samples: don't execute genpolicy as root user #190

danmihai1 · 2024-05-08T19:21:42Z

Allow all users to pull images by using containerd instead of having to worry about this tool potentially creating files that the caller of update_policy_samples.py doesn't own.

Granting all users access to containerd is also consistent with the behavior of upstream Kata CI.

If any users really need to execute genpolicy as root, hopefully executing this entire script as root is good enough for them.

Allow all users to pull images by using containerd instead of having to worry about this tool potentially creating files that the caller of update_policy_samples.py doesn't own. Granting all users access to containerd is also consistent with the behavior of upstream Kata CI. If any users really need to execute genpolicy as root, hopefully executing this entire script as root is good enough for them. Signed-off-by: Dan Mihai <[email protected]>

danmihai1 added the upstream/not-needed PRs that will not be upstreamed (e.g. internal) label May 8, 2024

danmihai1 requested review from sprt, Redent0r and ms-mahuber May 8, 2024 19:21

danmihai1 requested review from a team as code owners May 8, 2024 19:21

sprt approved these changes May 8, 2024

View reviewed changes

ms-mahuber approved these changes May 8, 2024

View reviewed changes

Redent0r approved these changes May 10, 2024

View reviewed changes

danmihai1 merged commit 82b870c into msft-main May 10, 2024
46 of 58 checks passed

danmihai1 deleted the danmihai1/change-containerd-socket branch May 10, 2024 20:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

samples: don't execute genpolicy as root user #190

samples: don't execute genpolicy as root user #190

danmihai1 commented May 8, 2024

samples: don't execute genpolicy as root user #190

samples: don't execute genpolicy as root user #190

Conversation

danmihai1 commented May 8, 2024