Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-3249

Custom Kata Agent policy support in CoCo & peer-pods

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Medium Medium
    • None
    • None
    • None
    • None
    • Custom Kata Agent policy support in CoCo & peer-pods
    • BU Product Work
    • False
    • None
    • False
    • KATA-3248Custom Kata Agent policy support in CoCo & peer-pods
    • Not Selected
    • To Do
    • KATA-3248 - Custom Kata Agent policy support in CoCo & peer-pods
    • 100% To Do, 0% In Progress, 0% Done
    • Yes
    • 0
    • 0

      Epic Goal

      • Agent policy performs additional validation for each ttRPC API requests in the Guest VM, this epic goal is to allow to configure it.

      Why is this important?

      • Users of peer-pods/CoCo may wan't to be able to block certain calls, due to suspecting that some components were compromised or simply to change the defaults (CoCo)  

      Scenarios

      1. Setting custom policy at podvm image creation time
      2. Setting custom policy at pod runtime

      Acceptance Criteria 

      1. User is able to set custom policy at podvm image creation time
      2. User is able to set custom policy at pod runtime
      3. Instructions to the customization is provided
      4. Tests to verify customization is applied 

      Additional context:

              Unassigned Unassigned
              ssheribe@redhat.com Snir sheriber
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: