Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

genpolicy: support read-only hostPath #175

Merged
merged 2 commits into from
Apr 15, 2024
Merged

genpolicy: support read-only hostPath #175

merged 2 commits into from
Apr 15, 2024

Conversation

Redent0r
Copy link

@Redent0r Redent0r commented Apr 15, 2024
edited
Loading

Merge Checklist
  • Followed patch format from upstream recommendation: https://github.com/kata-containers/community/blob/main/CONTRIBUTING.md#patch-format
    • Included a single commit in a given PR - at least unless there are related commits and each makes sense as a change on its own.
  • Aware about the PR to be merged using "create a merge commit" rather than "squash and merge" (or similar)
  • genPolicy only: Ensured the tool still builds on Windows
  • genPolicy only: Updated sample YAMLs' policy annotations, if applicable
  • The upstream-missing label (or upstream-not-needed) has been set on the PR.
Summary

Support hostpath pointing to readOnly volume mounts. This scenario was previously blocked by policy due to:
ro != rw

check_mount 2: i options = [\\\"rbind\\\", \\\"rprivate\\\", \\\"ro\\\"]
check_mount 2: p options = [\\\"rbind\\\", \\\"rprivate\\\", \\\"rw\\\"]
Test Methodology

https://dev.azure.com/mariner-org/mariner/_build/results?buildId=550396&view=ms.vss-test-web.build-test-results-tab

Redent0r added 2 commits April 14, 2024 15:47
@Redent0r
genpolicy: support readonly hostpath
4b44220 
Set hostpath access based on volume mount readOnly value

Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
@Redent0r
genpolicy: update samples
a9e6fb8 
Modify sample to use readOnly volume mount

Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
@Redent0r Redent0r added the upstream/missing PRs that are yet to be upstreamed label Apr 15, 2024
@Redent0r Redent0r marked this pull request as ready for review April 15, 2024 17:32
@Redent0r Redent0r requested review from a team as code owners April 15, 2024 17:32
@sprt sprt changed the title Saulparedes/support readonly hostpath genpolicy: support read-only hostPath Apr 15, 2024
@Redent0r Redent0r merged commit 658fcdd into msft-main Apr 15, 2024
135 of 202 checks passed
@Redent0r Redent0r deleted the saulparedes/support_readonly_hostpath branch April 15, 2024 22:06
@Redent0r Redent0r added upstream/merged PRs that have been merged upstream and removed upstream/missing PRs that are yet to be upstreamed labels Sep 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sprt sprt sprt approved these changes

@danmihai1 danmihai1 danmihai1 approved these changes

@ms-mahuber ms-mahuber ms-mahuber approved these changes

Assignees
No one assigned
Labels
upstream/merged PRs that have been merged upstream
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Redent0r @sprt @danmihai1 @ms-mahuber