From ff8c66699c462c95f59414308a7408170fd6bdad Mon Sep 17 00:00:00 2001 From: jmxnzo Date: Mon, 13 Jan 2025 09:40:29 +0100 Subject: [PATCH] fixup! microsoft.genpolicy: support mount propagation and ro mounts --- packages/by-name/microsoft/genpolicy/package.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/packages/by-name/microsoft/genpolicy/package.nix b/packages/by-name/microsoft/genpolicy/package.nix index d3eb1d3276..a6e8704d1b 100644 --- a/packages/by-name/microsoft/genpolicy/package.nix +++ b/packages/by-name/microsoft/genpolicy/package.nix @@ -71,9 +71,11 @@ rustPlatform.buildRustPackage rec { # This avoids printing the entire annotation on log level debug, which resulted in errors of the logtranslator.go # TODO(jmxnzo): remove when https://github.com/kata-containers/kata-containers/pull/10647 is picked up by microsoft/kata-containers fork ./0009-genpolicy-do-not-log-policy-annotation-in-debug.patch - # Patches the RootfsPropagation check in allow_create_container_input to allow setting up volumes. It reflects - # 0012-genpolicy-support-mount-propagation-and-ro-mounts.patch on upstream kata repo, but drops the patched propagation mode - # derivation, because it was already built in to the microsoft/fork. + # Patches the RootfsPropagation check in allow_create_container_input to allow setting up bidirectional volumes, which need to propagate their changes to a + # volume mounted on the root filesystem and possibly shared across multiple containers on the host. + # RootfsPropagation describes the mapping to mount propagations: https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation + # It reflects genpolicy-support-mount-propagation-and-ro-mounts.patch on upstream kata repo, but drops the patched propagation mode + # derivation, because it was already built in to the microsoft fork. ./0010-genpolicy-support-mount-propagation-and-ro-mounts.patch ]; };