Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

policy: fix broken default policy symlink on mkosi #1718

Merged
merged 1 commit into from
Feb 27, 2024
Merged

policy: fix broken default policy symlink on mkosi #1718

merged 1 commit into from
Feb 27, 2024

Conversation

mkulke
Copy link
Contributor

@mkulke mkulke commented Feb 26, 2024

The podvm makefile would be invoked with an empty default policy file setting from the mkosi docker build, in which the docker-build arg is set to an empty string. The podvm makefile would hence not pick the default, but attempt to use the empty string in the creation of the symbolic link, resulting in a symbolic link that points to itself.

The change will make sure that the env is only set in the Dockerfile invocation if the variable is set in the mkosi makefile. Also we quote the the source file for the symbolic link creation, so we bail out properly, instead of creating a self-pointing symbolic link.

@mkulke
policy: fix broken default policy symlink on mkosi
65ca10d 
The podvm makefile would be invoked with an empty default policy file
setting from the mkosi docker build, in which the docker-build arg is
set to an empty string. The podvm makefile would hence not pick the
default, but attempt to use the empty string in the creation of the
symbolic link, resulting in a symbolic link that points to itself.

The change will make sure that the env is only set in the Dockerfile
invocation if the variable is set in the mkosi makefile. Also we quote
the the source file for the symbolic link creation, so we bail out
properly, instead of creating a self-pointing symbolic link.

Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
stevenhorsman
stevenhorsman approved these changes Feb 26, 2024
View reviewed changes
Copy link
Member

@stevenhorsman stevenhorsman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for tracking it down!

bpradipt
bpradipt approved these changes Feb 27, 2024
View reviewed changes
Copy link
Member

@bpradipt bpradipt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@mkulke mkulke merged commit 6d0e0dc into confidential-containers:main Feb 27, 2024
18 checks passed
@mkulke mkulke deleted the mkulke/fix-default-policy-on-mkosi branch February 27, 2024 06:50
stevenhorsman added a commit to stevenhorsman/cloud-api-adaptor that referenced this pull request Mar 5, 2024
@stevenhorsman
podvm: Fix povm-binaries build
a8836fa 
Nightly podvm-binaries build has been failing with:
```
# Set default policy
956.9 cd /src/cloud-api-adaptor/podvm/files/etc/kata-opa && ln -s -f "" default-policy.rego
956.9 ln: failed to create symbolic link 'default-policy.rego' -> '': No such file or directory
```

So port over the mkosi fix for this that Magnus did in confidential-containers#1718

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
stevenhorsman added a commit to stevenhorsman/cloud-api-adaptor that referenced this pull request Mar 5, 2024
@stevenhorsman
podvm: Fix povm-binaries build
f67faba 
Nightly podvm-binaries build has been failing with:
```
# Set default policy
956.9 cd /src/cloud-api-adaptor/podvm/files/etc/kata-opa && ln -s -f "" default-policy.rego
956.9 ln: failed to create symbolic link 'default-policy.rego' -> '': No such file or directory
```

So port over the mkosi fix for this that Magnus did in confidential-containers#1718

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
@stevenhorsman stevenhorsman mentioned this pull request Mar 5, 2024
Merged
stevenhorsman added a commit to stevenhorsman/cloud-api-adaptor that referenced this pull request Mar 6, 2024
@stevenhorsman
podvm: Fix podvm-binaries build
5c3071b 
Nightly podvm-binaries build has been failing with:
```
956.9 cd /src/cloud-api-adaptor/podvm/files/etc/kata-opa && ln -s -f "" default-policy.rego
956.9 ln: failed to create symbolic link 'default-policy.rego' -> '': No such file or directory
```

So port over the mkosi fix for this that Magnus did in confidential-containers#1718

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
stevenhorsman added a commit that referenced this pull request Mar 6, 2024
@stevenhorsman
podvm: Fix podvm-binaries build
06fc733 
Nightly podvm-binaries build has been failing with:
```
956.9 cd /src/cloud-api-adaptor/podvm/files/etc/kata-opa && ln -s -f "" default-policy.rego
956.9 ln: failed to create symbolic link 'default-policy.rego' -> '': No such file or directory
```

So port over the mkosi fix for this that Magnus did in #1718

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bpradipt bpradipt bpradipt approved these changes

@stevenhorsman stevenhorsman stevenhorsman approved these changes

@surajssd surajssd Awaiting requested review from surajssd

@kartikjoshi21 kartikjoshi21 Awaiting requested review from kartikjoshi21

@katexochen katexochen Awaiting requested review from katexochen

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mkulke @bpradipt @stevenhorsman