Secure MCP Server

#include <tunables/global>\n\n# AppArmor profile for Secure MCP Container Execution\n# This profile provides comprehensive security hardening for container workloads\n\nprofile mcp-secure-container flags=(attach_disconnected,mediate_deleted,complain) {\n #include <abstractions/base>\n #include <abstractions/nameservice>\n #include <abstractions/openssl>\n #include <abstractions/ssl_certs>\n\n # ============= CAPABILITY RESTRICTIONS =============\n # Deny all dangerous capabilities\n deny capability sys_admin,\n deny capability sys_module,\n deny capability sys_rawio,\n deny capability sys_ptrace,\n deny capability sys_boot,\n deny capability sys_time,\n deny capability sys_pacct,\n deny capability sys_nice,\n deny capability sys_resource,\n deny capability sys_tty_config,\n deny capability dac_override,\n deny capability dac_read_search,\n deny capability fowner,\n deny capability fsetid,\n deny capability kill,\n deny capability setgid,\n deny capability setuid,\n deny capability setpcap,\n deny capability linux_immutable,\n deny capability net_bind_service,\n deny capability net_broadcast,\n deny capability net_admin,\n deny capability net_raw,\n deny capability ipc_lock,\n deny capability ipc_owner,\n deny capability chown,\n deny capability mknod,\n deny capability lease,\n deny capability audit_write,\n deny capability audit_control,\n deny capability setfcap,\n deny capability mac_override,\n deny capability mac_admin,\n deny capability syslog,\n deny capability wake_alarm,\n deny capability block_suspend,\n\n # ============= NETWORK RESTRICTIONS =============\n # Allow only essential network protocols\n network inet tcp,\n network inet udp,\n network inet icmp,\n network netlink raw,\n network unix stream,\n network unix dgram,\n\n # Deny dangerous network access\n deny network raw,\n deny network packet,\n deny network bluetooth,\n deny network ax25,\n deny network netrom,\n deny network bridge,\n deny network atmpvc,\n deny network x25,\n deny network rose,\n deny network decnet,\n deny network netbeui,\n deny network security,\n deny network key,\n deny network netlink,\n deny network packet,\n deny network ash,\n deny network econet,\n deny network atmsvc,\n deny network rds,\n deny network sna,\n deny network irda,\n deny network pppox,\n deny network wanpipe,\n deny network llc,\n deny network can,\n deny network tipc,\n deny network iucv,\n deny network rxrpc,\n deny network isdn,\n deny network phonet,\n deny network ieee802154,\n deny network caif,\n deny network alg,\n deny network nfc,\n deny network vsock,\n\n # ============= FILE SYSTEM RESTRICTIONS =============\n # Essential system libraries and binaries (read-only)\n /lib{,32,64}/** mr,\n /usr/lib{,32,64}/** mr,\n /lib/x86_64-linux-gnu/** mr,\n /usr/lib/x86_64-linux-gnu/** mr,\n /bin/** mrix,\n /usr/bin/** mrix,\n /sbin/** mrix,\n /usr/sbin/** mrix,\n\n # Application directory (full access)\n /app/** mrix,\n /opt/** mrix,\n\n # Temporary directories (controlled access)\n /tmp/** rw,\n /var/tmp/** rw,\n /tmp/mcp/** rwk,\n owner /tmp/** rwk,\n owner /var/tmp/** rwk,\n\n # Essential device files\n /dev/null rw,\n /dev/zero rw,\n /dev/full rw,\n /dev/random r,\n /dev/urandom r,\n /dev/tty rw,\n /dev/console rw,\n /dev/stdin r,\n /dev/stdout w,\n /dev/stderr w,\n\n # Block dangerous device access\n deny /dev/mem rwklx,\n deny /dev/kmem rwklx,\n deny /dev/port rwklx,\n deny /dev/core rwklx,\n deny /dev/crash rwklx,\n deny /dev/kcore rwklx,\n deny /dev/oldmem rwklx,\n deny /dev/vmcore rwklx,\n deny /dev/nvram rwklx,\n deny /dev/rtc* rwklx,\n deny /dev/hpet rwklx,\n deny /dev/fuse rwklx,\n deny /dev/vhost-* rwklx,\n deny /dev/kvm rwklx,\n deny /dev/tun rwklx,\n deny /dev/net/* rwklx,\n\n # ============= PROC FILESYSTEM RESTRICTIONS =============\n # Allow essential /proc access\n /proc/sys/net/** r,\n /proc/*/stat r,\n /proc/*/status r,\n /proc/*/cmdline r,\n /proc/*/environ r,\n /proc/*/maps r,\n /proc/*/fd/ r,\n /proc/*/fd/* r,\n /proc/meminfo r,\n /proc/cpuinfo r,\n /proc/uptime r,\n /proc/loadavg r,\n /proc/version r,\n /proc/filesystems r,\n /proc/mounts r,\n /proc/self/** r,\n owner /proc/*/task/*/stat r,\n owner /proc/*/task/*/status r,\n\n # Block dangerous /proc access\n deny /proc/sys/kernel/** wklx,\n deny /proc/sys/vm/** wklx,\n deny /proc/sys/fs/** wklx,\n deny /proc/sys/debug/** rwklx,\n deny /proc/sys/dev/** wklx,\n deny /proc/sysrq-trigger rwklx,\n deny /proc/kcore rwklx,\n deny /proc/mem rwklx,\n deny /proc/kmem rwklx,\n deny /proc/kallsyms rwklx,\n deny /proc/modules rwklx,\n deny /proc/config.gz rwklx,\n deny /proc/*/mem rwklx,\n deny /proc/*/pagemap rwklx,\n deny /proc/*/stack rwklx,\n deny /proc/*/syscall rwklx,\n deny /proc/*/wchan rwklx,\n deny /proc/*/clear_refs rwklx,\n deny /proc/*/oom_score_adj rwklx,\n deny /proc/*/loginuid rwklx,\n deny /proc/*/sessionid rwklx,\n deny /proc/*/attr/** rwklx,\n deny /proc/*/task/*/attr/** rwklx,\n deny /proc/timer_list rwklx,\n deny /proc/slabinfo rwklx,\n deny /proc/zoneinfo rwklx,\n deny /proc/vmallocinfo rwklx,\n deny /proc/buddyinfo rwklx,\n deny /proc/pagetypeinfo rwklx,\n deny /proc/vmstat rwklx,\n deny /proc/diskstats rwklx,\n deny /proc/partitions rwklx,\n deny /proc/interrupts rwklx,\n deny /proc/iomem rwklx,\n deny /proc/ioports rwklx,\n deny /proc/irq/** rwklx,\n deny /proc/bus/** rwklx,\n deny /proc/scsi/** rwklx,\n deny /proc/tty/** rwklx,\n deny /proc/driver/** rwklx,\n deny /proc/acpi/** rwklx,\n\n # ============= SYS FILESYSTEM RESTRICTIONS =============\n # Block most /sys access\n deny /sys/[^f]*/** wklx,\n deny /sys/f[^s]*/** wklx,\n deny /sys/fs/[^c]*/** wklx,\n deny /sys/fs/c[^g]*/** wklx,\n deny /sys/fs/cg[^r]*/** wklx,\n deny /sys/firmware/** rwklx,\n deny /sys/kernel/security/** rwklx,\n deny /sys/kernel/debug/** rwklx,\n deny /sys/kernel/config/** rwklx,\n deny /sys/kernel/kexec_crash_loaded rwklx,\n deny /sys/kernel/kexec_crash_size rwklx,\n deny /sys/kernel/uevent_helper rwklx,\n deny /sys/kernel/mm/transparent_hugepage/** rwklx,\n deny /sys/power/** rwklx,\n deny /sys/class/dmi/** rwklx,\n deny /sys/class/mem/** rwklx,\n deny /sys/class/raw/** rwklx,\n deny /sys/class/tty/** rwklx,\n deny /sys/class/vtconsole/** rwklx,\n deny /sys/devices/virtual/mem/** rwklx,\n deny /sys/devices/virtual/raw/** rwklx,\n deny /sys/devices/system/cpu/microcode/** rwklx,\n deny /sys/devices/system/clocksource/** rwklx,\n deny /sys/devices/system/memory/** rwklx,\n deny /sys/devices/system/node/** rwklx,\n deny /sys/module/** rwklx,\n deny /sys/bus/pci/drivers/** rwklx,\n deny /sys/bus/usb/drivers/** rwklx,\n\n # Allow limited /sys access for container operations\n /sys/fs/cgroup/** r,\n owner /sys/fs/cgroup/** rw,\n\n # ============= SENSITIVE FILE RESTRICTIONS =============\n # Block access to sensitive system files\n deny /boot/** rwklx,\n deny /etc/passwd w,\n deny /etc/shadow rwklx,\n deny /etc/group w,\n deny /etc/gshadow rwklx,\n deny /etc/sudoers* rwklx,\n deny /etc/ssh/ssh_host_* rwklx,\n deny /etc/ssl/private/** rwklx,\n deny /etc/pki/private/** rwklx,\n deny /etc/security/opasswd rwklx,\n deny /etc/crypttab rwklx,\n deny /etc/fstab w,\n deny /etc/mtab w,\n deny /etc/modules* w,\n deny /etc/sysctl* w,\n deny /etc/udev/** w,\n deny /etc/systemd/** w,\n deny /etc/init.d/** w,\n deny /etc/rc*.d/** w,\n deny /etc/cron* rwklx,\n deny /etc/at* rwklx,\n deny /etc/logrotate* rwklx,\n deny /etc/rsyslog* rwklx,\n deny /etc/syslog* rwklx,\n deny /var/log/** w,\n deny /var/spool/cron/** rwklx,\n deny /var/spool/at/** rwklx,\n\n # Block home directories\n deny /root/** rwklx,\n deny /home/** rwklx,\n deny /Users/** rwklx,\n\n # ============= MOUNT AND FILESYSTEM OPERATIONS =============\n # Deny all mount operations\n deny mount,\n deny umount,\n deny pivot_root,\n deny @{PROC}/*/mounts w,\n deny @{PROC}/*/mountinfo w,\n deny @{PROC}/*/mountstats w,\n\n # ============= PROCESS CONTROL RESTRICTIONS =============\n # Allow limited process operations\n signal peer=mcp-secure-container,\n signal (receive) peer=mcp-secure-container,\n signal (send) peer=mcp-secure-container,\n\n # Deny dangerous process operations\n deny signal peer=unconfined,\n deny signal peer=kernel,\n deny signal peer=init,\n deny ptrace,\n deny ptrace (trace) peer=**,\n deny ptrace (read) peer=**,\n deny ptrace (tracedby) peer=**,\n deny ptrace (readby) peer=**,\n\n # ============= NAMESPACE RESTRICTIONS =============\n # Allow container namespace operations\n userns,\n capability setuid,\n capability setgid,\n\n # ============= CHANGE_HAT PROFILE TRANSITIONS =============\n # Define sub-profiles for different application components\n ^application {\n #include <abstractions/base>\n \n # Application-specific access\n /app/** mrix,\n /tmp/app-*/** rw,\n owner /tmp/app-*/** rwk,\n \n # Limited system access\n /bin/sh mrix,\n /bin/bash mrix,\n /bin/dash mrix,\n /usr/bin/env mrix,\n \n # Network access (if required)\n network inet tcp,\n network inet udp,\n }\n \n ^restricted {\n #include <abstractions/base>\n \n # Minimal access for restricted operations\n /app/restricted/** mr,\n /tmp/restricted-*/** rw,\n \n # No network access\n deny network,\n \n # No process signals\n deny signal,\n }\n \n ^utility {\n #include <abstractions/base>\n \n # Utility tool access\n /bin/** mrix,\n /usr/bin/** mrix,\n /app/utils/** mrix,\n \n # Limited file access\n owner /tmp/util-*/** rwk,\n }\n\n # ============= DYNAMIC PROFILE RULES =============\n # Rules that can be modified at runtime\n # (These would be managed by the security manager)\n \n # Custom application paths (to be dynamically added)\n # @{APP_PATHS}/** mrix,\n \n # Custom temporary paths (to be dynamically added)\n # @{TEMP_PATHS}/** rw,\n \n # Custom network rules (to be dynamically added)\n # network @{ALLOWED_PROTOCOLS},\n\n # ============= LOGGING AND AUDITING =============\n # Audit important security events\n audit deny capability,\n audit deny mount,\n audit deny umount,\n audit deny ptrace,\n audit deny signal peer=unconfined,\n audit deny /etc/passwd w,\n audit deny /etc/shadow rwklx,\n audit deny /root/** rwklx,\n audit deny /proc/sys/kernel/** wklx,\n audit deny /sys/firmware/** rwklx,\n audit deny /dev/mem rwklx,\n audit deny /dev/kmem rwklx,\n\n # ============= PROFILE METADATA =============\n # Profile information for management\n # Version: 1.0.0\n # Last Modified: 2024-12-19\n # Security Level: Critical\n # Compliance: SOC2, ISO27001, NIST\n # Contact: security@company.com\n}\n\n# ============= PROFILE ALIASES =============\n# Aliases for different security levels\nalias mcp-critical-container -> mcp-secure-container,\nalias mcp-high-container -> mcp-secure-container,\nalias mcp-production-container -> mcp-secure-container,\n\n# ============= PROFILE INHERITANCE =============\n# Base profile for less restrictive environments\nprofile mcp-base-container flags=(attach_disconnected,mediate_deleted) {\n #include <mcp-secure-container>\n \n # Additional permissions for base profile\n capability chown,\n capability fowner,\n capability fsetid,\n \n # Additional network access\n network inet stream,\n network inet6 stream,\n \n # Additional file access\n /usr/local/** mrix,\n /var/lib/app/** rw,\n}\n\n# Development profile (least restrictive)\nprofile mcp-dev-container flags=(attach_disconnected,mediate_deleted,complain) {\n #include <mcp-base-container>\n \n # Additional development permissions\n capability kill,\n capability net_bind_service,\n \n # Additional file access for development\n /home/*/workspace/** rw,\n /tmp/** rwk,\n /var/tmp/** rwk,\n \n # Additional network access\n network raw,\n}\n\n# ============= PROFILE TUNABLES =============\n# Tunable variables for customization\n@{CONTAINER_APPS}=/app /opt /usr/local\n@{CONTAINER_TEMP}=/tmp /var/tmp\n@{CONTAINER_DATA}=/data /var/lib/app\n@{ALLOWED_SHELLS}=/bin/sh /bin/bash /bin/dash\n@{BLOCKED_DEVICES}=/dev/mem /dev/kmem /dev/port /dev/kcore\n@{SENSITIVE_DIRS}=/root /home /Users /etc/ssh /etc/ssl/private\n@{SYSTEM_DIRS}=/proc/sys /sys/firmware /sys/kernel\n\n# ============= PROFILE INCLUDES =============\n# Additional includes for modular configuration\n#include <local/mcp-container-custom>\n#include <local/mcp-container-overrides>"