From 8e281411c82f51baa9d59fc7d36130ba9046e071 Mon Sep 17 00:00:00 2001 From: Andrew Russell Date: Wed, 24 Jun 2026 17:51:35 -0400 Subject: [PATCH 1/2] Add CI runner hardening audit Signed-off-by: Andrew Russell --- .github/workflows/ci-runner-hardening.yml | 78 +++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 .github/workflows/ci-runner-hardening.yml diff --git a/.github/workflows/ci-runner-hardening.yml b/.github/workflows/ci-runner-hardening.yml new file mode 100644 index 000000000..d72cd11b4 --- /dev/null +++ b/.github/workflows/ci-runner-hardening.yml @@ -0,0 +1,78 @@ +# SPDX-FileCopyrightText: Copyright (c) 2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. +# SPDX-License-Identifier: Apache-2.0 + +name: CI Runner Hardening Audit + +on: + pull_request: + push: + branches: [ main, 'release/*.*.x' ] + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +jobs: + docker-host-access-audit: + name: Docker host access audit + runs-on: ubuntu-22.04 + permissions: + contents: read + timeout-minutes: 5 + + steps: + - name: Checkout code + # actions/checkout@v6 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + with: + persist-credentials: false + + - name: Reject privileged Docker host access in CI config + shell: bash + run: | + set -euo pipefail + + files=() + while IFS= read -r -d '' file; do + files+=("$file") + done < <( + find .github/workflows .github/actions \ + -type f \( -name '*.yml' -o -name '*.yaml' \) \ + ! -path '.github/workflows/ci-runner-hardening.yml' \ + -print0 + ) + + if [[ -f .gitlab-ci.yml ]]; then + files+=(".gitlab-ci.yml") + fi + + if (( ${#files[@]} == 0 )); then + echo "No CI config files found to audit." + exit 0 + fi + + tmp_patterns="$(mktemp)" + cat > "${tmp_patterns}" <<'PATTERNS' + --privileged + /var/run/docker.sock + docker.sock: + docker.sock= + docker.sock/ + privileged: true + DOCKER_HOST=unix:// + DOCKER_HOST: unix:// + PATTERNS + + matches="$(grep -nFif "${tmp_patterns}" -- "${files[@]}" || true)" + rm -f "${tmp_patterns}" + + if [[ -n "${matches}" ]]; then + echo "Found CI configuration that grants Docker host-level access:" + echo "${matches}" + echo + echo "Use a daemonless builder or a least-privilege runner instead of privileged Docker or Docker socket mounts." + exit 1 + fi + + echo "No privileged Docker or Docker socket CI configuration found." From de5fbc74fb251284d48523df241725fa63deee8a Mon Sep 17 00:00:00 2001 From: Andrew Russell Date: Wed, 24 Jun 2026 19:05:49 -0400 Subject: [PATCH 2/2] Cover alternate Docker socket path Signed-off-by: Andrew Russell --- .github/workflows/ci-runner-hardening.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-runner-hardening.yml b/.github/workflows/ci-runner-hardening.yml index d72cd11b4..3a8728b45 100644 --- a/.github/workflows/ci-runner-hardening.yml +++ b/.github/workflows/ci-runner-hardening.yml @@ -56,6 +56,7 @@ jobs: cat > "${tmp_patterns}" <<'PATTERNS' --privileged /var/run/docker.sock + /run/docker.sock docker.sock: docker.sock= docker.sock/