Secure MCP Server

# SELinux Security Policy for Secure MCP Container Execution\n# Type Enforcement (TE) policy module for comprehensive container security\n# Module: secure_mcp_container version 1.0.0\n\npolicy_module(secure_mcp_container, 1.0.0)\n\n########################################\n#\n# Declarations\n#\n\n# Container domain types\ntype secure_mcp_container_t;\ntype secure_mcp_container_exec_t;\ndomain_type(secure_mcp_container_t)\ndomain_entry_file(secure_mcp_container_t, secure_mcp_container_exec_t)\nrole system_r types secure_mcp_container_t;\n\n# Container file types\ntype secure_mcp_container_file_t;\nfiles_type(secure_mcp_container_file_t)\n\ntype secure_mcp_container_tmp_t;\nfiles_tmp_file(secure_mcp_container_tmp_t)\n\ntype secure_mcp_container_tmpfs_t;\ndev_node(secure_mcp_container_tmpfs_t)\n\ntype secure_mcp_container_var_t;\nfiles_type(secure_mcp_container_var_t)\n\ntype secure_mcp_container_log_t;\nlogging_log_file(secure_mcp_container_log_t)\n\n# Container runtime types\ntype secure_mcp_runtime_t;\ntype secure_mcp_runtime_exec_t;\ndomain_type(secure_mcp_runtime_t)\ndomain_entry_file(secure_mcp_runtime_t, secure_mcp_runtime_exec_t)\nrole system_r types secure_mcp_runtime_t;\n\n# Network types for container networking\ntype secure_mcp_container_port_t;\ncorenet_port(secure_mcp_container_port_t)\n\n# Device types\ntype secure_mcp_container_device_t;\ndev_node(secure_mcp_container_device_t)\n\n########################################\n#\n# secure_mcp_container domain policy\n#\n\n# Basic domain permissions\nallow secure_mcp_container_t self:capability {\n\t# Essential capabilities only\n\tsetuid setgid\n\tnet_bind_service\n\tnet_raw\n\tchown fowner fsetid\n\tdac_override dac_read_search\n};\n\n# Explicitly deny dangerous capabilities\nneverallow secure_mcp_container_t self:capability {\n\tsys_admin sys_module sys_rawio sys_ptrace sys_boot\n\tsys_time sys_pacct sys_nice sys_resource sys_tty_config\n\tlinux_immutable net_admin net_broadcast\n\tipc_lock ipc_owner kill mknod lease\n\taudit_write audit_control setfcap\n\tmac_override mac_admin syslog\n\twake_alarm block_suspend\n};\n\n# Process controls\nallow secure_mcp_container_t self:process {\n\tfork signal_perms getsched setsched\n\tgetsession getpgid setpgid\n\tgetcap setcap getattr setrlimit\n};\n\n# File descriptor operations\nallow secure_mcp_container_t self:fd use;\nallow secure_mcp_container_t self:fifo_file rw_fifo_file_perms;\nallow secure_mcp_container_t self:unix_dgram_socket { create_socket_perms sendto };\nallow secure_mcp_container_t self:unix_stream_socket { create_stream_socket_perms connectto };\n\n# Memory management\nallow secure_mcp_container_t self:memprotect mmap_zero;\nallow secure_mcp_container_t self:capability2 compromise_kernel_integrity;\nneverallow secure_mcp_container_t self:capability2 compromise_kernel_integrity;\n\n########################################\n#\n# File system access controls\n#\n\n# Application files (read/write/execute)\nallow secure_mcp_container_t secure_mcp_container_file_t:dir {\n\tcreate_dir_perms\n\tlist_dir_perms\n\tdelete_dir_perms\n};\nallow secure_mcp_container_t secure_mcp_container_file_t:file {\n\tcreate_file_perms\n\tread_file_perms\n\twrite_file_perms\n\tdelete_file_perms\n\texecute\n};\nallow secure_mcp_container_t secure_mcp_container_file_t:lnk_file {\n\tcreate_lnk_file_perms\n\tread_lnk_file_perms\n\tdelete_lnk_file_perms\n};\n\n# Temporary files (restricted access)\nallow secure_mcp_container_t secure_mcp_container_tmp_t:dir {\n\tcreate_dir_perms\n\tlist_dir_perms\n\tdelete_dir_perms\n};\nallow secure_mcp_container_t secure_mcp_container_tmp_t:file {\n\tcreate_file_perms\n\tread_file_perms\n\twrite_file_perms\n\tdelete_file_perms\n};\n\n# Tmpfs access (memory-backed filesystems)\nallow secure_mcp_container_t secure_mcp_container_tmpfs_t:dir {\n\tlist_dir_perms\n\tcreate_dir_perms\n\tdelete_dir_perms\n};\nallow secure_mcp_container_t secure_mcp_container_tmpfs_t:file {\n\tcreate_file_perms\n\tread_file_perms\n\twrite_file_perms\n\tdelete_file_perms\n};\n\n# Variable data files\nallow secure_mcp_container_t secure_mcp_container_var_t:dir {\n\tlist_dir_perms\n\tcreate_dir_perms\n};\nallow secure_mcp_container_t secure_mcp_container_var_t:file {\n\tcreate_file_perms\n\tread_file_perms\n\twrite_file_perms\n};\n\n# Logging (write-only)\nallow secure_mcp_container_t secure_mcp_container_log_t:dir { search_dir_perms add_entry_dir_perms };\nallow secure_mcp_container_t secure_mcp_container_log_t:file { create_file_perms append_file_perms };\n\n# Essential system files (read-only)\nfiles_read_etc_files(secure_mcp_container_t)\nfiles_read_usr_files(secure_mcp_container_t)\nlibs_use_ld_so(secure_mcp_container_t)\nlibs_use_shared_libs(secure_mcp_container_t)\n\n# Block access to sensitive system files\nfiles_dontaudit_read_etc_runtime_files(secure_mcp_container_t)\nfiles_dontaudit_read_etc_passwd(secure_mcp_container_t)\nfiles_dontaudit_read_etc_shadow(secure_mcp_container_t)\nfiles_dontaudit_write_etc_files(secure_mcp_container_t)\nfiles_dontaudit_write_etc_runtime_files(secure_mcp_container_t)\n\n# Explicitly deny sensitive file access\nneverallow secure_mcp_container_t shadow_t:file { read write };\nneverallow secure_mcp_container_t etc_t:file write;\nneverallow secure_mcp_container_t admin_home_t:file { read write };\nneverallow secure_mcp_container_t user_home_dir_t:dir { search read write };\nneverallow secure_mcp_container_t user_home_t:file { read write };\nneverallow secure_mcp_container_t sshd_key_t:file { read write };\nneverallow secure_mcp_container_t cert_t:file write;\n\n########################################\n#\n# Process and IPC controls\n#\n\n# Signal handling (restricted)\nallow secure_mcp_container_t self:process { signal signull sigkill sigstop };\nallow secure_mcp_container_t secure_mcp_container_t:process signal;\n\n# Block signals to system processes\nneverallow secure_mcp_container_t kernel_t:process signal;\nneverallow secure_mcp_container_t init_t:process signal;\nneverallow secure_mcp_container_t unconfined_t:process signal;\n\n# Inter-process communication (limited)\nallow secure_mcp_container_t self:sem { create destroy getattr setattr read write associate unix_read unix_write };\nallow secure_mcp_container_t self:msg { send receive };\nallow secure_mcp_container_t self:msgq { create destroy getattr setattr read write enqueue associate unix_read unix_write };\nallow secure_mcp_container_t self:shm { create destroy getattr setattr read write lock associate unix_read unix_write };\n\n# Block dangerous IPC\nneverallow secure_mcp_container_t { kernel_t init_t }:{ sem msg msgq shm } *;\n\n########################################\n#\n# Network access controls\n#\n\n# Basic network permissions\nallow secure_mcp_container_t self:tcp_socket { create_stream_socket_perms listen accept };\nallow secure_mcp_container_t self:udp_socket { create_socket_perms };\nallow secure_mcp_container_t self:rawip_socket { create_socket_perms };\nallow secure_mcp_container_t self:netlink_route_socket { create_netlink_socket_perms };\n\n# Network interface access\nallow secure_mcp_container_t self:netlink_socket { create_socket_perms };\nallow secure_mcp_container_t self:packet_socket { create_socket_perms };\n\n# Port binding (restricted)\nallow secure_mcp_container_t secure_mcp_container_port_t:tcp_socket name_bind;\nallow secure_mcp_container_t secure_mcp_container_port_t:udp_socket name_bind;\n\n# Network communication\ncorenet_tcp_sendrecv_generic_if(secure_mcp_container_t)\ncorenet_udp_sendrecv_generic_if(secure_mcp_container_t)\ncorenet_tcp_sendrecv_generic_node(secure_mcp_container_t)\ncorenet_udp_sendrecv_generic_node(secure_mcp_container_t)\n\n# Block dangerous network operations\nneverallow secure_mcp_container_t self:capability net_admin;\nneverallow secure_mcp_container_t port_type:tcp_socket name_bind;\nneverallow secure_mcp_container_t hi_reserved_port_type:tcp_socket name_bind;\nneverallow secure_mcp_container_t hi_reserved_port_type:udp_socket name_bind;\n\n########################################\n#\n# Device access controls\n#\n\n# Essential devices (controlled access)\ndev_read_urand(secure_mcp_container_t)\ndev_read_rand(secure_mcp_container_t)\nterm_use_ptmx(secure_mcp_container_t)\nterm_getattr_pty_fs(secure_mcp_container_t)\n\n# Container-specific devices\nallow secure_mcp_container_t secure_mcp_container_device_t:chr_file { read write getattr ioctl };\nallow secure_mcp_container_t secure_mcp_container_device_t:blk_file { read write getattr ioctl };\n\n# Block dangerous device access\ndev_dontaudit_read_kmem(secure_mcp_container_t)\ndev_dontaudit_write_kmem(secure_mcp_container_t)\ndev_dontaudit_read_memory(secure_mcp_container_t)\ndev_dontaudit_write_memory(secure_mcp_container_t)\ndev_dontaudit_rw_dri(secure_mcp_container_t)\ndev_dontaudit_rw_generic_blk_files(secure_mcp_container_t)\n\n# Explicitly deny dangerous devices\nneverallow secure_mcp_container_t { device_t devtty_t }:chr_file { read write };\nneverallow secure_mcp_container_t memory_device_t:chr_file { read write };\nneverallow secure_mcp_container_t kmem_device_t:chr_file { read write };\nneverallow secure_mcp_container_t zero_device_t:chr_file write;\n\n########################################\n#\n# System call and kernel access\n#\n\n# Kernel interface (very limited)\nkernel_read_proc_symlinks(secure_mcp_container_t)\nkernel_read_system_state(secure_mcp_container_t)\nkernel_dontaudit_read_kernel_sysctl(secure_mcp_container_t)\nkernel_dontaudit_write_kernel_sysctl(secure_mcp_container_t)\n\n# Block kernel modification\nneverallow secure_mcp_container_t kernel_t:system { module_load module_request };\nneverallow secure_mcp_container_t self:capability sys_module;\nneverallow secure_mcp_container_t proc_kcore_t:file { read write };\nneverallow secure_mcp_container_t proc_kmsg_t:file { read write };\n\n# System information (read-only)\nkernel_read_network_state(secure_mcp_container_t)\nkernel_read_net_sysctls(secure_mcp_container_t)\n\n########################################\n#\n# Runtime and container management\n#\n\n# Container runtime interaction\nallow secure_mcp_runtime_t secure_mcp_container_t:process { transition signal sigkill sigstop };\nallow secure_mcp_runtime_t secure_mcp_container_exec_t:file { read execute getattr };\nallow secure_mcp_container_t secure_mcp_runtime_t:fd use;\nallow secure_mcp_container_t secure_mcp_runtime_t:fifo_file { read write };\nallow secure_mcp_container_t secure_mcp_runtime_t:process sigchld;\n\n# Domain transition rules\ndomain_auto_trans(secure_mcp_runtime_t, secure_mcp_container_exec_t, secure_mcp_container_t)\n\n########################################\n#\n# Cgroup and namespace controls\n#\n\n# Cgroup access (limited)\nfs_getattr_cgroup(secure_mcp_container_t)\nfs_read_cgroup_files(secure_mcp_container_t)\nfs_write_cgroup_files(secure_mcp_container_t)\n\n# Namespace operations\nallow secure_mcp_container_t self:capability { setuid setgid };\nallow secure_mcp_container_t self:process setexec;\n\n# Block namespace escape\nneverallow secure_mcp_container_t init_t:process ptrace;\nneverallow secure_mcp_container_t kernel_t:process ptrace;\nneverallow secure_mcp_container_t self:capability sys_ptrace;\n\n########################################\n#\n# Security and audit controls\n#\n\n# Audit system (write-only for security events)\nallow secure_mcp_container_t self:netlink_audit_socket { create_netlink_socket_perms };\nallow secure_mcp_container_t self:capability audit_write;\n\n# Block audit manipulation\nneverallow secure_mcp_container_t self:capability audit_control;\nneverallow secure_mcp_container_t auditd_t:process signal;\n\n# Security event logging\nlogging_send_syslog_msg(secure_mcp_container_t)\n\n########################################\n#\n# File context definitions\n#\n\n# Executable files\n/usr/bin/mcp-container\\-exec\t\t--\tgen_context(system_u:object_r:secure_mcp_container_exec_t,s0)\n/opt/mcp/bin/container\\-exec\t\t--\tgen_context(system_u:object_r:secure_mcp_container_exec_t,s0)\n\n# Runtime files\n/usr/bin/mcp\\-runtime\t\t\t--\tgen_context(system_u:object_r:secure_mcp_runtime_exec_t,s0)\n/opt/mcp/bin/runtime\t\t\t--\tgen_context(system_u:object_r:secure_mcp_runtime_exec_t,s0)\n\n# Application files\n/app(/.*)?\t\t\t\t\tgen_context(system_u:object_r:secure_mcp_container_file_t,s0)\n/opt/app(/.*)?\t\t\t\t\tgen_context(system_u:object_r:secure_mcp_container_file_t,s0)\n/usr/local/app(/.*)?\t\t\t\tgen_context(system_u:object_r:secure_mcp_container_file_t,s0)\n\n# Temporary files\n/tmp/mcp\\-container(/.*)?\t\t\tgen_context(system_u:object_r:secure_mcp_container_tmp_t,s0)\n/var/tmp/mcp\\-container(/.*)?\t\t\tgen_context(system_u:object_r:secure_mcp_container_tmp_t,s0)\n/tmp/mcp(/.*)?\t\t\t\tgen_context(system_u:object_r:secure_mcp_container_tmp_t,s0)\n\n# Variable data\n/var/lib/mcp\\-container(/.*)?\t\t\tgen_context(system_u:object_r:secure_mcp_container_var_t,s0)\n/var/run/mcp\\-container(/.*)?\t\t\tgen_context(system_u:object_r:secure_mcp_container_var_t,s0)\n\n# Log files\n/var/log/mcp\\-container(/.*)?\t\t\tgen_context(system_u:object_r:secure_mcp_container_log_t,s0)\n/var/log/containers(/.*)?\t\t\tgen_context(system_u:object_r:secure_mcp_container_log_t,s0)\n\n# Device files\n/dev/mcp\\-container.*\t\t\t-c\tgen_context(system_u:object_r:secure_mcp_container_device_t,s0)\n\n########################################\n#\n# Network port definitions\n#\n\n# Container application ports\nnetwork_port(secure_mcp_container_port, tcp, 8000-8999, s0)\nnetwork_port(secure_mcp_container_port, udp, 8000-8999, s0)\n\n########################################\n#\n# MLS/MCS constraints\n#\n\n# Multi-Level Security constraints for high-security environments\nmlsconstrain process transition (\n\th1 domby h2 and l1 domby l2\n);\n\nmlsconstrain process { signal sigkill sigstop } (\n\th1 domby h2 and l1 domby l2\n);\n\nmlsconstrain file { create write setattr relabelfrom relabelto } (\n\th1 domby h2 and l1 eq l2\n);\n\n# Multi-Category Security for container isolation\nmcsconstrain process transition (\n\tc1 == c2\n);\n\nmcsconstrain file { create write setattr relabelfrom relabelto } (\n\tc1 == c2\n);\n\n########################################\n#\n# Role-based access control\n#\n\n# Define container user role\ngen_user(container_u, user, container_r, s0, s0 - mls_systemhigh, mcs_allcats)\n\n# Container role definitions\nrole container_r;\nrole container_r types secure_mcp_container_t;\n\n# User-role mappings\nuserdom_unpriv_user_template(container)\n\n########################################\n#\n# Optional policy modules\n#\n\noptional_policy(`\n\t# Docker integration\n\tdocker_read_config(secure_mcp_container_t)\n\tdocker_use_ptys(secure_mcp_container_t)\n')\n\noptional_policy(`\n\t# Podman integration\n\tpodman_read_config(secure_mcp_container_t)\n\tpodman_use_ptys(secure_mcp_container_t)\n')\n\noptional_policy(`\n\t# Systemd integration\n\tsystemd_dbus_chat_logind(secure_mcp_container_t)\n\tsystemd_read_unit_files(secure_mcp_container_t)\n')\n\noptional_policy(`\n\t# Logging integration\n\trsyslog_send_log_msg(secure_mcp_container_t)\n\tjournald_send_log_msg(secure_mcp_container_t)\n')\n\n########################################\n#\n# Conditional policy rules\n#\n\n# Enable network access based on boolean\ngen_tunable(secure_mcp_container_allow_network, false)\n\ntunable_policy(`secure_mcp_container_allow_network',`\n\tcorenet_tcp_connect_all_ports(secure_mcp_container_t)\n\tcorenet_udp_send_all_ports(secure_mcp_container_t)\n',`\n\tneverallow secure_mcp_container_t port_type:tcp_socket name_connect;\n\tneverallow secure_mcp_container_t port_type:udp_socket name_bind;\n')\n\n# Enable file system access based on boolean\ngen_tunable(secure_mcp_container_allow_filesystem, false)\n\ntunable_policy(`secure_mcp_container_allow_filesystem',`\n\tfiles_read_generic_etc_files(secure_mcp_container_t)\n\tfiles_read_generic_tmp_files(secure_mcp_container_t)\n',`\n\tneverallow secure_mcp_container_t { etc_t tmp_t }:file read;\n')\n\n########################################\n#\n# Security assertions\n#\n\n# Ensure containers cannot escape to host\nassert {\n\t# No transition to unconfined domains\n\tneverallow secure_mcp_container_t unconfined_t:process transition;\n\t\n\t# No access to host system files\n\tneverallow secure_mcp_container_t { admin_home_t user_home_t }:file *;\n\t\n\t# No kernel module operations\n\tneverallow secure_mcp_container_t kernel_t:system module_load;\n\t\n\t# No capability escalation\n\tneverallow secure_mcp_container_t self:capability { sys_admin sys_module };\n}\n\n########################################\n#\n# Policy metadata\n#\n\n# Policy version and information\n# Version: 1.0.0\n# Last Modified: 2024-12-19\n# Security Level: Critical\n# Compliance: SOC2, ISO27001, NIST\n# Description: Comprehensive SELinux policy for secure container execution\n# Contact: security@company.com\n# Dependencies: base policy, file contexts, network ports\n# Testing: Validated against container escape scenarios\n# Performance: Optimized for production use\n# Maintenance: Review quarterly, update as needed"