Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-3129

Setting policy through annotations is ignored

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Medium Medium
    • None
    • None
    • cloud-api-adapter
    • None
    • False
    • None
    • False
    • KATA-2716 - Kata agent policy support for CoCo
    • 0
    • 0

      Description

      Setting agent policy using annotation is failing. 

      Steps to reproduce

      <What actions did you take to hit the bug?>
      1. have a upstream peer-pods setup with AGENT_POLICY=yes enabled
      2. make sure the default policy file in the podvm rootfs allow SetPolicy call
      3. start a (peer) pod with the policy in the annotation and check if it's blocked (e.g. don't allow exec and try to exec into the pod)
      see

      Expected result

      the policy should be applied and rpc calls should be blocked accordingly

      Actual result

      policy is ignored

      Additional helpful info

              Unassigned Unassigned
              ssheribe@redhat.com Snir sheriber
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: