Skip to content

Restore default container PID namespace isolation (remove host PID mode)#6203

Open
dknecht wants to merge 1 commit intomainfrom
codex/fix-containers-default-to-host-pid-namespace
Open

Restore default container PID namespace isolation (remove host PID mode)#6203
dknecht wants to merge 1 commit intomainfrom
codex/fix-containers-default-to-host-pid-namespace

Conversation

@dknecht
Copy link
Member

@dknecht dknecht commented Feb 27, 2026

Motivation

  • A recent change set HostConfig.PidMode to "host" when the containers_pid_namespace compatibility flag was not enabled, causing containers to share the host PID namespace by default and weakening container/host isolation.

Description

  • Remove the explicit PidMode = "host" assignment in ContainerClient::createContainer() so Docker's default (an isolated PID namespace) is used instead; the change modifies src/workerd/server/container-client.c++ and leaves other hostConfig settings (network, restart policy, extra hosts) unchanged.

Testing

  • Verified the source no longer contains setPidMode("host") via a repository search (rg) and inspected the modified code region to confirm the PidMode assignment was removed; the search returned no matches.
  • Attempted to run the container-client test target (bazel test //src/workerd/server/tests/container-client:container-client-test@) but the test run could not complete in this environment because downloading the Bazel binary failed with an HTTP 403, so a full test run could not be executed here.

Codex Task

Copy link
Contributor

@ask-bonk ask-bonk bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm Bonk, and I've done a quick review of your PR.

This PR removes the setPidMode("host") fallback so containers always get an isolated PID namespace, which is good for security. However, it leaves the containersPidNamespace compat flag as dead code and the test config still references it.

Issues (ranked by severity)

  1. [Medium] Compat flag containersPidNamespace is now dead code. The flag at compatibility-date.capnp:1383 is still defined (with enable/disable strings and $experimental annotation), and the test at container-client.wd-test:11 still lists containers_pid_namespace in its compatibilityFlags. But after this PR, no runtime code calls getContainersPidNamespace() — the flag does nothing. This should be cleaned up: either remove the flag definition and test reference, or keep the flag wired up with the inverted logic (i.e., flag enables host PID mode as a legacy escape hatch). Leaving a dead compat flag in the schema is confusing for future readers and wastes an ordinal.

  2. [Low] Comment in the test is now misleading. test.js:676 says "When containers_pid_namespace is ENABLED, the container has its own isolated PID namespace" — implying that when disabled, it doesn't. After this PR, containers always get an isolated PID namespace regardless of the flag, so the comment is inaccurate.

hostConfig.setPidMode("host");
}
// Do not set pidMode. Docker defaults to an isolated PID namespace, which prevents
// containers from enumerating or signaling host processes.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The containersPidNamespace compat flag (compatibility-date.capnp:1383) is now dead code — nothing calls getContainersPidNamespace() after this change. The flag definition, its test usage in container-client.wd-test:11, and the comment in test.js:676 should all be cleaned up in this PR to avoid leaving an orphaned compat flag in the schema.

If the intent is to provide a backwards-compat escape hatch for users who somehow depend on host PID mode, consider keeping the flag but inverting the logic (e.g., use the disable flag no_containers_pid_namespace to opt into the old host-PID behavior).

@ask-bonk
Copy link
Contributor

ask-bonk bot commented Feb 27, 2026

I've posted my review on PR #6203. Here's a summary of what I found:

The PR correctly removes setPidMode("host") to restore container PID namespace isolation — a security improvement that prevents containers from enumerating/signaling host processes.

However, I flagged two issues:

  1. [Medium] Dead compat flag: The containersPidNamespace flag in compatibility-date.capnp:1383 is now completely unused — no runtime code calls getContainersPidNamespace() after this change. The flag definition, test config reference (container-client.wd-test:11), and test comment (test.js:676) should be cleaned up or the flag should be repurposed.

  2. [Low] Misleading test comment: test.js:676 still implies the flag controls PID namespace behavior, but after this PR, isolation is always on regardless of the flag.

github run

@danlapid danlapid requested a review from gabivlj February 27, 2026 21:23
@gabivlj
Copy link
Contributor

gabivlj commented Feb 27, 2026

@gpanders is it necessary to have the host namespace in local dev anyway at this point?

@gpanders
Copy link
Member

We did this intentionally to match production (warts and all) until we flip the compatibility flag on by default with a compatibility date.

If we accept this change then local dev and production will have different behavior. This is probably most relevant for any applications that are expecting their ENTRYPOINT to not have PID 1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants