💡 The Security Model: Seccomp + AppArmor + Egress

How cella's three-layer security model works together to isolate and protect containers.

Defense in Depth

cella combines three independent security mechanisms. Each layer catches different types of threats:

┌──────────────────────────────────────────┐
│         Layer 3: Egress Control          │
│  (nftables + domain allowlist + DNS)     │
├──────────────────────────────────────────┤
│         Layer 2: AppArmor                │
│  (filesystem + capability restrictions)  │
├──────────────────────────────────────────┤
│         Layer 1: Seccomp                 │
│  (syscall filtering at kernel level)     │
└──────────────────────────────────────────┘

Layer 1: Seccomp (System Call Filtering)

Seccomp operates at the kernel level, filtering system calls before they execute. This is the deepest layer of defense.

Scope: Controls which kernel APIs a process can call
Granularity: Per-syscall (allow, deny, notify, log)
Performance: Near-zero overhead (BPF filter in kernel)
cella's approach: Three tiers (Strict/Moderate/Permissive) plus custom profiles generated from observed traffic

Example threat blocked: A compromised process trying to ptrace another process, or mount a filesystem to escalate privileges.

Layer 2: AppArmor (Mandatory Access Control)

AppArmor restricts what files, network operations, and capabilities a container can access, based on a profile loaded into the kernel.

Scope: File paths, network access, capabilities, mount operations
Granularity: Per-path rules with glob patterns
cella's role: Displays the active AppArmor profile in the Policy panel; LXD handles enforcement

Example threat blocked: A container trying to read /etc/shadow on the host filesystem.

Layer 3: Egress Control (Network)

cella's transparent proxy + nftables provides network-level control:

nftables REDIRECT: Intercepts all outbound HTTPS traffic
Domain allowlist: Only approved domains can be reached (with wildcard support)
Operator approval: New domains require explicit human approval
DNS monitoring: Independent DNS query tracking with allow/deny rules

Example threat blocked: A compromised container trying to exfiltrate data to an unknown external server.

How They Complement Each Other

Attack	Seccomp	AppArmor	Egress
Privilege escalation via ptrace	✅ Blocked	—	—
Read host /etc/passwd	—	✅ Blocked	—
Data exfiltration to attacker.com	—	—	✅ Blocked
Load kernel module	✅ Blocked	✅ Blocked	—
DNS tunneling	—	—	✅ DNS Monitor

The Policy Panel

Press P in cella to see all three layers in a single view. The Policy panel shows per-container:

Active seccomp profile (strict/moderate/permissive/custom)
AppArmor profile status
Egress proxy status and allowed domains
Merged view: full LXD config including raw.lxc seccomp paths

← Home