2.0.4 program=aqua

Configuration

See https://github.com/plobsing/aqua-bazel-policy-demo

Note

On the other hand, maybe there's a good reason to not have policies work this way? I re-read through the docs on policies and was not immediately able to find anything one way or the other.

[suzuki-shunsuke]

I tried your example, but I couldn't reproduce the issue.

1. Set up the environment using a container

https://aquaproj.github.io/docs/tutorial/#docker

$ docker version
Client:
 Version:           26.1.4
 API version:       1.45
 Go version:        go1.21.11
 Git commit:        5650f9b
 Built:             Wed Jun  5 11:26:02 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.31.0 (153195)
 Engine:
  Version:          26.1.4
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.21.11
  Git commit:       de5c9cf
  Built:            Wed Jun  5 11:29:12 2024
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.33
  GitCommit:        d2d58213f83a351ca8f528a95fbd145f5654e957
 runc:
  Version:          1.1.12
  GitCommit:        v1.1.12-0-g51d5e94
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker run --rm -ti debian:bookworm-20231009 bash

apt update
apt install -y curl vim

mkdir ~/workspace
cd ~/workspace
export PATH="${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH"
curl -sSfL -O https://raw.githubusercontent.com/aquaproj/aqua-installer/v3.0.1/aqua-installer
echo "fb4b3b7d026e5aba1fc478c268e8fbd653e01404c8a8c6284fdba88ae62eda6a  aqua-installer" | sha256sum -c

chmod +x aqua-installer
./aqua-installer

Install Git

apt-get install -y git

Check out the repository https://github.com/plobsing/aqua-bazel-policy-demo

git clone https://github.com/plobsing/aqua-bazel-policy-demo ~/aqua-bazel-policy-demo

cd ~/aqua-bazel-policy-demo
aqua policy allow
aqua i -l

root@bee1d67a678f:~/aqua-bazel-policy-demo# ./hello_world.sh
INFO[0000] download and unarchive the package            aqua_version=2.29.0 env=linux/arm64 exe_name=cowsay package_name=Code-Hex/Neo-cowsay package_version=v2.0.4 program=aqua registry=local
 ______________ 
< Hello World! >
 -------------- 
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

root@bee1d67a678f:~/aqua-bazel-policy-demo# ln -s ~/aqua-bazel-policy-demo ~/aqua-bazel-policy-demo.symlink
root@bee1d67a678f:~/aqua-bazel-policy-demo# cd ~/aqua-bazel-policy-demo.symlink

root@bee1d67a678f:~/aqua-bazel-policy-demo.symlink# ./hello_world.sh
WARN[0000] The policy file is ignored unless it is allowed by "aqua policy allow" command.

$ aqua policy allow "/root/aqua-bazel-policy-demo.symlink/aqua-policy.yaml"

If you want to keep ignoring the policy file without the warning, please run "aqua policy deny" command.

$ aqua policy deny "/root/aqua-bazel-policy-demo.symlink/aqua-policy.yaml"

   aqua_version=2.29.0 doc="https://aquaproj.github.io/docs/reference/codes/003" env=linux/arm64 exe_name=cowsay package_name=Code-Hex/Neo-cowsay package_version=v2.0.4 policy_file=/root/aqua-bazel-policy-demo.symlink/aqua-policy.yaml program=aqua
FATA[0000] aqua failed                                   aqua_version=2.29.0 doc="https://aquaproj.github.io/docs/reference/codes/002" env=linux/arm64 error="install the package: this package isn't allowed" exe_name=cowsay package_name=Code-Hex/Neo-cowsay package_version=v2.0.4 program=aqua

root@bee1d67a678f:~/aqua-bazel-policy-demo.symlink# aqua policy allow "/root/aqua-bazel-policy-demo.symlink/aqua-policy.yaml"
root@bee1d67a678f:~/aqua-bazel-policy-demo.symlink# ./hello_world.sh
 ______________ 
< Hello World! >
 -------------- 
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

When you ran aqua policy allow in aqua-bazel-policy-demo.symlink, the command outputted warning If you want to keep ignoring the policy file without the warning, please run "aqua policy deny" command..
But when I ran the same thing, no warning was outputted and the command worked normally.

[plobsing]

This session does demonstrate the condition that surprises me. The first time that ./hello_world.sh is run in ~/aqua-bazel-policy-demo.symlink, it fails. That's this part of the session:

root@bee1d67a678f:~/aqua-bazel-policy-demo.symlink# ./hello_world.sh
WARN[0000] The policy file is ignored unless it is allowed by "aqua policy allow" command.

$ aqua policy allow "/root/aqua-bazel-policy-demo.symlink/aqua-policy.yaml"

If you want to keep ignoring the policy file without the warning, please run "aqua policy deny" command.

$ aqua policy deny "/root/aqua-bazel-policy-demo.symlink/aqua-policy.yaml"

   aqua_version=2.29.0 doc="https://aquaproj.github.io/docs/reference/codes/003" env=linux/arm64 exe_name=cowsay package_name=Code-Hex/Neo-cowsay package_version=v2.0.4 policy_file=/root/aqua-bazel-policy-demo.symlink/aqua-policy.yaml program=aqua
FATA[0000] aqua failed                                   aqua_version=2.29.0 doc="https://aquaproj.github.io/docs/reference/codes/002" env=linux/arm64 error="install the package: this package isn't allowed" exe_name=cowsay package_name=Code-Hex/Neo-cowsay package_version=v2.0.4 program=aqua

I would expect that since ./hello_world.sh previously worked when run from ~/aqua-bazel-policy-demo, and because ~/aqua-bazel-policy-demo and ~/aqua-bazel-policy-demo.symlink are the same directory (just different names for the same thing), that that first run would work.

When you ran aqua policy allow in aqua-bazel-policy-demo.symlink, the command outputted warning If you want to keep ignoring > the policy file without the warning, please run "aqua policy deny" command..
But when I ran the same thing, no warning was outputted and the command worked normally.

Ah. I think the issue here might be a misinterpretation of my shell session. In my report, I never ran aqua policy allow in aqua-bazel-policy-demo.symlink (because I don't believe I should need to). The line in the output that looks like that

$ aqua policy allow "/Users/peter/aqua-bazel-policy-demo.symlink/aqua-policy.yaml"

is part of the error message. To clear up any lingering ambiguity, in the session I shared, my input always happens on lines that start with ❯, not $.

[suzuki-shunsuke]

Ah, I see. I misunderstood that you ran the command $ aqua policy allow "/Users/peter/aqua-bazel-policy-demo.symlink/aqua-policy.yaml" and the result was If you want to keep ignoring the policy file without the warning, please run "aqua policy deny" command..

I understood your suggestion.