From 97065011383d67afed055c6c00bf982c5f5ac29b Mon Sep 17 00:00:00 2001
From: Markus Rudy <mr@edgeless.systems>
Date: Fri, 31 Jan 2025 10:02:21 +0100
Subject: [PATCH] msft: enable blocking logs access

---
 ...-clear-log-pipes-if-denied-by-policy.patch | 76 +++++++++++++++++++
 .../microsoft/kata-runtime/package.nix        | 22 ++++--
 2 files changed, 93 insertions(+), 5 deletions(-)
 create mode 100644 packages/by-name/microsoft/kata-runtime/0001-agent-clear-log-pipes-if-denied-by-policy.patch

diff --git a/packages/by-name/microsoft/kata-runtime/0001-agent-clear-log-pipes-if-denied-by-policy.patch b/packages/by-name/microsoft/kata-runtime/0001-agent-clear-log-pipes-if-denied-by-policy.patch
new file mode 100644
index 0000000000..2641e47b19
--- /dev/null
+++ b/packages/by-name/microsoft/kata-runtime/0001-agent-clear-log-pipes-if-denied-by-policy.patch
@@ -0,0 +1,76 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Markus Rudy <mr@edgeless.systems>
+Date: Fri, 20 Dec 2024 08:42:38 +0100
+Subject: [PATCH] agent: clear log pipes if denied by policy
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Container logs are forwarded to the agent through a unix pipe. These
+pipes have limited capacity and block the writer when full. If reading
+logs is blocked by policy, a common setup for confidential containers,
+the pipes fill up and eventually block the container.
+
+This commit changes the implementation of ReadStream such that it
+returns empty log messages instead of a policy failure (in case reading
+log messages is forbidden by policy). As long as the runtime does not
+encounter a failure, it keeps pulling logs periodically. In turn, this
+triggers the agent to flush the pipes.
+
+Fixes: #10680
+
+Co-Authored-By: Aurélien Bombo <abombo@microsoft.com>
+Signed-off-by: Markus Rudy <mr@edgeless.systems>
+---
+ src/agent/src/rpc.rs | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs
+index e19933882488c354623cde205c6933ac5c0b9005..cebb582c646aeb266529f0d4d69dbe86230eb16a 100644
+--- a/src/agent/src/rpc.rs
++++ b/src/agent/src/rpc.rs
+@@ -583,11 +583,11 @@ impl AgentService {
+ 
+     async fn do_read_stream(
+         &self,
+-        req: protocols::agent::ReadStreamRequest,
++        req: &protocols::agent::ReadStreamRequest,
+         stdout: bool,
+     ) -> Result<protocols::agent::ReadStreamResponse> {
+-        let cid = req.container_id;
+-        let eid = req.exec_id;
++        let cid = &req.container_id;
++        let eid = &req.exec_id;
+ 
+         let term_exit_notifier;
+         let reader = {
+@@ -802,8 +802,12 @@ impl agent_ttrpc::AgentService for AgentService {
+         _ctx: &TtrpcContext,
+         req: protocols::agent::ReadStreamRequest,
+     ) -> ttrpc::Result<ReadStreamResponse> {
+-        is_allowed(&req).await?;
+-        self.do_read_stream(req, true).await.map_ttrpc_err(same)
++        let mut response = self.do_read_stream(&req, true).await.map_ttrpc_err(same)?;
++        if !is_allowed(&req).await.is_ok() {
++            // Policy does not allow reading logs, so we redact the log messages.
++            response.clear_data();
++        }
++        Ok(response)
+     }
+ 
+     async fn read_stderr(
+@@ -811,8 +815,12 @@ impl agent_ttrpc::AgentService for AgentService {
+         _ctx: &TtrpcContext,
+         req: protocols::agent::ReadStreamRequest,
+     ) -> ttrpc::Result<ReadStreamResponse> {
+-        is_allowed(&req).await?;
+-        self.do_read_stream(req, false).await.map_ttrpc_err(same)
++        let mut response = self.do_read_stream(&req, false).await.map_ttrpc_err(same)?;
++        if !is_allowed(&req).await.is_ok() {
++            // Policy does not allow reading logs, so we redact the log messages.
++            response.clear_data();
++        }
++        Ok(response)
+     }
+ 
+     async fn close_stdin(
diff --git a/packages/by-name/microsoft/kata-runtime/package.nix b/packages/by-name/microsoft/kata-runtime/package.nix
index 0bfcc1589c..39cdbc6286 100644
--- a/packages/by-name/microsoft/kata-runtime/package.nix
+++ b/packages/by-name/microsoft/kata-runtime/package.nix
@@ -6,17 +6,29 @@
   fetchFromGitHub,
   yq-go,
   git,
+  applyPatches,
 }:
 
 buildGoModule rec {
   pname = "kata-runtime";
   version = "3.2.0.azl2";
 
-  src = fetchFromGitHub {
-    owner = "microsoft";
-    repo = "kata-containers";
-    rev = version;
-    hash = "sha256-5dLWoVy2+RVq3ssGW7bYYAr3mQdO/ehJphpdJ435pC0=";
+  src = applyPatches {
+    src = fetchFromGitHub {
+      owner = "microsoft";
+      repo = "kata-containers";
+      rev = version;
+      hash = "sha256-5dLWoVy2+RVq3ssGW7bYYAr3mQdO/ehJphpdJ435pC0=";
+    };
+
+    patches = [
+      # This allows denying ReadStream requests without blocking the container on its
+      # stdout/stderr, by redacting the streams instead of blocking them.
+      # Upstream:
+      # * https://github.com/kata-containers/kata-containers/issues/10680
+      # * https://github.com/kata-containers/kata-containers/pull/10818
+      ./0001-agent-clear-log-pipes-if-denied-by-policy.patch
+    ];
   };
 
   sourceRoot = "${src.name}/src/runtime";