-
Epic
-
Resolution: Unresolved
-
Major
-
None
-
None
-
cnv-tracker-namespace-support-vsock
-
Product / Portfolio Work
-
77
-
- we know in which RHEL version we can allow securely VSOCK in CNV
-
To Do
-
-
100% To Do, 0% In Progress, 0% Done
-
dev-ready, po-ready, qe-ready, ux-ready
-
No
Goal
To enable VSOCK in CNV CNV-64172 in a secure way, the access the the VSOCK has to be limited to the namespce of a single virt-laucher pod.
This discussed upstream in https://lore.kernel.org/netdev/20250827-vsock-vmtest-v5-0-0ba580bede5b@meta.com/ , and tracked downstream in https://issues.redhat.com/browse/RHELPLAN-20414 .
User Stories
- As a VM owner, I want to be sure that no other pod on the same host is able to access the VSOCK of my VM.
Non-Requirements
- List of things not included in this epic, to alleviate any doubt raised during the grooming process.
Notes
- Any additional details or decisions made/needed
- blocks
-
-
- New
-
1.
|
upstream roadmap issue |
|
New | 
|
Unassigned |
2.
|
upstream design |
|
New |
|
Unassigned |
3.
|
upstream documentation |
|
New |
|
Unassigned |
4.
|
upgrade consideration |
|
New |
|
Unassigned |
5.
|
test plans in polarion |
|
New |
|
Unassigned |
6.
|
automated tests |
|
New |
|
Unassigned |
7.
|
downstream documentation merged |
|
New |
|
Unassigned |
8.
|
CNV QE DevOps Requirement/Enablement |
|
New |
|
Unassigned |
