mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-05-14 11:03:31 +00:00
bce5cb2ce5
Hooks are executed on the host, so we don't expect to run hooks and thus require that no hook paths are set. Additional Kernel modules expand the attack surface, so require that none are set. If a use case arises, modules should be allowlisted via settings. Signed-off-by: Markus Rudy <mr@edgeless.systems>