github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-31 08:28:34 +00:00
Code Issues Projects Releases Wiki Activity

genpolicy: add link to allow_user() active issue

Browse Source 
Improve comment to workaround in rules.rego, to explain better the
reason for that workaround.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai
2024-07-13 01:05:58 +00:00
parent 3c0171df3d
commit 5282701b5b
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/tools/genpolicy/rules.rego
View File

@@ -540,9 +540,7 @@ allow_user(p_process, i_process) {
p_user := p_process.User
i_user := i_process.User
# TODO: track down the reason for mcr.microsoft.com/oss/bitnami/redis:6.0.8 being
# executed with uid = 0 despite having "User": "1001" in its container image
# config.
# TODO: remove this workaround when fixing https://github.com/kata-containers/kata-containers/issues/9928.
#print("allow_user: input uid =", i_user.UID, "policy uid =", p_user.UID)
#p_user.UID == i_user.UID