// IsRunningImageAllowed returns true iff the policy allows running the image. // If it returns false, err must be non-nil, and should be an PolicyRequirementError if evaluation // succeeded but the result was rejection. // WARNING: This validates signatures and the manifest, but does not download or validate the // layers. Users must validate that the layers match their expected digests. func (pc *PolicyContext) IsRunningImageAllowed(image types.Image) (res bool, finalErr error) { if err := pc.changeState(pcReady, pcInUse); err != nil { return false, err } defer func() { if err := pc.changeState(pcInUse, pcReady); err != nil { res = false finalErr = err } }() logrus.Debugf("IsRunningImageAllowed for image %s", image.IntendedDockerReference()) reqs, err := pc.requirementsForImage(image) if err != nil { return false, err } if len(reqs) == 0 { return false, PolicyRequirementError("List of verification policy requirements must not be empty") } for reqNumber, req := range reqs { // FIXME: supply state allowed, err := req.isRunningImageAllowed(image) if !allowed { logrus.Debugf("Requirement %d: denied, done", reqNumber) return false, err } logrus.Debugf(" Requirement %d: allowed", reqNumber) } // We have tested that len(reqs) != 0, so at least one req must have explicitly allowed this image. logrus.Debugf("Overall: allowed") return true, nil }
func (prm *prmMatchRepository) matchesDockerReference(image types.Image, signatureDockerReference string) bool { intended, signature, err := parseDockerReferences(image.IntendedDockerReference(), signatureDockerReference) if err != nil { return false } return signature.Name() == intended.Name() }
func (prm *prmMatchExact) matchesDockerReference(image types.Image, signatureDockerReference string) bool { intended, signature, err := parseDockerReferences(image.IntendedDockerReference(), signatureDockerReference) if err != nil { return false } // Do not add default tags: image.IntendedDockerReference() has it added already per its construction, and signatureDockerReference should be exact; so, verify that now. if reference.IsNameOnly(intended) || reference.IsNameOnly(signature) { return false } return signature.String() == intended.String() }
// requirementsForImage selects the appropriate requirements for image. func (pc *PolicyContext) requirementsForImage(image types.Image) (PolicyRequirements, error) { imageIdentity := image.IntendedDockerReference() // We don't technically need to parse it first in order to match the full name:tag, // but do so anyway to ensure that the intended identity really does follow that // format, or at least that it is not demonstrably wrong. ref, err := reference.ParseNamed(imageIdentity) if err != nil { return nil, err } ref = reference.WithDefaultTag(ref) // Look for a full match. fullyExpanded, err := fullyExpandedDockerReference(ref) if err != nil { // Coverage: This cannot currently happen. return nil, err } if req, ok := pc.Policy.Specific[fullyExpanded]; ok { logrus.Debugf(" Using specific policy section %s", fullyExpanded) return req, nil } // Look for a match of the repository, and then of the possible parent // namespaces. Note that this only happens on the expanded host names // and repository names, i.e. "busybox" is looked up as "docker.io/library/busybox", // then in its parent "docker.io/library"; in none of "busybox", // un-namespaced "library" nor in "" implicitly representing "library/". // // ref.FullName() == ref.Hostname() + "/" + ref.RemoteName(), so the last // iteration matches the host name (for any namespace). name := ref.FullName() for { if req, ok := pc.Policy.Specific[name]; ok { logrus.Debugf(" Using specific policy section %s", name) return req, nil } lastSlash := strings.LastIndex(name, "/") if lastSlash == -1 { break } name = name[:lastSlash] } logrus.Debugf(" Using default policy section") return pc.Policy.Default, nil }
// GetSignaturesWithAcceptedAuthor returns those signatures from an image // for which the policy accepts the author (and which have been successfully // verified). // NOTE: This may legitimately return an empty list and no error, if the image // has no signatures or only invalid signatures. // WARNING: This makes the signature contents acceptable for futher processing, // but it does not necessarily mean that the contents of the signature are // consistent with local policy. // For example: // - Do not use a an existence of an accepted signature to determine whether to run // a container based on this image; use IsRunningImageAllowed instead. // - Just because a signature is accepted does not automatically mean the contents of the // signature are authorized to run code as root, or to affect system or cluster configuration. func (pc *PolicyContext) GetSignaturesWithAcceptedAuthor(image types.Image) (sigs []*Signature, finalErr error) { if err := pc.changeState(pcReady, pcInUse); err != nil { return nil, err } defer func() { if err := pc.changeState(pcInUse, pcReady); err != nil { sigs = nil finalErr = err } }() logrus.Debugf("GetSignaturesWithAcceptedAuthor for image %s", image.IntendedDockerReference()) reqs, err := pc.requirementsForImage(image) if err != nil { return nil, err } // FIXME: rename Signatures to UnverifiedSignatures unverifiedSignatures, err := image.Signatures() if err != nil { return nil, err } res := make([]*Signature, 0, len(unverifiedSignatures)) for sigNumber, sig := range unverifiedSignatures { var acceptedSig *Signature // non-nil if accepted rejected := false // FIXME? Say more about the contents of the signature, i.e. parse it even before verification?! logrus.Debugf("Evaluating signature %d:", sigNumber) interpretingReqs: for reqNumber, req := range reqs { // FIXME: Log the requirement itself? For now, we use just the number. // FIXME: supply state switch res, as, err := req.isSignatureAuthorAccepted(image, sig); res { case sarAccepted: if as == nil { // Coverage: this should never happen logrus.Debugf(" Requirement %d: internal inconsistency: sarAccepted but no parsed contents", reqNumber) rejected = true break interpretingReqs } logrus.Debugf(" Requirement %d: signature accepted", reqNumber) if acceptedSig == nil { acceptedSig = as } else if *as != *acceptedSig { // Coverage: this should never happen // Huh?! Two ways of verifying the same signature blob resulted in two different parses of its already accepted contents? logrus.Debugf(" Requirement %d: internal inconsistency: sarAccepted but different parsed contents", reqNumber) rejected = true acceptedSig = nil break interpretingReqs } case sarRejected: logrus.Debugf(" Requirement %d: signature rejected: %s", reqNumber, err.Error()) rejected = true break interpretingReqs case sarUnknown: if err != nil { // Coverage: this should never happen logrus.Debugf(" Requirement %d: internal inconsistency: sarUnknown but an error message %s", reqNumber, err.Error()) rejected = true break interpretingReqs } logrus.Debugf(" Requirement %d: signature state unknown, continuing", reqNumber) default: // Coverage: this should never happen logrus.Debugf(" Requirement %d: internal inconsistency: unknown result %#v", reqNumber, string(res)) rejected = true break interpretingReqs } } // This also handles the (invalid) case of empty reqs, by rejecting the signature. if acceptedSig != nil && !rejected { logrus.Debugf(" Overall: OK, signature accepted") res = append(res, acceptedSig) } else { logrus.Debugf(" Overall: Signature not accepted") } } return res, nil }