KEP-4639: Allow writeable, container isolated volume content

saschagrunert · saschagrunert · commit ddb30d6498e3 · 2025-05-07T15:39:22.000+02:00
This proposal changes the KEP to allow writing the image volume contents
in the same way as we already support it for the actual running
container image. Runtimes have to ensure that the isolation is
restricted to the running container by using technologies like
overlayfs.

Signed-off-by: Sascha Grunert &lt;sgrunert@redhat.com&gt;
diff --git a/keps/sig-node/4639-oci-volume-source/README.md b/keps/sig-node/4639-oci-volume-source/README.md
@@ -298,7 +298,10 @@ the OS or version of the scanning software.
     - Allowing direct mounting of OCI objects introduces potential attack
       vectors. Mitigation includes thorough security reviews and limiting access
       to trusted registries. Limiting to non-runnable content
-      and read-only mode will lessen the security risk.
+      and read-only mode will lessen the security risk. If the image content is
+      writable in a strictly container isolated way, then runtimes have to
+      ensure that proper isolation, as well as the necessary cleanup on
+      container removal.
     - Path traversal attacks are a high risk for introducing security
       vulnerabilities. Container Runtimes should re-use their existing
       implementations to merge layers as well as secure join symbolic links in
@@ -586,8 +589,12 @@ feature cannot be used. Pods using the new `VolumeSource` combined with a not
 supported container runtime version will fail to run on the node, because the
 `Mount.host_path` field is not set for those mounts.
 
-For security reasons, volume mounts should set the [`noexec`] and `ro`
-(read-only) options by default.
+For the most conservative security approach, image volumes should be mounted by
+runtimes with enabled `rro` (recursive read-only) and `noexec` flag. Runtimes
+may support writable volumes in the same way as the running container image
+contents are writable (for example by utilizing overlayfs). This enables users
+to modify the image volume contents in a non-persistent and container isolated
+environment.
 
 Note: in the process of mounting images into the container's rootfs, there may need to be intermediate mounts created. This is especially relevant if
 the CRI implementation wishes to support one image being mounted with multiple different SELinux labels. If that's done, the CRI implementation is responsible
diff --git a/keps/sig-node/4639-oci-volume-source/kep.yaml b/keps/sig-node/4639-oci-volume-source/kep.yaml
@@ -46,7 +46,7 @@ stage: beta
 # The most recent milestone for which work toward delivery of this KEP has been
 # done. This can be the current (upcoming) milestone, if it is being actively
 # worked on.
-latest-milestone: "v1.33"
+latest-milestone: "v1.34"
 
 # The milestone at which this feature was, or is targeted to be, at each stage.
 milestone:
