Reputation: 1140
Restrictive AppArmor Profiles in R
I developed an R shiny web application, hosted on an Ubuntu 20.04 machine and deployed via ShinyProxy. I.e. each instance of the app runs in a separate Docker container. Various directories inside the containers are mapped to directories in the host system.
The app contains a console where users can enter R code which is evaluated in the backend. Allowing users to insert executable code into the backend is always risky. Yet, it is mandatory for this application. Docker containers provide some degree of isolation, but are not a full sandboxing solution.
Therefore, I would like to use AppArmor, called via RAppArmor, to further secure the application and prevent the user from reading, writing, or executing essentially any files on disk. That is more restrictive than what the pre-defined AppArmor profiles in the RAppArmor package implement. The problem is that R would not run, if I simply denied access to the entire file system. R's basic functionalities require access to various directories. However, I do not know what the most restrictive configuration would look like that still permits running R.
The setup should not allow R to read, write, or execute any files, except those needed for R to run and functions included in pre-defined list of packages. E.g. the user might be allowed to use functions from the gdistance package, but not the DBI package. And of course, the user may not install any packages.
Here is a much less restrictive example profile from RAppArmor:
profile r-base {
#include <abstractions/base>
#include <abstractions/nameservice>
@{PROC}/[0-9]*/attr/current r,
/bin/* rix,
/dev/tty r,
/etc/R/ r,
/etc/R/* r,
/etc/fonts/** mr,
/etc/resolv.conf r,
/etc/xml/* r,
/tmp/** rw,
/usr/bin/* rix,
/usr/lib/R/bin/* rix,
/usr/lib{,32,64}/** mr,
/usr/lib{,32,64}/R/bin/exec/R rix,
/usr/local/lib/R/** mr,
/usr/local/share/** mr,
/usr/share/** mr,
/usr/share/ca-certificates/** r,
}
This question fits multiple SE forums in that it requires a deeper understanding of the R programming language (Stack Overflow), the Linux (Ubuntu) operation system (Unix SE), and security issues (Security SE). Yet, because its focus lies on R and the RAppArmor package in particular, Stack Overflow is the best fit. This should be obvious from reading the question. I still include this paragraph because there are numerous trigger-happy reviewers and moderators who shoot down any question that is remotely related to another SE forum, without carefully considering their decision.
Upvotes: 4
Views: 194
Answers (0)
Related Questions
- How to require user authentication in R Shiny before users see any part of the app using shinyauthr?
- 'Misconfiguration in the system' error in local R Shiny app connected to Auth0 using the Auth0 library
- Error publishing shiny app: app.R did not return a shiny.appobj object
- Security in an R Shiny Application
- How to Secure a tow-file ShinyApp using Shinymanager?
- r shinyapps deployment error when doing it manually
- Share shiny apps on Shinyapps.io security settings
- R Shiny: user authentication for a single app.R
- How to block or restrict access when a user is already using a Shiny app
- Deploy R app in shinyapps.io- Error:parsing manifest