XML

Word

Printable

Type: Epic
Resolution: Done
Priority: Medium
Fix Version/s: OSC 1.7.0
Affects Version/s: None
Component/s: podvm-builder
Labels:
None

Epic Name:
Disable features that may compromise guest
Activity Type:
Product / Portfolio Work
Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Color Status:
Not Selected
Epic Status:
To Do
Feature Link:
KATA-2798 - Ensuring no plaintext data is leaked to the host via network when using CoCo
Parent Link:
KATA-2798Ensuring no plaintext data is leaked to the host via network when using CoCo
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done
Product Documentation Required:
No

WSJF:
0

Target Version:

OSC 1.7.0

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Intelligence Requested:
Market:

Epic Goal

Reducing attack surface of the guest

Why is this important?

Malicious host may utilize its power and guest enabled features to attack the guest.

Acceptance Criteria

ssh is disabled
cloud-init features were reviewed and disabled according risk assessment

Additional context:

links to

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

Merge request - Updated 4 upstream sources

openshift/sandboxed-containers-operator#443: podvm: disable cloud-init unsafe modules for CoCo

mentioned on

Merge request - Updated US source to: 644dfc8 Merge pull request #450 from bpradipt/cp-1.7

(9 links to, 1 mentioned on)

Assignee:: Snir sheriber

Reporter:: Snir sheriber

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/08/08 11:40 AM

Updated:: 2025/06/27 11:42 AM

Resolved:: 2024/10/13 10:01 AM