Dan Mihai
Dan Mihai
See: https://github.com/kata-containers/kata-containers/security/dependabot/231 https://github.com/kata-containers/kata-containers/security/dependabot/230 https://github.com/kata-containers/kata-containers/security/dependabot/229 https://github.com/kata-containers/kata-containers/security/dependabot/228 https://github.com/kata-containers/kata-containers/security/dependabot/227 https://github.com/kata-containers/kata-containers/security/dependabot/226 https://github.com/kata-containers/kata-containers/security/dependabot/225
Many of the tests were already covered by https://github.com/kata-containers/kata-containers/pull/9073. Enable auto-generated policy for more tests.
Auto-generate Policy for ~15 additional tests. Fixes: #9072
Auto-generate Policy for ~15 additional tests.
Kata CI tests that copy files from the Host to a Pod use CloseStdinRequest. Example: k8s-copy-file.bats. We don't have yet an easy way to enable CloseStdinRequest in the policy generated...
I don't know yet what the root cause is, but k8s-credentials-secrets.bats is not working well when auto-generating a CoCo Policy for it.
genpolicy's allow_storages() rules are currently based on the tardev + container image integrity information from the Microsoft fork. These rules should be temporary disabled and then refactored based on future...
I don't know yet what the root cause is, but k8s-inotify.bats is not working well when auto-generating a CoCo Policy for it. Also, k8s-inotify.bats seems to leak a Config Map...
For example: are there regressions that make starting a pod a lot slower?
For example: are there regressions that limit the number of containers that can be created successfully in a given Guest VM?