From 205dafd32308c2fe308265a522ff77236ad35279 Mon Sep 17 00:00:00 2001
From: Dan Mihai <dmihai@microsoft.com>
Date: Mon, 15 Jan 2024 23:51:54 +0000
Subject: [PATCH] genpolicy: temporarily disable allow_storages()

Temporarily disable the allow_storages() rules, because they are based
on the tarfs snapshotter + container image integrity information that
are not available yet in the main branch - see #8833.

Fixes: #8834

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
---
 src/tools/genpolicy/rules.rego | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 2719e65795..7e73f24f98 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -428,7 +428,8 @@ allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages) {
         allow_mount(p_oci, i_mount, bundle_id, sandbox_id)
     }
 
-    allow_storages(p_storages, i_storages, bundle_id, sandbox_id)
+    # TODO: enable allow_storages() after fixing https://github.com/kata-containers/kata-containers/issues/8833
+    # allow_storages(p_storages, i_storages, bundle_id, sandbox_id)
 
     print("allow_by_bundle_or_sandbox_id: true")
 }