Skip to content

Commit

Permalink
Add disallowed_platform_patterns
Browse files Browse the repository at this point in the history 
As part of EC-726, a new policy rule,
`buildah_build_task.platform_param`,  was added to prevent certain
platforms from being used based on the value of the
`disallowed_platform_patterns` rule data.

This commit disallows using platforms that include the `root` string.
This is the convention used to specify rootful hosts.

For the workflows that do require rootful access, use a policy config
that either disables the policy rule, or overrides the value of the rule
data to an empty list.

Ref: EC-726

Signed-off-by: Luiz Carvalho <[email protected]>
  • Loading branch information
@lcarva
lcarva committed Jul 31, 2024
1 parent 1e7a4fa commit 60443b2
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions data/rule_data.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,3 +198,6 @@ rule_data:
- 2025-12-30
- 2025-12-31
- 2026-01-01

disallowed_platform_patterns:
- .*root.*

0 comments on commit 60443b2

Please sign in to comment.