Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
policy: Fix enforcement status for host endpoint
Before this commit, host policy enforcement was reported as enabled as soon as policies were loaded for the host, even if the host firewall was disabled: ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS ENFORCEMENT ENFORCEMENT 318 Enabled Enabled 1 reserved:host ready 3423 Disabled Disabled 4 reserved:health f00d::a0f:0:0:7ba4 10.16.0.148 ready With this commit, enforcement will remain as disabled as long as the host firewall is disabled: ENDPOINT POLICY (ingress) POLICY (egress) IDENTITY LABELS (source:key[=value]) IPv6 IPv4 STATUS ENFORCEMENT ENFORCEMENT 318 Disabled Disabled 1 reserved:host ready 3423 Disabled Disabled 4 reserved:health f00d::a0f:0:0:7ba4 10.16.0.148 ready Fixes: f9c205d ("pkg/policy: Host network policies") Signed-off-by: Paul Chaignon <paul@cilium.io>
- Loading branch information