kura icon indicating copy to clipboard operation
kura copied to clipboard

Published 20 hours ago verified publisher icon eclipse

feat(container.orchestration.provider): implemented enforcement allowlist

Open sfiorani opened this issue 11 months ago • 1 comments

This PR introduces the Enforcement Allowlist into the Container Orchestration bundle: this adds another security level when managing containers.

The user can enable the Enforcement through a new component option and write the list of image digests that are allowed to be run on the device.

If a container is run, the container orchestration will retrieve the container's image digests and compare it/them to the ones in the Enforcement Allowlist:

  • If the image digest is in the allowlist, the container will be allowed to start
  • If not, the container is immediately stopped and deleted

Related Issue:

Description of the solution adopted:

Screenshots:

Manual Tests:

Any side note on the changes made:

sfiorani avatar Mar 01 '24 14:03 sfiorani

The build succeeds locally but we are facing an issue in the CI connection to Sonar. An issue has been raised few weeks ago to the Eclipse Team: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/4422

MMaiero avatar Mar 27 '24 18:03 MMaiero

Merging without waiting for the CI to complete because we're experiencing even more issues with it (lack of executors, Sonar broken). The check introduced in the last commit doesn't change the code behaviour.

mattdibi avatar Apr 02 '24 08:04 mattdibi