Closed wrabcak closed 3 years ago
@JAORMX , is this applicable for CRI-O?
@JAORMX , is this applicable for CRI-O?
Currently, there doesn't seem to be similar support for this in CRI-O or Kubernetes [1]. But what folks tend to do is bind-mount the device on to the container.
With the current mount parsing, will udica still attach the appropriate policy for a device?
Yes, bind-mount will work for container for both podman and CRI-O.
Okay, Thank you for update, I'll drop TODO for CRI-O and move "Draft PR" to "PR".
@JAORMX Thank you.
Commit adds functionality to generate allow rules when --device switch is used for podman e.g:
# podman run --device /dev/tty0 fedora /bin/bash
The output policy should looks like:
TODO: CRI-O functionality is missing