github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-25 18:53:44 +00:00
Code Issues Projects Releases Wiki Activity

genpolicy: temporarily disable allow_storages()

Browse Source 
Temporarily disable the allow_storages() rules, because they are based
on the tarfs snapshotter + container image integrity information that
are not available yet in the main branch - see #8833.

Fixes: #8834

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai
2024-01-15 23:51:54 +00:00
parent 0dc00ae373
commit 205dafd323
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/tools/genpolicy/rules.rego
View File

@@ -428,7 +428,8 @@ allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages) {
allow_mount(p_oci, i_mount, bundle_id, sandbox_id)
}
allow_storages(p_storages, i_storages, bundle_id, sandbox_id)
# TODO: enable allow_storages() after fixing https://github.com/kata-containers/kata-containers/issues/8833
# allow_storages(p_storages, i_storages, bundle_id, sandbox_id)
print("allow_by_bundle_or_sandbox_id: true")
}