Setting up security measures

Edit online

You can apply security protections when you use SELinux with Red Hat® AI Inference Server (RHAIIS) containers.

Prerequisites:

  • Run the dnf install udica setools-console command to install the additional system tools.

When SELinux is enabled for RHAIIS containers, several default security protections might be bypassed, exposing the environment vulnerable to potential threats. To restore these protections, complete the following steps.

  1. Start the container by using the following command: 
    
$ podman run --device=/dev/vfio -v ${HOST_MODELS_DIR}:/models -e AIU_PCIE_IDS="${AIU_IDS}" -e VLLM_SPYRE_USE_CB=1 --pids-limit 0 --userns=keep-id --group-add=keep-groups --memory 200G  -shm-size 64G -p 127.0.0.1:8000:8000 <container url>:<container tag>  --model "${VLLM_MODEL_PATH}" -tp "${AIU_WORLD_SIZE}" --max-model-len "${MAX_MODEL_LEN}" --max-num-seqs ${MAX_BATCH_SIZE}
    Note: The --security-opt label=disable component is absent in this test.
  2. Pass the container information to udica to create a policy file by using the following command: 
    
$ podman inspect <container ID> | sudo udica --devices /dev/vfio/0,/dev/vfio/1 --full-network-access spyre-vllm [sudo] password for senuser:  

Policy spyre-vllm created!
  3. Confirm that udica created the policy file by using the following command: 
    
$
ls models project spyre-vllm.cil
  4. Validate the content of the policy file by using the following commands: 
    
$ cat spyre-vllm.cil
(block spyre-vllm
(blockinherit container)
(blockinherit net_container)
(blockinherit restricted_net_container)
(allow process container_port_t ( tcp_socket ( name_bind )))
(allow process vfio_device_t ( blk_file ( getattr read write append ioctl lock open )))
(allow process vfio_device_t ( chr_file ( getattr read write append ioctl lock open )))
(allow process container_file_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process container_file_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process container_file_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process container_file_t ( sock_file ( append getattr open read write )))
(allow process user_home_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_home_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_home_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_home_t ( sock_file ( append getattr open read write )))
  5. Fix the generated policy file (restricted_net_container not shipped in RHEL 9.6) by using the following command: 
    
$ sudo sed -i '/blockinherit restricted_net_container/d' ~/spyre-vllm.cil
  6. Load the fixed policy as the SEModule by using the following command: 
    
$ sudo semodule -i /usr/share/udica/templates/{base_container.cil,net_container.cil} spyre-vllm.cil
  7. Verify that the loaded policy file is available by using the following command: 
    
$ seinfo -t | grep spyre-vllm 
spyre-vllm.process 
spyre-vllm.socket
  8. Run the container with the new policy module by using the following command: 
    
$ podman run --device=/dev/vfio -v ${HOST_MODELS_DIR}:/models -e AIU_PCIE_IDS="${AIU_IDS}" -e VLLM_SPYRE_USE_CB=1 --pids-limit 0 --userns=keep-id --group-add=keep-groups --security-opt label=type:spyre-vllm.process --memory 200G  -shm-size 64G -p 127.0.0.1:8000:8000 <container url>:<container tag>  --model "${VLLM_MODEL_PATH}" -tp "${AIU_WORLD_SIZE}" --max-model-len "${MAX_MODEL_LEN}" --max-num-seqs ${MAX_BATCH_SIZE}