From 5282701b5b49964d7da04c7fe7349c1c34fe0a90 Mon Sep 17 00:00:00 2001
From: Dan Mihai <dmihai@microsoft.com>
Date: Sat, 13 Jul 2024 01:05:58 +0000
Subject: [PATCH] genpolicy: add link to allow_user() active issue

Improve comment to workaround in rules.rego, to explain better the
reason for that workaround.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
---
 src/tools/genpolicy/rules.rego | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 76d734e0bb..4bf7be6ad6 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -540,9 +540,7 @@ allow_user(p_process, i_process) {
     p_user := p_process.User
     i_user := i_process.User
 
-    # TODO: track down the reason for mcr.microsoft.com/oss/bitnami/redis:6.0.8 being
-    #       executed with uid = 0 despite having "User": "1001" in its container image
-    #       config.
+    # TODO: remove this workaround when fixing https://github.com/kata-containers/kata-containers/issues/9928.
     #print("allow_user: input uid =", i_user.UID, "policy uid =", p_user.UID)
     #p_user.UID == i_user.UID