Skip to content

Commit

Permalink
Rename EnforceStartContainerPolicy (microsoft#1169)
Browse files Browse the repository at this point in the history 
The security policy enforcement point named "EnforceStartContainerPolicy" is
enforced at container create, not container start.

This commit changes to the more appropriate and less potentially confusing name.

Signed-off-by: Sean T. Allen <[email protected]>
  • Loading branch information
@SeanTAllen
SeanTAllen authored Sep 20, 2021
1 parent b6a6d9d commit cf620c3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion guest/runtime/hcsv2/uvm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ func (h *Host) CreateContainer(ctx context.Context, id string, settings *prot.VM
return nil, gcserr.NewHresultError(gcserr.HrVmcomputeSystemAlreadyExists)
}

err = h.securityPolicyEnforcer.EnforceStartContainerPolicy(id, settings.OCISpecification.Process.Args, settings.OCISpecification.Process.Env)
err = h.securityPolicyEnforcer.EnforceCreateContainerPolicy(id, settings.OCISpecification.Process.Args, settings.OCISpecification.Process.Env)

if err != nil {
return nil, errors.Wrapf(err, "container creation denied due to policy")
Expand Down
2 changes: 1 addition & 1 deletion guest/storage/test/policy/mountmonitoringsecuritypolicyenforcer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,6 @@ func (p *MountMonitoringSecurityPolicyEnforcer) EnforceOverlayMountPolicy(contai
return nil
}

func (p *MountMonitoringSecurityPolicyEnforcer) EnforceStartContainerPolicy(containerID string, argList []string, envList []string) (err error) {
func (p *MountMonitoringSecurityPolicyEnforcer) EnforceCreateContainerPolicy(containerID string, argList []string, envList []string) (err error) {
return nil
}

0 comments on commit cf620c3

Please sign in to comment.