[CRITICAL] Forgejo Runner runs privileged with Docker socket #9

New issue

Open

opened 2026-05-05 15:42:43 -05:00 by pjennings · 0 comments

pjennings commented

2026-05-05 15:42:43 -05:00

Owner

Labels: area:security, area:build, priority:critical, type:bug

Description

The Forgejo CI runner container on apps2 runs with the --privileged flag and mounts the Docker socket directly (/var/run/docker.sock).

File: hosts/apps2.nix lines 297-302

extraOptions = [
  "--privileged"
  "--group-add=999"
];

Impact

CRITICAL — Any Forgejo CI job has full root access to the apps2 host. This enables:

Container escape to host filesystem
Reading all secrets from the Nix store
Accessing other containers on the host
Pivoting to other hosts via the mesh network
Crypto mining, data exfiltration, etc.

Any contributor who can push code to a repository with CI enabled can execute arbitrary code as root on apps2.

Recommended Fix

Remove --privileged from the runner container options
Use Docker-in-Docker (dind) with proper isolation instead of socket mounting
Alternatively, use a Docker socket proxy (e.g., Tecnativa/docker-socket-proxy) that restricts API access to only what CI needs
Consider migrating to NixOS-native runners that build Nix derivations without Docker
At minimum, restrict CI execution to trusted repositories only

References

**Labels:** `area:security`, `area:build`, `priority:critical`, `type:bug` ## Description The Forgejo CI runner container on apps2 runs with the `--privileged` flag and mounts the Docker socket directly (`/var/run/docker.sock`). **File:** `hosts/apps2.nix` lines 297-302 ```nix extraOptions = [ "--privileged" "--group-add=999" ]; ``` ## Impact **CRITICAL** — Any Forgejo CI job has full root access to the apps2 host. This enables: - Container escape to host filesystem - Reading all secrets from the Nix store - Accessing other containers on the host - Pivoting to other hosts via the mesh network - Crypto mining, data exfiltration, etc. Any contributor who can push code to a repository with CI enabled can execute arbitrary code as root on apps2. ## Recommended Fix 1. Remove `--privileged` from the runner container options 2. Use Docker-in-Docker (dind) with proper isolation instead of socket mounting 3. Alternatively, use a Docker socket proxy (e.g., Tecnativa/docker-socket-proxy) that restricts API access to only what CI needs 4. Consider migrating to NixOS-native runners that build Nix derivations without Docker 5. At minimum, restrict CI execution to trusted repositories only ## References - https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html - https://docs.docker.com/engine/security/#docker-daemon-attack-surface