Saul Paredes
Saul Paredes
This allows generation of policy for pods specifying priority classes. Cherry pick from https://github.com/microsoft/kata-containers/pull/145
This is due to CBL-Mariner using `shared_fs = virtiofs`. We need to test with a mariner config that uses `shared_fs = none` in order to deny all UpdateEphemeralMountsRequests in mariner
We should: 1. Add versioning for the interface between the Kata Agent and Agent Policy. 2. Use the version to keep the compatibility with older Policy versions, when/if we'll make...
Currently policy code is stateless. It would be helpful to add state to it. Having state would allow us to validate things like: 1. Pod sanbox name. See https://github.com/kata-containers/kata-containers/pull/9957#issuecomment-2204925209 2....
Split kata-containers-tools and kata-containers-tools-cc into their own subpackages. ###### Merge Checklist **All** boxes should be checked before merging the PR *(just tick any boxes which don't apply to this PR)*...
Split kata-containers-tools and kata-containers-tools-cc into their own subpackages. ###### Merge Checklist **All** boxes should be checked before merging the PR *(just tick any boxes which don't apply to this PR)*...
Fixes https://github.com/kata-containers/kata-containers/issues/10087 This PR adds the ability for the policy to save and load data to a state kept in the regorus engine, and also validates one field (sandbox name)...
regex.match against the sandbox-name value, as opposed to exact matching. This change should have been included in https://github.com/kata-containers/kata-containers/pull/11012
* When downloading a genpolicy releases, filter the list of releases to only include those that are not marked as "prerelease" or "draft" --- This checklist is used to make...