github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-25 02:40:04 +00:00
Code Issues Projects Releases Wiki Activity

tests: add policy to k8s tests

Browse Source 
Use AGENT_POLICY=yes when building the Guest images, and add a
permissive test policy to the k8s tests for:
- CBL-Mariner
- SEV
- SNP
- TDX

Also, add an example of policy rejecting ExecProcessRequest.

Fixes: #7667

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
This commit is contained in:
Dan Mihai
2023-08-25 21:20:36 +00:00
parent d0e0610679
commit bf21411e90
8 changed files with 177 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tools/packaging/guest-image/build_image.sh
View File

@@ -41,7 +41,8 @@ build_initrd() {
OS_VERSION="${os_version}" \
ROOTFS_BUILD_DEST="${builddir}/initrd-image" \
USE_DOCKER=1 \
AGENT_INIT="yes"
AGENT_INIT="yes" \
AGENT_POLICY="${AGENT_POLICY:-}"
mv "kata-containers-initrd.img" "${install_dir}/${artifact_name}"
(
cd "${install_dir}"
@@ -58,7 +59,8 @@ build_image() {
DEBUG="${DEBUG:-}" \
USE_DOCKER="1" \
IMG_OS_VERSION="${os_version}" \
ROOTFS_BUILD_DEST="${builddir}/rootfs-image"
ROOTFS_BUILD_DEST="${builddir}/rootfs-image" \
AGENT_POLICY="${AGENT_POLICY:-}"
mv -f "kata-containers.img" "${install_dir}/${artifact_name}"
if [ -e "root_hash.txt" ]; then
cp root_hash.txt "${install_dir}/"