Skip to content

Commit

Permalink
kata: format patches according to amended patch workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
burgerdev committed Nov 5, 2024
1 parent bc3aafa commit 6a3e431
Show file tree
Hide file tree
Showing 16 changed files with 82 additions and 82 deletions.
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From 099fd9159c03561ed738dacb370d18183f8601aa Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tom Dohrmann <[email protected]>
Date: Fri, 5 Jul 2024 08:43:13 +0000
Subject: [PATCH] govmm: Directly pass the firwmare using -bios with SNP
Expand All @@ -9,7 +9,7 @@ Subject: [PATCH] govmm: Directly pass the firwmare using -bios with SNP
1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/runtime/pkg/govmm/qemu/qemu.go b/src/runtime/pkg/govmm/qemu/qemu.go
index e1070b731..b3b3fb4bd 100644
index e1070b731920f00625dc58a9ce3e6b985af3a8ba..b3b3fb4bdbe99e6fc1a89db49be984b92a19551c 100644
--- a/src/runtime/pkg/govmm/qemu/qemu.go
+++ b/src/runtime/pkg/govmm/qemu/qemu.go
@@ -395,9 +395,7 @@ func (object Object) QemuParams(config *Config) []string {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From b73c887c4b00d58b1a9bf403c5b2d05b02574731 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tom Dohrmann <[email protected]>
Date: Mon, 8 Jul 2024 07:35:54 +0000
Subject: [PATCH] emulate CPU model that most closely matches the host
Expand All @@ -12,7 +12,7 @@ attestation.
1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go
index 1d1be1711..6ebee26ce 100644
index 1d1be17118f397445941c50a5276fb8aec2411e3..6ebee26ce34b5137f88a78219340b1f0867bc7a8 100644
--- a/src/runtime/virtcontainers/qemu_amd64.go
+++ b/src/runtime/virtcontainers/qemu_amd64.go
@@ -191,7 +191,18 @@ func (q *qemuAmd64) cpuModel() string {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From d3bc2eb74a14272afb10d20c63e4d938538acbfe Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tom Dohrmann <[email protected]>
Date: Mon, 8 Jul 2024 07:51:20 +0000
Subject: [PATCH] runtime: agent: verify the agent policy hash
Expand Down Expand Up @@ -42,7 +42,7 @@ Signed-off-by: Tom Dohrmann <[email protected]>
create mode 100644 src/agent/src/tdx.rs

diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock
index f55144570..8cf40f7ec 100644
index f5514457031ed7f0b4d1c5c6bee7ec5ec8b9ad72..8cf40f7ec7d12b6e206d49f4b6adff05d347262d 100644
--- a/src/agent/Cargo.lock
+++ b/src/agent/Cargo.lock
@@ -542,6 +542,12 @@ version = "0.6.3"
Expand Down Expand Up @@ -238,7 +238,7 @@ index f55144570..8cf40f7ec 100644
name = "vsock"
version = "0.2.6"
diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml
index a8ed5d081..d5b3db965 100644
index a8ed5d081cf87b19f4ce5c5bdb9cc4efa694a6e3..d5b3db965fe75cbccc182825a4115bdc57a9705b 100644
--- a/src/agent/Cargo.toml
+++ b/src/agent/Cargo.toml
@@ -85,6 +85,11 @@ regorus = { version = "0.1.4", default-features = false, features = [
Expand All @@ -263,7 +263,7 @@ index a8ed5d081..d5b3db965 100644

[[bin]]
diff --git a/src/agent/src/main.rs b/src/agent/src/main.rs
index 8a057bb36..22d858c10 100644
index 8a057bb367537cfac988f20fda86b2e23a681682..22d858c10468478dacb7e7e9b9133a756abc1ea8 100644
--- a/src/agent/src/main.rs
+++ b/src/agent/src/main.rs
@@ -85,6 +85,10 @@ mod tracer;
Expand All @@ -278,7 +278,7 @@ index 8a057bb36..22d858c10 100644
cfg_if! {
if #[cfg(target_arch = "s390x")] {
diff --git a/src/agent/src/policy.rs b/src/agent/src/policy.rs
index ccac317d0..2f1da9ecd 100644
index ccac317d0ff707c1fd1242a144886d5e8c000a90..2f1da9ecd0d0ee1be06218d5bc9e58cd93defa8c 100644
--- a/src/agent/src/policy.rs
+++ b/src/agent/src/policy.rs
@@ -3,11 +3,14 @@
Expand Down Expand Up @@ -351,7 +351,7 @@ index ccac317d0..2f1da9ecd 100644
+}
diff --git a/src/agent/src/sev.rs b/src/agent/src/sev.rs
new file mode 100644
index 000000000..3257eabaf
index 0000000000000000000000000000000000000000..3257eabafcc971df7219d71186383616ee19a672
--- /dev/null
+++ b/src/agent/src/sev.rs
@@ -0,0 +1,19 @@
Expand All @@ -376,7 +376,7 @@ index 000000000..3257eabaf
+}
diff --git a/src/agent/src/tdx.rs b/src/agent/src/tdx.rs
new file mode 100644
index 000000000..1531e72a8
index 0000000000000000000000000000000000000000..1531e72a8b8db6e357d02ecdd431a9b88af3b30d
--- /dev/null
+++ b/src/agent/src/tdx.rs
@@ -0,0 +1,194 @@
Expand Down Expand Up @@ -575,7 +575,7 @@ index 000000000..1531e72a8
+ Ok(mrconfigid)
+}
diff --git a/src/runtime/pkg/govmm/qemu/qemu.go b/src/runtime/pkg/govmm/qemu/qemu.go
index b3b3fb4bd..5070ecd1e 100644
index b3b3fb4bdbe99e6fc1a89db49be984b92a19551c..5070ecd1e78ca04383637e662b3c8e4f8ec0ae5e 100644
--- a/src/runtime/pkg/govmm/qemu/qemu.go
+++ b/src/runtime/pkg/govmm/qemu/qemu.go
@@ -320,6 +320,11 @@ type Object struct {
Expand Down Expand Up @@ -631,7 +631,7 @@ index b3b3fb4bd..5070ecd1e 100644

return tdxObject.String()
diff --git a/src/runtime/virtcontainers/hypervisor.go b/src/runtime/virtcontainers/hypervisor.go
index 5eb922980..0e5205cc9 100644
index 5eb922980be33de9afc25ffaae65dd222f976c52..0e5205cc99da99e929365cbfe8637465872addb9 100644
--- a/src/runtime/virtcontainers/hypervisor.go
+++ b/src/runtime/virtcontainers/hypervisor.go
@@ -545,7 +545,7 @@ type HypervisorConfig struct {
Expand Down Expand Up @@ -666,7 +666,7 @@ index 5eb922980..0e5205cc9 100644
tdxProtection

diff --git a/src/runtime/virtcontainers/qemu.go b/src/runtime/virtcontainers/qemu.go
index ba86c3d63..2c6311c06 100644
index ba86c3d63a6c5158b3d0f7e6ae6af865dddb9d8d..2c6311c067935a2c5da0a1018420bab684b670e8 100644
--- a/src/runtime/virtcontainers/qemu.go
+++ b/src/runtime/virtcontainers/qemu.go
@@ -681,7 +681,7 @@ func (q *qemu) CreateVM(ctx context.Context, id string, network Network, hypervi
Expand All @@ -679,7 +679,7 @@ index ba86c3d63..2c6311c06 100644
return err
}
diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go
index 6ebee26ce..0a0451cba 100644
index 6ebee26ce34b5137f88a78219340b1f0867bc7a8..0a0451cba1565358225875cf6506381f5d221aec 100644
--- a/src/runtime/virtcontainers/qemu_amd64.go
+++ b/src/runtime/virtcontainers/qemu_amd64.go
@@ -9,6 +9,8 @@ package virtcontainers
Expand Down Expand Up @@ -754,7 +754,7 @@ index 6ebee26ce..0a0451cba 100644
+ return base64.StdEncoding.EncodeToString(mrConfigId)
+}
diff --git a/src/runtime/virtcontainers/qemu_amd64_test.go b/src/runtime/virtcontainers/qemu_amd64_test.go
index 1425cb38c..f0a9c691a 100644
index 1425cb38cfd79ab06b04f1dafbab9b7440901688..f0a9c691a6ffc6356f8f9a335e72b81239a2ef2c 100644
--- a/src/runtime/virtcontainers/qemu_amd64_test.go
+++ b/src/runtime/virtcontainers/qemu_amd64_test.go
@@ -9,6 +9,10 @@ package virtcontainers
Expand Down Expand Up @@ -943,7 +943,7 @@ index 1425cb38c..f0a9c691a 100644
+ assert.Equal(expectedOut, devices)
}
diff --git a/src/runtime/virtcontainers/qemu_arch_base.go b/src/runtime/virtcontainers/qemu_arch_base.go
index fd92be772..662466f58 100644
index fd92be772446f30058d4424f7a330a0bc23ff433..662466f5846c22b4c7fa6b62b1a272258e2e4143 100644
--- a/src/runtime/virtcontainers/qemu_arch_base.go
+++ b/src/runtime/virtcontainers/qemu_arch_base.go
@@ -162,7 +162,7 @@ type qemuArch interface {
Expand All @@ -965,7 +965,7 @@ index fd92be772..662466f58 100644
return devices, firmware, nil
}
diff --git a/src/runtime/virtcontainers/qemu_arm64.go b/src/runtime/virtcontainers/qemu_arm64.go
index a9b803f73..112fe358e 100644
index a9b803f73275c1d5b9212a63fda097ebc33f1c9f..112fe358e4d76700ebe7a1d36e9ae42eb93611b7 100644
--- a/src/runtime/virtcontainers/qemu_arm64.go
+++ b/src/runtime/virtcontainers/qemu_arm64.go
@@ -154,7 +154,7 @@ func (q *qemuArm64) enableProtection() error {
Expand All @@ -978,7 +978,7 @@ index a9b803f73..112fe358e 100644
if err != nil {
hvLogger.WithField("arch", runtime.GOARCH).Error(err)
diff --git a/src/runtime/virtcontainers/qemu_arm64_test.go b/src/runtime/virtcontainers/qemu_arm64_test.go
index 07e67ac8c..8b6bd03eb 100644
index 07e67ac8c1479c67f4b4ffa850dddb8d1e0680e4..8b6bd03eb9d10f0c37dbdbb3fb5fa48585659e96 100644
--- a/src/runtime/virtcontainers/qemu_arm64_test.go
+++ b/src/runtime/virtcontainers/qemu_arm64_test.go
@@ -182,42 +182,77 @@ func TestQemuArm64AppendProtectionDevice(t *testing.T) {
Expand Down Expand Up @@ -1066,7 +1066,7 @@ index 07e67ac8c..8b6bd03eb 100644
assert.Empty(bios)
assert.NoError(err)
diff --git a/src/runtime/virtcontainers/qemu_ppc64le.go b/src/runtime/virtcontainers/qemu_ppc64le.go
index d2e0228c8..ed7a14c4d 100644
index d2e0228c8be8eae3ae24f3aa81b6423735f51320..ed7a14c4dc4262a0f1d77f6efa11310479fa1ecb 100644
--- a/src/runtime/virtcontainers/qemu_ppc64le.go
+++ b/src/runtime/virtcontainers/qemu_ppc64le.go
@@ -157,7 +157,7 @@ func (q *qemuPPC64le) enableProtection() error {
Expand All @@ -1079,7 +1079,7 @@ index d2e0228c8..ed7a14c4d 100644
case pefProtection:
return append(devices,
diff --git a/src/runtime/virtcontainers/qemu_ppc64le_test.go b/src/runtime/virtcontainers/qemu_ppc64le_test.go
index 85e1dfe80..0c2f4b923 100644
index 85e1dfe8050e3c64545e2031420058aad004f2ab..0c2f4b923d5550b67ad8c767124d8414b47d4c0b 100644
--- a/src/runtime/virtcontainers/qemu_ppc64le_test.go
+++ b/src/runtime/virtcontainers/qemu_ppc64le_test.go
@@ -60,39 +60,63 @@ func TestQemuPPC64leAppendProtectionDevice(t *testing.T) {
Expand Down Expand Up @@ -1174,7 +1174,7 @@ index 85e1dfe80..0c2f4b923 100644
+ assert.Equal(expectedOut, devices)
}
diff --git a/src/runtime/virtcontainers/qemu_s390x.go b/src/runtime/virtcontainers/qemu_s390x.go
index 29eaafe5b..787a0e589 100644
index 29eaafe5b3fe0ecf9f10bc49ede3465d2cf8ec3e..787a0e589a71dabb5acaedd66e36bb5f7d9662d0 100644
--- a/src/runtime/virtcontainers/qemu_s390x.go
+++ b/src/runtime/virtcontainers/qemu_s390x.go
@@ -337,7 +337,7 @@ func (q *qemuS390x) enableProtection() error {
Expand All @@ -1187,7 +1187,7 @@ index 29eaafe5b..787a0e589 100644
case seProtection:
return append(devices,
diff --git a/src/runtime/virtcontainers/qemu_s390x_test.go b/src/runtime/virtcontainers/qemu_s390x_test.go
index 24a67bdd9..3f5f84aff 100644
index 24a67bdd9e591ead96fbaea473cb662526dedbf3..3f5f84afffeec6fed0ba624408158425090fe88a 100644
--- a/src/runtime/virtcontainers/qemu_s390x_test.go
+++ b/src/runtime/virtcontainers/qemu_s390x_test.go
@@ -111,40 +111,64 @@ func TestQemuS390xAppendProtectionDevice(t *testing.T) {
Expand Down Expand Up @@ -1281,7 +1281,7 @@ index 24a67bdd9..3f5f84aff 100644
+ assert.Equal(expectedOut, devices)
}
diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go
index ac0d35e9c..ff7a46b4e 100644
index ac0d35e9c854d6b5eea52e716137fe62414d51a7..ff7a46b4e05dbef2d8d1981897b04e639fda5527 100644
--- a/src/runtime/virtcontainers/sandbox.go
+++ b/src/runtime/virtcontainers/sandbox.go
@@ -613,6 +613,7 @@ func newSandbox(ctx context.Context, sandboxConfig SandboxConfig, factory Factor
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From cc68c48a9af8cbdd6ffd8a74d7960adc22150f08 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Wed, 24 Jul 2024 09:48:48 +0200
Subject: [PATCH] genpolicy: enable sysctl checks
Expand All @@ -16,7 +16,7 @@ environment-dependent sysctls in the settings file.
5 files changed, 62 insertions(+), 1 deletion(-)

diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
index fe1625bac..e50d5e545 100644
index fe1625bac119b59ce2094b2220e2a87c486e670a..e50d5e545e3fe42db486771345310d4c2157be2f 100644
--- a/src/tools/genpolicy/genpolicy-settings.json
+++ b/src/tools/genpolicy/genpolicy-settings.json
@@ -39,6 +39,10 @@
Expand Down Expand Up @@ -44,7 +44,7 @@ index fe1625bac..e50d5e545 100644
},
"volumes": {
diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 1d95bfe69..a89b13ed1 100644
index 1d95bfe699bb5082f8bbfb2cc4d89c8bde3a08ec..a89b13ed158ad8524e11ffbdad8ccb1ce7692aed 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -112,7 +112,6 @@ allow_create_container_input {
Expand Down Expand Up @@ -88,7 +88,7 @@ index 1d95bfe69..a89b13ed1 100644
# and io.kubernetes.cri.sandbox-id" values with other fields.
allow_by_bundle_or_sandbox_id(p_oci, i_oci, p_storages, i_storages) {
diff --git a/src/tools/genpolicy/src/containerd.rs b/src/tools/genpolicy/src/containerd.rs
index 075fced5b..2922ea0ab 100644
index 075fced5bfec11b27e529f0b1d2dba5e6271ba82..2922ea0ab54671269c8eedab3890ba35529db05a 100644
--- a/src/tools/genpolicy/src/containerd.rs
+++ b/src/tools/genpolicy/src/containerd.rs
@@ -3,6 +3,8 @@
Expand Down Expand Up @@ -117,7 +117,7 @@ index 075fced5b..2922ea0ab 100644
}
}
diff --git a/src/tools/genpolicy/src/pod.rs b/src/tools/genpolicy/src/pod.rs
index 19f882239..5030144c6 100644
index 19f8822395ca225961bcf77bc3e5ae25e3c31119..5030144c6364cd929c53d18a24459748c1ce20aa 100644
--- a/src/tools/genpolicy/src/pod.rs
+++ b/src/tools/genpolicy/src/pod.rs
@@ -21,6 +21,7 @@ use log::{debug, warn};
Expand Down Expand Up @@ -176,7 +176,7 @@ index 19f882239..5030144c6 100644
..Default::default()
};
diff --git a/src/tools/genpolicy/src/policy.rs b/src/tools/genpolicy/src/policy.rs
index 973643e1f..adbdf97f3 100644
index 973643e1f270b589e30e0b2e9235dbfa70df0f20..adbdf97f33c449e905cbf9044a118da4598c69cd 100644
--- a/src/tools/genpolicy/src/policy.rs
+++ b/src/tools/genpolicy/src/policy.rs
@@ -27,6 +27,7 @@ use serde_yaml::Value;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From eed3e15bfd5468480e07b08dbf5266a75a61e076 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Wed, 24 Jul 2024 09:51:57 +0200
Subject: [PATCH] genpolicy: read bundle-id from rootfs
Expand All @@ -14,7 +14,7 @@ NOTE: fixes https://github.com/kata-containers/kata-containers/issues/10065
1 file changed, 8 insertions(+), 21 deletions(-)

diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index a89b13ed1..d9b68e3ac 100644
index a89b13ed158ad8524e11ffbdad8ccb1ce7692aed..d9b68e3ac0758f0d15bc1415300573082d7e1949 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -509,9 +509,6 @@ allow_linux_sysctl(p_linux, i_linux) {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From 551b4a87596fe66741433424872deefbc251ee59 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Paul Meyer <[email protected]>
Date: Thu, 11 Jul 2024 12:05:00 +0200
Subject: [PATCH] genpolicy: regex check contrast specific layer-src-prefix
Expand All @@ -9,7 +9,7 @@ Signed-off-by: Paul Meyer <[email protected]>
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index d9b68e3ac..6ddcd18cd 100644
index d9b68e3ac0758f0d15bc1415300573082d7e1949..6ddcd18cd1334dfabeadd1b0e7a54c723c7cae4d 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -905,7 +905,7 @@ allow_storage_options(p_storage, i_storage, layer_ids, root_hashes) {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From 264156d366f357b71fb697f7f65f9ff84e90c2f8 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Wed, 24 Jul 2024 11:16:37 +0200
Subject: [PATCH] genpolicy-settings: bump OCI version
Expand All @@ -9,7 +9,7 @@ Kata hard-codes OCI version 1.1.0, but latest K3S has 1.2.0.
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
index e50d5e545..fcafa46cc 100644
index e50d5e545e3fe42db486771345310d4c2157be2f..fcafa46cc3b62b74aa5ba08fdbd76fa3370ae77e 100644
--- a/src/tools/genpolicy/genpolicy-settings.json
+++ b/src/tools/genpolicy/genpolicy-settings.json
@@ -312,7 +312,7 @@
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From cfa3376d255617815b8ef10bdc6026bf38a99889 Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Mon, 12 Aug 2024 14:18:43 +0200
Subject: [PATCH] genpolicy-settings: change cpath for Nydus guest pull
Expand All @@ -10,7 +10,7 @@ https://github.com/kata-containers/kata-containers/blob/775f6bd/tests/integratio
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
index fcafa46cc..4e9f6481d 100644
index fcafa46cc3b62b74aa5ba08fdbd76fa3370ae77e..4e9f6481d649fc45716f182c394f38059792eb91 100644
--- a/src/tools/genpolicy/genpolicy-settings.json
+++ b/src/tools/genpolicy/genpolicy-settings.json
@@ -243,7 +243,7 @@
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From f9e3e6924f326af2cbac10476f663a6bfb86685a Mon Sep 17 00:00:00 2001
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Markus Rudy <[email protected]>
Date: Thu, 1 Aug 2024 15:58:42 +0200
Subject: [PATCH] genpolicy: allow image_guest_pull
Expand Down Expand Up @@ -26,7 +26,7 @@ don't even bother handling that case.
create mode 100644 src/tools/genpolicy/tests/testdata/createcontainer/guest_pull/testcases.json

diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
index 4e9f6481d..e3b36a655 100644
index 4e9f6481d649fc45716f182c394f38059792eb91..e3b36a6555a646ffefc7733c807d6b0da9967dea 100644
--- a/src/tools/genpolicy/genpolicy-settings.json
+++ b/src/tools/genpolicy/genpolicy-settings.json
@@ -148,7 +148,7 @@
Expand All @@ -39,7 +39,7 @@ index 4e9f6481d..e3b36a655 100644
"source": "local",
"fstype": "local",
diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
index 6ddcd18cd..50219c038 100644
index 6ddcd18cd1334dfabeadd1b0e7a54c723c7cae4d..44af45437f550877652c33019f42b0b29fdcfbdb 100644
--- a/src/tools/genpolicy/rules.rego
+++ b/src/tools/genpolicy/rules.rego
@@ -80,7 +80,7 @@ CreateContainerRequest {
Expand Down Expand Up @@ -153,7 +153,7 @@ index 6ddcd18cd..50219c038 100644
+ p_mount_point := concat("/", [policy_data.common.cpath, bundle_id, "rootfs"])
+ print("allow_storages 1: i_storage.mount_point =", i_storage.mount_point, "p_mount_point =", p_mount_point)
+ i_storage.mount_point == p_mount_point
+
+
+ print("allow_storages 1: p_container.image =", p_container.image, "i_storage.source =", i_storage.source)
+
+ count(i_storage.driver_options) == 1
Expand Down Expand Up @@ -215,7 +215,7 @@ index 6ddcd18cd..50219c038 100644
+}
+
+# Allow tardev-snapshotter storage
+allow_storages(p_container, i_storages, bundle_id, sandbox_id) {
+allow_storages(p_container, i_storages, bundle_id, sandbox_id) {
+ p_storages := p_container.storages
p_count := count(p_storages)
i_count := count(i_storages)
Expand Down Expand Up @@ -249,7 +249,7 @@ index 6ddcd18cd..50219c038 100644

allow_storage(p_storages, i_storage, bundle_id, sandbox_id, layer_ids, root_hashes) {
diff --git a/src/tools/genpolicy/src/policy.rs b/src/tools/genpolicy/src/policy.rs
index adbdf97f3..c4dc4ac3c 100644
index adbdf97f33c449e905cbf9044a118da4598c69cd..c4dc4ac3c2a10211909ae8ee8d77050add0e5cc1 100644
--- a/src/tools/genpolicy/src/policy.rs
+++ b/src/tools/genpolicy/src/policy.rs
@@ -270,6 +270,9 @@ pub struct ContainerPolicy {
Expand All @@ -271,7 +271,7 @@ index adbdf97f3..c4dc4ac3c 100644
devices,
sandbox_pidns,
diff --git a/src/tools/genpolicy/tests/main.rs b/src/tools/genpolicy/tests/main.rs
index 565b3e2a0..a3a08d96e 100644
index 565b3e2a0b0368ccbecd778cb70fa9f94596de51..a3a08d96e865eb992ef5607ec050a58ea0749dfc 100644
--- a/src/tools/genpolicy/tests/main.rs
+++ b/src/tools/genpolicy/tests/main.rs
@@ -9,7 +9,7 @@ use std::path;
Expand All @@ -294,7 +294,7 @@ index 565b3e2a0..a3a08d96e 100644
+}
diff --git a/src/tools/genpolicy/tests/testdata/createcontainer/guest_pull/pod.yaml b/src/tools/genpolicy/tests/testdata/createcontainer/guest_pull/pod.yaml
new file mode 100644
index 000000000..203af19a6
index 0000000000000000000000000000000000000000..203af19a6f7a200580cdd39cd38e50fe23403710
--- /dev/null
+++ b/src/tools/genpolicy/tests/testdata/createcontainer/guest_pull/pod.yaml
@@ -0,0 +1,11 @@
Expand All @@ -311,7 +311,7 @@ index 000000000..203af19a6
+ privileged: true
diff --git a/src/tools/genpolicy/tests/testdata/createcontainer/guest_pull/testcases.json b/src/tools/genpolicy/tests/testdata/createcontainer/guest_pull/testcases.json
new file mode 100644
index 000000000..2f21e0674
index 0000000000000000000000000000000000000000..2f21e0674e496f9d496553311cb4c24f96449401
--- /dev/null
+++ b/src/tools/genpolicy/tests/testdata/createcontainer/guest_pull/testcases.json
@@ -0,0 +1,2027 @@
Expand Down
Loading

0 comments on commit 6a3e431

Please sign in to comment.