Set up AppArmor profile for enroot
enroot is a standalone, fully unprivileged container system from Nvidia. It removes much of the isolation associated with traditional containers while preserving filesystem separation. This setup makes enroot a optimal choice for managing HPC deployments.
AppArmor is an optional component of the Linux kernel that allows custom restrictions to be placed on specified applications, including enroot.
The recommended profile grants necessary capabilities like mounting, pivoting root, and process tracing, while restricting access to critical system areas. It denies write access to specific parts of the /proc and /sys filesystems to enhance security and prevent unauthorized modifications.
Default AppArmor profile
The recommended AppArmor profile is already loaded onto CoreWeave nodes by default. No action is required to enable this profile.
The default CoreWeave AppArmor profile is as follows:
#include <tunables/global>profile enroot flags=(attach_disconnected,mediate_deleted) {#include <abstractions/base># addedmount,pivot_root,ptrace,# defaultsnetwork,capability,file,umount,deny @{PROC}/* w, # deny write for all files directly in /proc (not in a subdir)# deny write to files not in /proc/<number>/** or /proc/sys/**deny @{PROC}/{[^1-9],[^1-9][^0-9],[^1-9s][^0-9y][^0-9s],[^1-9][^0-9][^0-9][^0-9/]*}/** w,deny @{PROC}/sys/[^k]** w, # deny /proc/sys except /proc/sys/k* (effectively /proc/sys/kernel)deny @{PROC}/sys/kernel/{?,??,[^s][^h][^m]**} w, # deny everything except shm* in /proc/sys/kernel/deny @{PROC}/sysrq-trigger rwklx,deny @{PROC}/kcore rwklx,deny /sys/[^f]*/** wklx,deny /sys/f[^s]*/** wklx,deny /sys/fs/[^c]*/** wklx,deny /sys/fs/c[^g]*/** wklx,deny /sys/fs/cg[^r]*/** wklx,deny /sys/firmware/** rwklx,deny /sys/kernel/security/** rwklx,}