wollomatic
diff --git a/‎README.md‎
Lines changed: 16 additions & 0 deletions b/‎README.md‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎cmd/socket-proxy/bindmount.go‎
Lines changed: 184 additions & 0 deletions b/‎cmd/socket-proxy/bindmount.go‎
Lines changed: 184 additions & 0 deletions
@@ -79,6 +79,20 @@ If both commandline parameter and environment variable is configured for a parti
 
 Use Go's regexp syntax to create the patterns for these parameters. To avoid insecure configurations, the characters ^ at the beginning and $ at the end of the string are automatically added. Note: invalid regexp results in program termination.
 
+#### Setting up bind mount restrictions
+
+By default, socket-proxy does not restrict bind mounts. If you want to add an additional layer of security by restricting which directories can be used as bind mount sources, you can use the `-allowbindmountfrom` parameter or the `SP_ALLOWBINDMOUNTFROM` environment variable.
+
+When configured, only bind mounts from the specified directories or their subdirectories are allowed. Each directory must start with `/`. Multiple directories can be specified separated by commas.
+
+For example:
++ `-allowbindmountfrom=/home,/var/log` allows bind mounts from `/home`, `/var/log`, and any subdirectories like `/home/user/data` or `/var/log/app`
++ `SP_ALLOWBINDMOUNTFROM="/app/data,/tmp"` allows bind mounts from `/app/data` and `/tmp` directories
+
+Bind mount restrictions are applied to relevant Docker API endpoints and work with both legacy bind mount syntax (`-v /host/path:/container/path`) and modern mount syntax.
+
+**Note**: This feature only restricts bind mounts. Other mount types (volumes, tmpfs, etc.) are not affected by this restriction.
+
 Examples (command line):
 + `'-allowGET=/v1\..{1,2}/(version|containers/.*|events.*)'` could be used for allowing access to the docker socket for Traefik v2.
 + `'-allowHEAD=.*` allows all HEAD requests.
@@ -133,6 +147,7 @@ services:
       - '-listenip=0.0.0.0'
       - '-allowfrom=traefik' # allow only hostname "traefik" to connect
       - '-allowGET=/v1\..{1,2}/(version|containers/.*|events.*)'
+      - '-allowbindmountfrom=/var/log,/tmp' # restrict bind mounts to specific directories
       - '-watchdoginterval=3600' # check once per hour for socket availability
       - '-stoponwatchdog' # halt program on error and let compose restart it
       - '-shutdowngracetime=5' # wait 5 seconds before shutting down
@@ -182,6 +197,7 @@ socket-proxy can be configured via command line parameters or via environment va
 | Parameter                      | Environment Variable             | Default Value          | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
 |--------------------------------|----------------------------------|------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `-allowfrom`                   | `SP_ALLOWFROM`                   | `127.0.0.1/32`         | Specifies the IP addresses or hostnames (comma-separated) of the clients or the hostname of one specific client allowed to connect to the proxy. The default value is `127.0.0.1/32`, which means only localhost is allowed. This default configuration may not be useful in most cases, but it is because of a secure-by-default design. To allow all IPv4 addresses, set `-allowfrom=0.0.0.0/0`. Alternatively, hostnames can be set, for example `-allowfrom=traefik`, or `-allowfrom=traefik,dozzle`. Please remember that socket-proxy should never be exposed to a public network, regardless of this extra security layer. |
+| `-allowbindmountfrom`          | `SP_ALLOWBINDMOUNTFROM`          | (not set)              | Specifies the directories (comma-separated) that are allowed as bind mount sources. If not set, no bind mount restrictions are applied. When set, only bind mounts from the specified directories or their subdirectories are allowed. Each directory must start with `/`. For example, `-allowbindmountfrom=/home,/var/log` allows bind mounts from `/home`, `/var/log`, and any subdirectories.                                                                                                                                                                                                                                   |
 | `-allowhealthcheck`            | `SP_ALLOWHEALTHCHECK`            | (not set/false)        | If set, it allows the included health check binary to check the socket connection via TCP port 55555 (socket-proxy then listens on `127.0.0.1:55555/health`)                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
 | `-listenip`                    | `SP_LISTENIP`                    | `127.0.0.1`            | Specifies the IP address the server will bind on. Default is only the internal network.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
 | `-logjson`                     | `SP_LOGJSON`                     | (not set/false)        | If set, it enables logging in JSON format. If unset, docker-proxy logs in plain text format.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
 
@@ -0,0 +1,184 @@
+package main
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log/slog"
+	"net/http"
+	"path/filepath"
+	"strings"
+)
+
+// mountType is the subset of github.com/docker/docker/api/types/mount.Type.
+type mountType string
+
+const (
+	// mountTypeBind is the type for mounting host dir.
+	mountTypeBind mountType = "bind"
+)
+
+type (
+	// containerCreateRequest is the subset of github.com/docker/docker/api/types/container.CreateRequest.
+	containerCreateRequest struct {
+		HostConfig *containerHostConfig `json:"HostConfig,omitempty"`
+	}
+	// containerHostConfig is the subset of github.com/docker/docker/api/types/container.HostConfig.
+	containerHostConfig struct {
+		Binds  []string     // List of volume bindings for this container.
+		Mounts []mountMount `json:",omitempty"` // Mounts specs used by the container.
+	}
+	// swarmServiceSpec is the subset of github.com/docker/docker/api/types/swarm.ServiceSpec.
+	swarmServiceSpec struct {
+		TaskTemplate swarmTaskSpec `json:",omitempty"`
+	}
+	// swarmTaskSpec is the subset of github.com/docker/docker/api/types/swarm.TaskSpec.
+	swarmTaskSpec struct {
+		ContainerSpec *swarmContainerSpec `json:",omitempty"`
+	}
+	// swarmContainerSpec is the subset of github.com/docker/docker/api/types/swarm.ContainerSpec.
+	swarmContainerSpec struct {
+		Mounts []mountMount `json:",omitempty"`
+	}
+	// mountMount is the subset of github.com/docker/docker/api/types/mount.Mount.
+	mountMount struct {
+		Type mountType `json:",omitempty"`
+		// Source specifies the name of the mount. Depending on mount type, this
+		// may be a volume name or a host path, or even ignored.
+		// Source is not supported for tmpfs (must be an empty value)
+		Source string `json:",omitempty"`
+		Target string `json:",omitempty"`
+	}
+)
+
+// checkBindMountRestrictions checks if bind mounts in the request are allowed.
+func checkBindMountRestrictions(r *http.Request) error {
+	// Only check if bind mount restrictions are configured
+	if len(cfg.AllowBindMountFrom) == 0 {
+		return nil
+	}
+
+	if r.Method != http.MethodPost {
+		return nil
+	}
+
+	// Check different API endpoints that can use bind mounts
+	pathParts := strings.Split(r.URL.Path, "/")
+	switch {
+	case len(pathParts) >= 4 && pathParts[2] == "containers" && pathParts[3] == "create":
+		// Container creation: /vX.xx/containers/create
+		return checkContainer(r)
+	case len(pathParts) >= 5 && pathParts[2] == "containers" && pathParts[4] == "update":
+		// Container update: /vX.xx/containers/{id}/update
+		return checkContainer(r)
+	case len(pathParts) >= 4 && pathParts[2] == "services" && pathParts[3] == "create":
+		// Service creation: /vX.xx/services/create
+		return checkService(r)
+	case len(pathParts) >= 5 && pathParts[2] == "services" && pathParts[4] == "update":
+		// Service update: /vX.xx/services/{id}/update
+		return checkService(r)
+	default:
+		return nil
+	}
+}
+
+// checkContainer checks bind mounts in container creation requests.
+func checkContainer(r *http.Request) error {
+	body, err := readAndRestoreBody(r)
+	if err != nil {
+		return err
+	}
+
+	var req containerCreateRequest
+	if err := json.Unmarshal(body, &req); err != nil {
+		slog.Debug("failed to parse container request", "error", err)
+		return nil // Don't block if we can't parse.
+	}
+
+	return checkHostConfigBindMounts(req.HostConfig)
+}
+
+// checkService checks bind mounts in service creation requests.
+func checkService(r *http.Request) error {
+	body, err := readAndRestoreBody(r)
+	if err != nil {
+		return err
+	}
+
+	var req swarmServiceSpec
+	if err := json.Unmarshal(body, &req); err != nil {
+		slog.Debug("failed to parse service request", "error", err)
+		return nil // Don't block if we can't parse.
+	}
+
+	if req.TaskTemplate.ContainerSpec == nil {
+		return nil // No container spec, nothing to check.
+	}
+	return checkHostConfigBindMounts(&containerHostConfig{
+		Mounts: req.TaskTemplate.ContainerSpec.Mounts,
+	})
+}
+
+// checkHostConfigBindMounts checks bind mounts in HostConfig.
+func checkHostConfigBindMounts(hostConfig *containerHostConfig) error {
+	if hostConfig == nil {
+		return nil // No HostConfig, nothing to check
+	}
+
+	// Check legacy Binds field
+	for _, bind := range hostConfig.Binds {
+		if err := validateBindMount(bind); err != nil {
+			return err
+		}
+	}
+
+	// Check modern Mounts field
+	for _, mountItem := range hostConfig.Mounts {
+		if mountItem.Type == mountTypeBind {
+			if err := validateBindMountSource(mountItem.Source); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// validateBindMount validates a bind mount string in the format "source:target:options".
+func validateBindMount(bind string) error {
+	parts := strings.Split(bind, ":")
+	if len(parts) < 2 {
+		return fmt.Errorf("invalid bind mount format: %s", bind)
+	}
+	return validateBindMountSource(parts[0])
+}
+
+// validateBindMountSource checks if the source directory is allowed.
+func validateBindMountSource(source string) error {
+	// Skip if source is not an absolute path (i.e. bind mount).
+	if !strings.HasPrefix(source, "/") {
+		return nil
+	}
+
+	source = filepath.Clean(source) // Clean the path to resolve .. and . components.
+	for _, allowedDir := range cfg.AllowBindMountFrom {
+		if allowedDir == "/" || source == allowedDir || strings.HasPrefix(source, allowedDir+"/") {
+			return nil
+		}
+	}
+
+	return fmt.Errorf("bind mount source directory not allowed: %s", source)
+}
+
+// readAndRestoreBody reads the request body and restores it for further processing.
+func readAndRestoreBody(r *http.Request) ([]byte, error) {
+	body, err := io.ReadAll(r.Body)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read request body: %w", err)
+	}
+
+	// Restore the body for further processing
+	r.Body = io.NopCloser(bytes.NewBuffer(body))
+	return body, nil
+}