Skip to content

genpolicy: Introduce UpdateRoutesRequest, UpdateInterfaceRequest rules in genpolicy-settings #333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 14, 2025
Merged

genpolicy: Introduce UpdateRoutesRequest, UpdateInterfaceRequest rules in genpolicy-settings #333

merged 3 commits into from
Mar 14, 2025

Conversation

@Camelron
Copy link

@Camelron Camelron commented Mar 14, 2025
edited
Loading

Merge Checklist
Summary

Introduce rules for UpdateInterfaceRequest and UpdateRoutesRequest and genpolicy tests for them.

goal is to:

  • have strong promises about loopback traffic; local traffic has no tls
  • prevent loopback traffic from being routed to network devices controlled by the hypervisor
  • prevent hypervisor network devices from spoofing loopback
Test Methodology

Upstream review and CI

@Camelron
genpolicy: Introduce UpdateRoutesRequest rules in genpolicy-settings
a604cca 
Introduce rule to block routes from source addresses which are the
loopback. Block routes added to the lo device.

Signed-off-by: Cameron Baird <[email protected]>
@Camelron Camelron requested review from a team as code owners March 14, 2025 00:20
@Camelron Camelron added the upstream/merged PRs that have been merged upstream label Mar 14, 2025
@Camelron Camelron force-pushed the cameronbaird/backport-network-policy branch from c22dab1 to 7c3933c Compare March 14, 2025 15:55
@Camelron
Copy link
Author

Camelron commented Mar 14, 2025

Amended commit with updated policy samples.

@Redent0r
Copy link

Redent0r commented Mar 14, 2025

Could we update the samples on a separate commit? eg https://github.com/microsoft/kata-containers/pull/327/commits

@Camelron Camelron force-pushed the cameronbaird/backport-network-policy branch from 7c3933c to 6a274be Compare March 14, 2025 16:57
@Camelron
Copy link
Author

Camelron commented Mar 14, 2025

Split sample policy changes into own commit

Camelron added 2 commits March 14, 2025 17:13
@Camelron
genpolicy: Introduce UpdateInterfaceRequest rules in genpolicy-settings
b0159dd 
Introduce rules for UpdateInterfaceRequest and genpolicy tests for them.

Signed-off-by: Cameron Baird <[email protected]>
@Camelron
samples: update samples
1e703f8 
Update samples

Signed-off-by: Cameron Baird <[email protected]>
@Camelron Camelron force-pushed the cameronbaird/backport-network-policy branch from 6a274be to 1e703f8 Compare March 14, 2025 17:13
@Redent0r Redent0r merged commit b648d32 into msft-main Mar 14, 2025
45 of 55 checks passed
@Camelron Camelron mentioned this pull request Mar 17, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danmihai1 danmihai1 danmihai1 approved these changes

@Redent0r Redent0r Redent0r approved these changes

+1 more reviewer

@manuelh-dev manuelh-dev manuelh-dev approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

upstream/merged PRs that have been merged upstream

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Camelron @Redent0r @danmihai1 @manuelh-dev