fix: Containers - Bind Mounts - Security and Compatibility (Docker / Podman / SELinux) for Fetch, Git, and Time Servers #2205
Conversation
Initial patch for podman and SELinux contexts.
podman and SELinux
trentapple
changed the title
trentapple
changed the title
|
These are the only three servers which needed an updated Dockerfile in order to work in secure environments. |
* Update Dockerfile git * Update Dockerfile fetch * Update Dockerfile time
|
Relevant to missing app user/group in base image astral-sh/uv-docker-example/issues/29. Some environments may ignore (and without these changes it is possible to end up with I noticed @astral-sh currently do not use that As it relates to SELinux and/or OWASP container guidance — there seems to be minimal risk with these changes and it enables greater accessibility / security in certain environments. Per the article by @rhatdan:
I noticed that ramalama took a comprehensive (more enterprise-friendly) approach to installing uv, but that may not be applicable here. This is helpful in multiple scenarios, but YMMV. |
trentapple
changed the title
olaservo
added
server-fetch
The following includes patches to docker files for existing servers.
Description
Unshared and private label limiting access to only the current container on bind mount files (Z) referenced by Dockerfile RUN. This allows the container to be used with a podman and SELinux configuration. Without it, the build fails due to the security system (SELinux) blocking attempts to use bind mounted content /app/pyproject.toml (and eventually /app/uv.lock).
Resources:
Server Details
Motivation and Context
It improves compatibility / accessibility and enables security enhancements for hardened container environments.
Ultimately, the motivation is to allow using MCP servers with docker / podman on hosts that have SELinux container separation enabled and enforcing (default for podman). See also: rule 6 from OWASP security cheat sheet.
Additionally, one of the base images does not have the user / group “app” currently which is being used with a
--chownthat fails. This is secondary to the purpose of this PR, butapp:appmay need to exist in order for the build step to succeed in a fresh environment.How Has This Been Tested?
Docker / Podman build on the Dockerfile in question. Then the built images were run as integrations for a customized LLM client / frontend.
Under src/fetch directory
podman build -t mcp/fetch .Under src/time directory
podman build -t mcp/time .Under src/git directory
podman build -t mcp/git .The container build commands now succeed for docker / podman with security systems that are configured to handle containers.
Breaking Changes
No known / identified breaking changes.
Types of changes
Checklist
Additional context
LLM client test done with mcpo Dockerfile that is setup to include the artifacts from the built mcp/time. Then this was included as a full OpenAPI spec in tools for the local LLM client in use (see screenshot for end result).
For the missing user/group scenario, consider approach from DoD’s iron bank container for python312 which (at the time of writing this) explicitly creates a group / user with the ID (1001).