[ [], [], [], [ "tests/kata/data/pod-lifecycle/policy.rego:1162: CreateSandboxRequest: input.guest_hook_path = ", "tests/kata/data/pod-lifecycle/policy.rego:1165: CreateSandboxRequest: input.kernel_modules = []", "tests/kata/data/pod-lifecycle/policy.rego:1169: CreateSandboxRequest: i_pidns = false", "tests/kata/data/pod-lifecycle/policy.rego:1124: allow_sandbox_storages: i_storages = [{\"driver\": \"ephemeral\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tmpfs\", \"mount_point\": \"/run/kata-containers/sandbox/shm\", \"options\": [\"noexec\", \"nosuid\", \"nodev\", \"mode=1777\", \"size=67108864\"], \"source\": \"shm\"}]", "tests/kata/data/pod-lifecycle/policy.rego:1135: allow_sandbox_storage: i_storage = {\"driver\": \"ephemeral\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tmpfs\", \"mount_point\": \"/run/kata-containers/sandbox/shm\", \"options\": [\"noexec\", \"nosuid\", \"nodev\", \"mode=1777\", \"size=67108864\"], \"source\": \"shm\"}", "tests/kata/data/pod-lifecycle/policy.rego:1138: allow_sandbox_storage: p_storage = {\"driver\": \"ephemeral\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tmpfs\", \"mount_point\": \"/run/kata-containers/sandbox/shm\", \"options\": [\"noexec\", \"nosuid\", \"nodev\", \"mode=1777\", \"size=67108864\"], \"source\": \"shm\"}", "tests/kata/data/pod-lifecycle/policy.rego:1141: allow_sandbox_storage: true", "tests/kata/data/pod-lifecycle/policy.rego:1131: allow_sandbox_storages: true" ], [], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098-34d3b6116093e1e7-resolv.conf", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:56: CreateContainerRequest: i_oci.Hooks = null", "tests/kata/data/pod-lifecycle/policy.rego:59: CreateContainerRequest: i_oci.Linux.Seccomp = null", "tests/kata/data/pod-lifecycle/policy.rego:63: ======== CreateContainerRequest: trying next policy container", "tests/kata/data/pod-lifecycle/policy.rego:67: CreateContainerRequest: p_pidns = false i_pidns = false", "tests/kata/data/pod-lifecycle/policy.rego:72: CreateContainerRequest: p Version = 1.1.0-rc.1 i Version = 1.1.0-rc.1", "tests/kata/data/pod-lifecycle/policy.rego:75: CreateContainerRequest: p Readonly = true i Readonly = true", "tests/kata/data/pod-lifecycle/policy.rego:90: allow_anno 1: start", "tests/kata/data/pod-lifecycle/policy.rego:97: allow_anno 2: p Annotations = {\"io.katacontainers.pkg.oci.bundle_path\": \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/$(bundle-id)\", \"io.katacontainers.pkg.oci.container_type\": \"pod_sandbox\", \"io.kubernetes.cri.container-type\": \"sandbox\", \"io.kubernetes.cri.sandbox-id\": \"^[a-z0-9]{64}$\", \"io.kubernetes.cri.sandbox-log-directory\": \"^/var/log/pods/$(sandbox-namespace)_$(sandbox-name)_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$\", \"io.kubernetes.cri.sandbox-name\": \"pod-lifecycle\", \"io.kubernetes.cri.sandbox-namespace\": \"default\", \"nerdctl/network-namespace\": \"^/var/run/netns/cni-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$\"}", "tests/kata/data/pod-lifecycle/policy.rego:98: allow_anno 2: i Annotations = {\"io.katacontainers.pkg.oci.bundle_path\": \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098\", \"io.katacontainers.pkg.oci.container_type\": \"pod_sandbox\", \"io.kubernetes.cri.container-type\": \"sandbox\", \"io.kubernetes.cri.sandbox-cpu-period\": \"100000\", \"io.kubernetes.cri.sandbox-cpu-quota\": \"0\", \"io.kubernetes.cri.sandbox-cpu-shares\": \"2\", \"io.kubernetes.cri.sandbox-id\": \"a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098\", \"io.kubernetes.cri.sandbox-log-directory\": \"/var/log/pods/default_pod-lifecycle_078af1e8-328a-4f89-adfb-bae4455fbf50\", \"io.kubernetes.cri.sandbox-memory\": \"0\", \"io.kubernetes.cri.sandbox-name\": \"pod-lifecycle\", \"io.kubernetes.cri.sandbox-namespace\": \"default\", \"io.kubernetes.cri.sandbox-uid\": \"078af1e8-328a-4f89-adfb-bae4455fbf50\", \"nerdctl/network-namespace\": \"/var/run/netns/cni-b894e817-0cf4-867e-21d1-af214f3a1a59\"}", "tests/kata/data/pod-lifecycle/policy.rego:101: allow_anno 2: i keys = {\"io.katacontainers.pkg.oci.bundle_path\", \"io.katacontainers.pkg.oci.container_type\", \"io.kubernetes.cri.container-type\", \"io.kubernetes.cri.sandbox-cpu-period\", \"io.kubernetes.cri.sandbox-cpu-quota\", \"io.kubernetes.cri.sandbox-cpu-shares\", \"io.kubernetes.cri.sandbox-id\", \"io.kubernetes.cri.sandbox-log-directory\", \"io.kubernetes.cri.sandbox-memory\", \"io.kubernetes.cri.sandbox-name\", \"io.kubernetes.cri.sandbox-namespace\", \"io.kubernetes.cri.sandbox-uid\", \"nerdctl/network-namespace\"}", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.katacontainers.pkg.oci.bundle_path", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.katacontainers.pkg.oci.bundle_path", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.katacontainers.pkg.oci.container_type", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.katacontainers.pkg.oci.container_type", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.container-type", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.container-type", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-cpu-period", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-cpu-period", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-cpu-quota", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-cpu-quota", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-cpu-shares", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-cpu-shares", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-id", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-id", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-log-directory", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-log-directory", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-memory", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-memory", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-name", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-name", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-namespace", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-namespace", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-uid", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-uid", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = nerdctl/network-namespace", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = nerdctl/network-namespace", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:107: allow_anno 2: true", "tests/kata/data/pod-lifecycle/policy.rego:129: allow_by_anno 1: start", "tests/kata/data/pod-lifecycle/policy.rego:143: allow_by_anno 2: start", "tests/kata/data/pod-lifecycle/policy.rego:149: allow_by_anno 2: i_s_name = pod-lifecycle p_s_name = pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:175: allow_sandbox_name 1: start", "tests/kata/data/pod-lifecycle/policy.rego:179: allow_sandbox_name 1: true", "tests/kata/data/pod-lifecycle/policy.rego:182: allow_sandbox_name 2: start", "tests/kata/data/pod-lifecycle/policy.rego:158: allow_by_sandbox_name: start", "tests/kata/data/pod-lifecycle/policy.rego:164: allow_by_sandbox_name: p_namespace = default i_namespace = default", "tests/kata/data/pod-lifecycle/policy.rego:196: allow_by_container_types: checking io.kubernetes.cri.container-type", "tests/kata/data/pod-lifecycle/policy.rego:202: allow_by_container_types: p_cri_type = sandbox i_cri_type = sandbox", "tests/kata/data/pod-lifecycle/policy.rego:211: allow_by_container_type 1: i_cri_type = sandbox", "tests/kata/data/pod-lifecycle/policy.rego:215: allow_by_container_type 1: i_kata_type = pod_sandbox", "tests/kata/data/pod-lifecycle/policy.rego:242: allow_sandbox_container_name: start", "tests/kata/data/pod-lifecycle/policy.rego:258: container_annotation_missing: io.kubernetes.cri.container-name", "tests/kata/data/pod-lifecycle/policy.rego:263: container_annotation_missing: true", "tests/kata/data/pod-lifecycle/policy.rego:246: allow_sandbox_container_name: true", "tests/kata/data/pod-lifecycle/policy.rego:280: allow_sandbox_net_namespace: start", "tests/kata/data/pod-lifecycle/policy.rego:286: allow_sandbox_net_namespace: p_namespace = ^/var/run/netns/cni-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ i_namespace = /var/run/netns/cni-b894e817-0cf4-867e-21d1-af214f3a1a59", "tests/kata/data/pod-lifecycle/policy.rego:290: allow_sandbox_net_namespace: true", "tests/kata/data/pod-lifecycle/policy.rego:306: allow_sandbox_log_directory: start", "tests/kata/data/pod-lifecycle/policy.rego:313: allow_sandbox_log_directory: regex2 = ^/var/log/pods/default_pod-lifecycle_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", "tests/kata/data/pod-lifecycle/policy.rego:316: allow_sandbox_log_directory: i_dir = /var/log/pods/default_pod-lifecycle_078af1e8-328a-4f89-adfb-bae4455fbf50", "tests/kata/data/pod-lifecycle/policy.rego:320: allow_sandbox_log_directory: true", "tests/kata/data/pod-lifecycle/policy.rego:222: allow_by_container_type 1: true", "tests/kata/data/pod-lifecycle/policy.rego:226: allow_by_container_type 2: i_cri_type = sandbox", "tests/kata/data/pod-lifecycle/policy.rego:207: allow_by_container_types: true", "tests/kata/data/pod-lifecycle/policy.rego:436: allow_by_bundle_or_sandbox_id: start", "tests/kata/data/pod-lifecycle/policy.rego:446: allow_by_bundle_or_sandbox_id: sandbox_id = a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098 regex = ^[a-z0-9]{64}$", "tests/kata/data/pod-lifecycle/policy.rego:703: allow_root_path: i_path = /run/kata-containers/shared/containers/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098 p_path1 = $(cpath)/$(bundle-id)", "tests/kata/data/pod-lifecycle/policy.rego:706: allow_root_path: p_path2 = /run/kata-containers/shared/containers/$(bundle-id)", "tests/kata/data/pod-lifecycle/policy.rego:709: allow_root_path: p_path3 = /run/kata-containers/shared/containers/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098", "tests/kata/data/pod-lifecycle/policy.rego:713: allow_root_path: true", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = proc", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = proc", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= proc", "tests/kata/data/pod-lifecycle/policy.rego:775: mount_source_allows 3: source1 = proc", "tests/kata/data/pod-lifecycle/policy.rego:778: mount_source_allows 3: source2 = proc", "tests/kata/data/pod-lifecycle/policy.rego:781: mount_source_allows 3: source3 = proc", "tests/kata/data/pod-lifecycle/policy.rego:785: mount_source_allows 3: true", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = tmpfs", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = tmpfs", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= tmpfs", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = devpts", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = devpts", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= devpts", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = mqueue", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = mqueue", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= mqueue", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = sysfs", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = sysfs", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= sysfs", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = /run/kata-containers/sandbox/shm", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = /run/kata-containers/sandbox/shm", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/sandbox/shm", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"/run/kata-containers/shared/containers/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098-34d3b6116093e1e7-resolv.conf\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098-[a-z0-9]{16}-resolv.conf$", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-resolv.conf$", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098-34d3b6116093e1e7-resolv.conf", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:794: allow_storages: p_count = 2 i_count = 2", "tests/kata/data/pod-lifecycle/policy.rego:801: allow_storages: overlay_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\", \"817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:805: allow_storages: layer_ids = [\"5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\"]", "tests/kata/data/pod-lifecycle/policy.rego:808: allow_storages: root_hashes = [\"817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"]", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"], \"source\": \"0001:00:01.0\"}", "tests/kata/data/pod-lifecycle/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/pod-lifecycle/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/pod-lifecycle/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/pod-lifecycle/policy.rego:895: allow_storage_options 3: i = 0", "tests/kata/data/pod-lifecycle/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18", "tests/kata/data/pod-lifecycle/policy.rego:906: allow_storage_options 3: true", "tests/kata/data/pod-lifecycle/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/pod-lifecycle/policy.rego:955: allow_mount_point 1: i = 0", "tests/kata/data/pod-lifecycle/policy.rego:958: allow_mount_point 1: layer_id = 5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d", "tests/kata/data/pod-lifecycle/policy.rego:961: allow_mount_point 1: p_mount = /run/kata-containers/sandbox/layers/5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d", "tests/kata/data/pod-lifecycle/policy.rego:965: allow_mount_point 1: true", "tests/kata/data/pod-lifecycle/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/sandbox/layers/5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d", "tests/kata/data/pod-lifecycle/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1042: allow_direct_vol_driver 1: true", "tests/kata/data/pod-lifecycle/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1025: allow_mount_point 6: mount1 = $(layer0)", "tests/kata/data/pod-lifecycle/policy.rego:1028: allow_mount_point 6: mount2 = $(layer0)", "tests/kata/data/pod-lifecycle/policy.rego:1032: allow_mount_point 6: mount3 = $(layer0)", "tests/kata/data/pod-lifecycle/policy.rego:832: allow_storage: true", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\", \"817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"], \"source\": \"0001:00:01.0\"}", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=NWE1YWFkODAwNTVmZjIwMDEyYTUwZGMyNWY4ZGY3YTI5OTI0NDc0MzI0ZDY1ZjdkNTMwNmVlOGVlMjdmZjcxZCx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTgxNzI1MGYxYTNlMzM2ZGE3NmY1YmQzZmE3ODRlMWIyNmQ5NTliOWMxMzE4NzY4MTViYTI2MDQwNDhiNzBjMTg=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\"], \"source\": \"none\"}", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\", \"817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=NWE1YWFkODAwNTVmZjIwMDEyYTUwZGMyNWY4ZGY3YTI5OTI0NDc0MzI0ZDY1ZjdkNTMwNmVlOGVlMjdmZjcxZCx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTgxNzI1MGYxYTNlMzM2ZGE3NmY1YmQzZmE3ODRlMWIyNmQ5NTliOWMxMzE4NzY4MTViYTI2MDQwNDhiNzBjMTg=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\"], \"source\": \"none\"}", "tests/kata/data/pod-lifecycle/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/pod-lifecycle/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/pod-lifecycle/policy.rego:850: allow_storage_options 2: policy_ids = [\"5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\"]", "tests/kata/data/pod-lifecycle/policy.rego:854: allow_storage_options 2: policy_hashes = [\"817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"]", "tests/kata/data/pod-lifecycle/policy.rego:857: allow_storage_options 2: p_count = 1", "tests/kata/data/pod-lifecycle/policy.rego:862: allow_storage_options 2: i_count = 4", "tests/kata/data/pod-lifecycle/policy.rego:865: allow_storage_options 2: i_storage.options[0] = io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers", "tests/kata/data/pod-lifecycle/policy.rego:868: allow_storage_options 2: i_storage.options[i_count - 2] = io.katacontainers.fs-opt.overlay-rw", "tests/kata/data/pod-lifecycle/policy.rego:872: allow_storage_options 2: lowerdir = lowerdir=5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d", "tests/kata/data/pod-lifecycle/policy.rego:874: allow_storage_options 2: i_storage.options[i_count - 1] = lowerdir=5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d", "tests/kata/data/pod-lifecycle/policy.rego:929: allow_overlay_layer: policy_id = 5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d policy_hash = 817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18", "tests/kata/data/pod-lifecycle/policy.rego:930: allow_overlay_layer: i_option = io.katacontainers.fs-opt.layer=NWE1YWFkODAwNTVmZjIwMDEyYTUwZGMyNWY4ZGY3YTI5OTI0NDc0MzI0ZDY1ZjdkNTMwNmVlOGVlMjdmZjcxZCx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTgxNzI1MGYxYTNlMzM2ZGE3NmY1YmQzZmE3ODRlMWIyNmQ5NTliOWMxMzE4NzY4MTViYTI2MDQwNDhiNzBjMTg=", "tests/kata/data/pod-lifecycle/policy.rego:935: allow_overlay_layer: i_value_decoded = 5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18", "tests/kata/data/pod-lifecycle/policy.rego:939: allow_overlay_layer: p_value = 5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18", "tests/kata/data/pod-lifecycle/policy.rego:943: allow_overlay_layer: true", "tests/kata/data/pod-lifecycle/policy.rego:881: allow_storage_options 2: true", "tests/kata/data/pod-lifecycle/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/pod-lifecycle/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/pod-lifecycle/policy.rego:972: allow_mount_point 2: mount2 = /run/kata-containers/shared/containers/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098", "tests/kata/data/pod-lifecycle/policy.rego:976: allow_mount_point 2: true", "tests/kata/data/pod-lifecycle/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/shared/containers/a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098", "tests/kata/data/pod-lifecycle/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/pod-lifecycle/policy.rego:832: allow_storage: true", "tests/kata/data/pod-lifecycle/policy.rego:814: allow_storages: true", "tests/kata/data/pod-lifecycle/policy.rego:457: allow_by_bundle_or_sandbox_id: true", "tests/kata/data/pod-lifecycle/policy.rego:464: allow_process: i terminal = false p terminal = false", "tests/kata/data/pod-lifecycle/policy.rego:467: allow_process: i cwd = / i cwd = /", "tests/kata/data/pod-lifecycle/policy.rego:470: allow_process: i noNewPrivileges = true p noNewPrivileges = true", "tests/kata/data/pod-lifecycle/policy.rego:1052: allow_caps: policy Ambient = []", "tests/kata/data/pod-lifecycle/policy.rego:1053: allow_caps: input Ambient = []", "tests/kata/data/pod-lifecycle/policy.rego:1074: match_caps 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1078: match_caps 1: true", "tests/kata/data/pod-lifecycle/policy.rego:1081: match_caps 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1092: match_caps 3: start", "tests/kata/data/pod-lifecycle/policy.rego:1056: allow_caps: policy Bounding = [\"$(default_caps)\"]", "tests/kata/data/pod-lifecycle/policy.rego:1057: allow_caps: input Bounding = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1074: match_caps 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1081: match_caps 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1086: match_caps 2: default_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1089: match_caps 2: true", "tests/kata/data/pod-lifecycle/policy.rego:1092: match_caps 3: start", "tests/kata/data/pod-lifecycle/policy.rego:1060: allow_caps: policy Effective = [\"$(default_caps)\"]", "tests/kata/data/pod-lifecycle/policy.rego:1061: allow_caps: input Effective = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1074: match_caps 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1081: match_caps 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1086: match_caps 2: default_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1089: match_caps 2: true", "tests/kata/data/pod-lifecycle/policy.rego:1092: match_caps 3: start", "tests/kata/data/pod-lifecycle/policy.rego:1064: allow_caps: policy Inheritable = []", "tests/kata/data/pod-lifecycle/policy.rego:1065: allow_caps: input Inheritable = []", "tests/kata/data/pod-lifecycle/policy.rego:1074: match_caps 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1078: match_caps 1: true", "tests/kata/data/pod-lifecycle/policy.rego:1081: match_caps 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1092: match_caps 3: start", "tests/kata/data/pod-lifecycle/policy.rego:1068: allow_caps: policy Permitted = [\"$(default_caps)\"]", "tests/kata/data/pod-lifecycle/policy.rego:1069: allow_caps: input Permitted = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1074: match_caps 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1081: match_caps 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1086: match_caps 2: default_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1089: match_caps 2: true", "tests/kata/data/pod-lifecycle/policy.rego:1092: match_caps 3: start", "tests/kata/data/pod-lifecycle/policy.rego:485: allow_user: input uid = 65535 policy uid = 65535", "tests/kata/data/pod-lifecycle/policy.rego:499: allow_args 1: no args", "tests/kata/data/pod-lifecycle/policy.rego:507: allow_args 2: policy args = [\"/pause\"]", "tests/kata/data/pod-lifecycle/policy.rego:508: allow_args 2: input args = [\"/pause\"]", "tests/kata/data/pod-lifecycle/policy.rego:520: allow_arg 1: i = 0 i_arg = /pause p_arg = /pause", "tests/kata/data/pod-lifecycle/policy.rego:525: allow_arg 1: true", "tests/kata/data/pod-lifecycle/policy.rego:529: allow_arg 2: i = 0 i_arg = /pause p_arg = /pause", "tests/kata/data/pod-lifecycle/policy.rego:538: allow_arg 3: i = 0 i_arg = /pause p_arg = /pause", "tests/kata/data/pod-lifecycle/policy.rego:542: allow_arg 3: p_arg3 = /pause", "tests/kata/data/pod-lifecycle/policy.rego:545: allow_arg 3: true", "tests/kata/data/pod-lifecycle/policy.rego:516: allow_args 2: true", "tests/kata/data/pod-lifecycle/policy.rego:550: allow_env: p env = [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"]", "tests/kata/data/pod-lifecycle/policy.rego:551: allow_env: i env = [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"]", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:565: allow_var 1: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:576: allow_var 2: true", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:558: allow_env: true", "tests/kata/data/pod-lifecycle/policy.rego:478: allow_process: true", "tests/kata/data/pod-lifecycle/policy.rego:171: allow_by_sandbox_name: true", "tests/kata/data/pod-lifecycle/policy.rego:154: allow_by_anno 2: true", "tests/kata/data/pod-lifecycle/policy.rego:336: allow_linux: p namespaces = [{\"Path\": \"\", \"Type\": \"ipc\"}, {\"Path\": \"\", \"Type\": \"uts\"}, {\"Path\": \"\", \"Type\": \"mount\"}]", "tests/kata/data/pod-lifecycle/policy.rego:339: allow_linux: i namespaces = [{\"Path\": \"\", \"Type\": \"ipc\"}, {\"Path\": \"\", \"Type\": \"uts\"}, {\"Path\": \"\", \"Type\": \"mount\"}]", "tests/kata/data/pod-lifecycle/policy.rego:351: allow_masked_paths 1: p_paths = [\"/proc/acpi\", \"/proc/asound\", \"/proc/kcore\", \"/proc/keys\", \"/proc/latency_stats\", \"/proc/timer_list\", \"/proc/timer_stats\", \"/proc/sched_debug\", \"/sys/firmware\", \"/proc/scsi\"]", "tests/kata/data/pod-lifecycle/policy.rego:354: allow_masked_paths 1: i_paths = [\"/proc/acpi\", \"/proc/asound\", \"/proc/kcore\", \"/proc/keys\", \"/proc/latency_stats\", \"/proc/timer_list\", \"/proc/timer_stats\", \"/proc/sched_debug\", \"/sys/firmware\", \"/proc/scsi\"]", "tests/kata/data/pod-lifecycle/policy.rego:378: allow_masked_path: p_elem = /proc/acpi", "tests/kata/data/pod-lifecycle/policy.rego:383: allow_masked_path: true", "tests/kata/data/pod-lifecycle/policy.rego:378: allow_masked_path: p_elem = /proc/asound", "tests/kata/data/pod-lifecycle/policy.rego:383: allow_masked_path: true", "tests/kata/data/pod-lifecycle/policy.rego:378: allow_masked_path: p_elem = /proc/kcore", "tests/kata/data/pod-lifecycle/policy.rego:383: allow_masked_path: true", "tests/kata/data/pod-lifecycle/policy.rego:378: allow_masked_path: p_elem = /proc/keys", "tests/kata/data/pod-lifecycle/policy.rego:383: allow_masked_path: true", "tests/kata/data/pod-lifecycle/policy.rego:378: allow_masked_path: p_elem = /proc/latency_stats", "tests/kata/data/pod-lifecycle/policy.rego:383: allow_masked_path: true", "tests/kata/data/pod-lifecycle/policy.rego:378: allow_masked_path: p_elem = /proc/timer_list", "tests/kata/data/pod-lifecycle/policy.rego:383: allow_masked_path: true", "tests/kata/data/pod-lifecycle/policy.rego:378: allow_masked_path: p_elem = /proc/timer_stats", "tests/kata/data/pod-lifecycle/policy.rego:383: allow_masked_path: true", "tests/kata/data/pod-lifecycle/policy.rego:378: allow_masked_path: p_elem = /proc/sched_debug", "tests/kata/data/pod-lifecycle/policy.rego:383: allow_masked_path: true", "tests/kata/data/pod-lifecycle/policy.rego:378: allow_masked_path: p_elem = /sys/firmware", "tests/kata/data/pod-lifecycle/policy.rego:383: allow_masked_path: true", "tests/kata/data/pod-lifecycle/policy.rego:378: allow_masked_path: p_elem = /proc/scsi", "tests/kata/data/pod-lifecycle/policy.rego:383: allow_masked_path: true", "tests/kata/data/pod-lifecycle/policy.rego:358: allow_masked_paths 1: true", "tests/kata/data/pod-lifecycle/policy.rego:361: allow_masked_paths 2: start", "tests/kata/data/pod-lifecycle/policy.rego:388: allow_readonly_paths 1: p_paths = [\"/proc/bus\", \"/proc/fs\", \"/proc/irq\", \"/proc/sys\", \"/proc/sysrq-trigger\"]", "tests/kata/data/pod-lifecycle/policy.rego:391: allow_readonly_paths 1: i_paths = [\"/proc/bus\", \"/proc/fs\", \"/proc/irq\", \"/proc/sys\", \"/proc/sysrq-trigger\"]", "tests/kata/data/pod-lifecycle/policy.rego:417: allow_readonly_path 1: p_elem = /proc/bus", "tests/kata/data/pod-lifecycle/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/pod-lifecycle/policy.rego:425: allow_readonly_path 2: p_elem = /proc/bus", "tests/kata/data/pod-lifecycle/policy.rego:417: allow_readonly_path 1: p_elem = /proc/fs", "tests/kata/data/pod-lifecycle/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/pod-lifecycle/policy.rego:425: allow_readonly_path 2: p_elem = /proc/fs", "tests/kata/data/pod-lifecycle/policy.rego:417: allow_readonly_path 1: p_elem = /proc/irq", "tests/kata/data/pod-lifecycle/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/pod-lifecycle/policy.rego:425: allow_readonly_path 2: p_elem = /proc/irq", "tests/kata/data/pod-lifecycle/policy.rego:417: allow_readonly_path 1: p_elem = /proc/sys", "tests/kata/data/pod-lifecycle/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/pod-lifecycle/policy.rego:425: allow_readonly_path 2: p_elem = /proc/sys", "tests/kata/data/pod-lifecycle/policy.rego:417: allow_readonly_path 1: p_elem = /proc/sysrq-trigger", "tests/kata/data/pod-lifecycle/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/pod-lifecycle/policy.rego:425: allow_readonly_path 2: p_elem = /proc/sysrq-trigger", "tests/kata/data/pod-lifecycle/policy.rego:395: allow_readonly_paths 1: true", "tests/kata/data/pod-lifecycle/policy.rego:398: allow_readonly_paths 2: start", "tests/kata/data/pod-lifecycle/policy.rego:346: allow_linux: true", "tests/kata/data/pod-lifecycle/policy.rego:85: CreateContainerRequest: true", "tests/kata/data/pod-lifecycle/policy.rego:63: ======== CreateContainerRequest: trying next policy container", "tests/kata/data/pod-lifecycle/policy.rego:67: CreateContainerRequest: p_pidns = false i_pidns = false", "tests/kata/data/pod-lifecycle/policy.rego:72: CreateContainerRequest: p Version = 1.1.0-rc.1 i Version = 1.1.0-rc.1", "tests/kata/data/pod-lifecycle/policy.rego:75: CreateContainerRequest: p Readonly = false i Readonly = true" ], [], [], [], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-a5e55412d673d067-hosts", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-036d9af44f466fd3-termination-log", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-be4bb8149b1a22d4-hostname", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-cbb967c03ec60c27-resolv.conf", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount/..2024_05_08_18_12_07.1887069138", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount/..2024_05_08_18_12_07.1887069138/ca.crt", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount/..2024_05_08_18_12_07.1887069138/namespace", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount/..2024_05_08_18_12_07.1887069138/token", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount/..data", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ..2024_05_08_18_12_07.1887069138", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount/ca.crt", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ..data/ca.crt", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount/namespace", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ..data/namespace", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount/token", "tests/kata/data/pod-lifecycle/policy.rego:1117: check_symlink_source: i_src = ..data/token", "tests/kata/data/pod-lifecycle/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/pod-lifecycle/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/pod-lifecycle/policy.rego:56: CreateContainerRequest: i_oci.Hooks = null", "tests/kata/data/pod-lifecycle/policy.rego:59: CreateContainerRequest: i_oci.Linux.Seccomp = null", "tests/kata/data/pod-lifecycle/policy.rego:63: ======== CreateContainerRequest: trying next policy container", "tests/kata/data/pod-lifecycle/policy.rego:67: CreateContainerRequest: p_pidns = false i_pidns = false", "tests/kata/data/pod-lifecycle/policy.rego:72: CreateContainerRequest: p Version = 1.1.0-rc.1 i Version = 1.1.0-rc.1", "tests/kata/data/pod-lifecycle/policy.rego:75: CreateContainerRequest: p Readonly = true i Readonly = false", "tests/kata/data/pod-lifecycle/policy.rego:63: ======== CreateContainerRequest: trying next policy container", "tests/kata/data/pod-lifecycle/policy.rego:67: CreateContainerRequest: p_pidns = false i_pidns = false", "tests/kata/data/pod-lifecycle/policy.rego:72: CreateContainerRequest: p Version = 1.1.0-rc.1 i Version = 1.1.0-rc.1", "tests/kata/data/pod-lifecycle/policy.rego:75: CreateContainerRequest: p Readonly = false i Readonly = false", "tests/kata/data/pod-lifecycle/policy.rego:90: allow_anno 1: start", "tests/kata/data/pod-lifecycle/policy.rego:97: allow_anno 2: p Annotations = {\"io.katacontainers.pkg.oci.bundle_path\": \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/$(bundle-id)\", \"io.katacontainers.pkg.oci.container_type\": \"pod_container\", \"io.kubernetes.cri.container-name\": \"busybox\", \"io.kubernetes.cri.container-type\": \"container\", \"io.kubernetes.cri.image-name\": \"mcr.microsoft.com/aks/e2e/library-busybox:master.220314.1-linux-amd64\", \"io.kubernetes.cri.sandbox-id\": \"^[a-z0-9]{64}$\", \"io.kubernetes.cri.sandbox-name\": \"pod-lifecycle\", \"io.kubernetes.cri.sandbox-namespace\": \"default\"}", "tests/kata/data/pod-lifecycle/policy.rego:98: allow_anno 2: i Annotations = {\"io.katacontainers.pkg.oci.bundle_path\": \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67\", \"io.katacontainers.pkg.oci.container_type\": \"pod_container\", \"io.kubernetes.cri.container-name\": \"busybox\", \"io.kubernetes.cri.container-type\": \"container\", \"io.kubernetes.cri.image-name\": \"mcr.microsoft.com/aks/e2e/library-busybox:master.220314.1-linux-amd64\", \"io.kubernetes.cri.sandbox-id\": \"a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098\", \"io.kubernetes.cri.sandbox-name\": \"pod-lifecycle\", \"io.kubernetes.cri.sandbox-namespace\": \"default\", \"io.kubernetes.cri.sandbox-uid\": \"078af1e8-328a-4f89-adfb-bae4455fbf50\"}", "tests/kata/data/pod-lifecycle/policy.rego:101: allow_anno 2: i keys = {\"io.katacontainers.pkg.oci.bundle_path\", \"io.katacontainers.pkg.oci.container_type\", \"io.kubernetes.cri.container-name\", \"io.kubernetes.cri.container-type\", \"io.kubernetes.cri.image-name\", \"io.kubernetes.cri.sandbox-id\", \"io.kubernetes.cri.sandbox-name\", \"io.kubernetes.cri.sandbox-namespace\", \"io.kubernetes.cri.sandbox-uid\"}", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.katacontainers.pkg.oci.bundle_path", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.katacontainers.pkg.oci.bundle_path", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.katacontainers.pkg.oci.container_type", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.katacontainers.pkg.oci.container_type", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.container-name", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.container-name", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.container-type", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.container-type", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.image-name", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.image-name", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-id", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-id", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-name", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-name", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-namespace", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-namespace", "tests/kata/data/pod-lifecycle/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/pod-lifecycle/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-uid", "tests/kata/data/pod-lifecycle/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/pod-lifecycle/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-uid", "tests/kata/data/pod-lifecycle/policy.rego:107: allow_anno 2: true", "tests/kata/data/pod-lifecycle/policy.rego:129: allow_by_anno 1: start", "tests/kata/data/pod-lifecycle/policy.rego:143: allow_by_anno 2: start", "tests/kata/data/pod-lifecycle/policy.rego:149: allow_by_anno 2: i_s_name = pod-lifecycle p_s_name = pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:175: allow_sandbox_name 1: start", "tests/kata/data/pod-lifecycle/policy.rego:179: allow_sandbox_name 1: true", "tests/kata/data/pod-lifecycle/policy.rego:182: allow_sandbox_name 2: start", "tests/kata/data/pod-lifecycle/policy.rego:158: allow_by_sandbox_name: start", "tests/kata/data/pod-lifecycle/policy.rego:164: allow_by_sandbox_name: p_namespace = default i_namespace = default", "tests/kata/data/pod-lifecycle/policy.rego:196: allow_by_container_types: checking io.kubernetes.cri.container-type", "tests/kata/data/pod-lifecycle/policy.rego:202: allow_by_container_types: p_cri_type = container i_cri_type = container", "tests/kata/data/pod-lifecycle/policy.rego:211: allow_by_container_type 1: i_cri_type = container", "tests/kata/data/pod-lifecycle/policy.rego:226: allow_by_container_type 2: i_cri_type = container", "tests/kata/data/pod-lifecycle/policy.rego:230: allow_by_container_type 2: i_kata_type = pod_container", "tests/kata/data/pod-lifecycle/policy.rego:250: allow_container_name: start", "tests/kata/data/pod-lifecycle/policy.rego:267: allow_container_annotation: key = io.kubernetes.cri.container-name", "tests/kata/data/pod-lifecycle/policy.rego:271: allow_container_annotation: p_value = busybox i_value = busybox", "tests/kata/data/pod-lifecycle/policy.rego:275: allow_container_annotation: true", "tests/kata/data/pod-lifecycle/policy.rego:254: allow_container_name: true", "tests/kata/data/pod-lifecycle/policy.rego:294: allow_net_namespace: start", "tests/kata/data/pod-lifecycle/policy.rego:301: allow_net_namespace: true", "tests/kata/data/pod-lifecycle/policy.rego:324: allow_log_directory: start", "tests/kata/data/pod-lifecycle/policy.rego:331: allow_log_directory: true", "tests/kata/data/pod-lifecycle/policy.rego:237: allow_by_container_type 2: true", "tests/kata/data/pod-lifecycle/policy.rego:207: allow_by_container_types: true", "tests/kata/data/pod-lifecycle/policy.rego:436: allow_by_bundle_or_sandbox_id: start", "tests/kata/data/pod-lifecycle/policy.rego:446: allow_by_bundle_or_sandbox_id: sandbox_id = a3e5b029b23f8e3a63e5c231cf63688477a77f5036f249f722823eef73771098 regex = ^[a-z0-9]{64}$", "tests/kata/data/pod-lifecycle/policy.rego:703: allow_root_path: i_path = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67 p_path1 = $(cpath)/$(bundle-id)", "tests/kata/data/pod-lifecycle/policy.rego:706: allow_root_path: p_path2 = /run/kata-containers/shared/containers/$(bundle-id)", "tests/kata/data/pod-lifecycle/policy.rego:709: allow_root_path: p_path3 = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67", "tests/kata/data/pod-lifecycle/policy.rego:713: allow_root_path: true", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = proc", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = proc", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= proc", "tests/kata/data/pod-lifecycle/policy.rego:775: mount_source_allows 3: source1 = proc", "tests/kata/data/pod-lifecycle/policy.rego:778: mount_source_allows 3: source2 = proc", "tests/kata/data/pod-lifecycle/policy.rego:781: mount_source_allows 3: source3 = proc", "tests/kata/data/pod-lifecycle/policy.rego:785: mount_source_allows 3: true", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = tmpfs", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = tmpfs", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= tmpfs", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = devpts", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = devpts", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= devpts", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = mqueue", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = mqueue", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= mqueue", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = sysfs", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = sysfs", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= sysfs", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = cgroup", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = cgroup", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= cgroup", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-a5e55412d673d067-hosts\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-[a-z0-9]{16}-hosts$", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-hosts$", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-a5e55412d673d067-hosts", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-036d9af44f466fd3-termination-log\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-[a-z0-9]{16}-termination-log$", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-termination-log$", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-036d9af44f466fd3-termination-log", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-be4bb8149b1a22d4-hostname\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-[a-z0-9]{16}-hostname$", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-hostname$", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-be4bb8149b1a22d4-hostname", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-cbb967c03ec60c27-resolv.conf\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-[a-z0-9]{16}-resolv.conf$", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-resolv.conf$", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-cbb967c03ec60c27-resolv.conf", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:732: check_mount 1: true", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = /run/kata-containers/sandbox/shm", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = /run/kata-containers/sandbox/shm", "tests/kata/data/pod-lifecycle/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/sandbox/shm", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"rw\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"rw\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-[a-z0-9]{16}-serviceaccount$", "tests/kata/data/pod-lifecycle/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/pod-lifecycle/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-serviceaccount$", "tests/kata/data/pod-lifecycle/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67-5551049a2dcacf07-serviceaccount", "tests/kata/data/pod-lifecycle/policy.rego:741: check_mount 2: true", "tests/kata/data/pod-lifecycle/policy.rego:727: allow_mount: true", "tests/kata/data/pod-lifecycle/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/pod-lifecycle/policy.rego:794: allow_storages: p_count = 3 i_count = 3", "tests/kata/data/pod-lifecycle/policy.rego:801: allow_storages: overlay_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379:2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\", \"8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080:b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:805: allow_storages: layer_ids = [\"2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379\", \"2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\"]", "tests/kata/data/pod-lifecycle/policy.rego:808: allow_storages: root_hashes = [\"8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080\", \"b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f\"]", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080\"], \"source\": \"0001:00:02.0\"}", "tests/kata/data/pod-lifecycle/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/pod-lifecycle/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/pod-lifecycle/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/pod-lifecycle/policy.rego:895: allow_storage_options 3: i = 0", "tests/kata/data/pod-lifecycle/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080", "tests/kata/data/pod-lifecycle/policy.rego:906: allow_storage_options 3: true", "tests/kata/data/pod-lifecycle/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/pod-lifecycle/policy.rego:955: allow_mount_point 1: i = 0", "tests/kata/data/pod-lifecycle/policy.rego:958: allow_mount_point 1: layer_id = 2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379", "tests/kata/data/pod-lifecycle/policy.rego:961: allow_mount_point 1: p_mount = /run/kata-containers/sandbox/layers/2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379", "tests/kata/data/pod-lifecycle/policy.rego:965: allow_mount_point 1: true", "tests/kata/data/pod-lifecycle/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/sandbox/layers/2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379", "tests/kata/data/pod-lifecycle/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1042: allow_direct_vol_driver 1: true", "tests/kata/data/pod-lifecycle/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1025: allow_mount_point 6: mount1 = $(layer0)", "tests/kata/data/pod-lifecycle/policy.rego:1028: allow_mount_point 6: mount2 = $(layer0)", "tests/kata/data/pod-lifecycle/policy.rego:1032: allow_mount_point 6: mount3 = $(layer0)", "tests/kata/data/pod-lifecycle/policy.rego:832: allow_storage: true", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer1)\", \"options\": [\"$(hash1)\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080\"], \"source\": \"0001:00:02.0\"}", "tests/kata/data/pod-lifecycle/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/pod-lifecycle/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/pod-lifecycle/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/pod-lifecycle/policy.rego:895: allow_storage_options 3: i = 1", "tests/kata/data/pod-lifecycle/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f", "tests/kata/data/pod-lifecycle/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379:2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\", \"8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080:b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080\"], \"source\": \"0001:00:02.0\"}", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f\"], \"source\": \"0001:00:03.0\"}", "tests/kata/data/pod-lifecycle/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/pod-lifecycle/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/pod-lifecycle/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/pod-lifecycle/policy.rego:895: allow_storage_options 3: i = 0", "tests/kata/data/pod-lifecycle/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080", "tests/kata/data/pod-lifecycle/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer1)\", \"options\": [\"$(hash1)\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f\"], \"source\": \"0001:00:03.0\"}", "tests/kata/data/pod-lifecycle/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/pod-lifecycle/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/pod-lifecycle/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/pod-lifecycle/policy.rego:895: allow_storage_options 3: i = 1", "tests/kata/data/pod-lifecycle/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f", "tests/kata/data/pod-lifecycle/policy.rego:906: allow_storage_options 3: true", "tests/kata/data/pod-lifecycle/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/pod-lifecycle/policy.rego:955: allow_mount_point 1: i = 1", "tests/kata/data/pod-lifecycle/policy.rego:958: allow_mount_point 1: layer_id = 2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552", "tests/kata/data/pod-lifecycle/policy.rego:961: allow_mount_point 1: p_mount = /run/kata-containers/sandbox/layers/2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552", "tests/kata/data/pod-lifecycle/policy.rego:965: allow_mount_point 1: true", "tests/kata/data/pod-lifecycle/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/sandbox/layers/2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552", "tests/kata/data/pod-lifecycle/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1042: allow_direct_vol_driver 1: true", "tests/kata/data/pod-lifecycle/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1025: allow_mount_point 6: mount1 = $(layer1)", "tests/kata/data/pod-lifecycle/policy.rego:1028: allow_mount_point 6: mount2 = $(layer1)", "tests/kata/data/pod-lifecycle/policy.rego:1032: allow_mount_point 6: mount3 = $(layer1)", "tests/kata/data/pod-lifecycle/policy.rego:832: allow_storage: true", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379:2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\", \"8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080:b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f\"], \"source\": \"0001:00:03.0\"}", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=MmMzNDJhMTM3ZTY5M2M3ODk4YWVjMzZkYTEwNDdmMTkxZGM3YzE2ODdlNjYxOThhZGFjYzQzOWNmNGFkZjM3OSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTg1NjhjNzBjMGNjZmUwMDUxMDkyZTgxOGRhNzY5MTExYTU5ODgyY2QxOWRkNzk5ZDNiY2E1ZmZhODI3OTEwODA=\", \"io.katacontainers.fs-opt.layer=MjU3MGUzYTE5ZTFiZjIwZGRkYTQ1NDk4YTk2MjdmNjE1NTVkMmQ2YzAxNDc5YjliNzY0NjBiNjc5YjI3ZDU1Mix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWI2NDNiNjIxNzc0ODk4MzgzMGIyNmFjMTRhMzVhMzMyMmRkNTI4YzAwOTYzZWFhZGQ5MWVmNTVmNTEzZGM3M2Y=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379:2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\"], \"source\": \"none\"}", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer1)\", \"options\": [\"$(hash1)\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=MmMzNDJhMTM3ZTY5M2M3ODk4YWVjMzZkYTEwNDdmMTkxZGM3YzE2ODdlNjYxOThhZGFjYzQzOWNmNGFkZjM3OSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTg1NjhjNzBjMGNjZmUwMDUxMDkyZTgxOGRhNzY5MTExYTU5ODgyY2QxOWRkNzk5ZDNiY2E1ZmZhODI3OTEwODA=\", \"io.katacontainers.fs-opt.layer=MjU3MGUzYTE5ZTFiZjIwZGRkYTQ1NDk4YTk2MjdmNjE1NTVkMmQ2YzAxNDc5YjliNzY0NjBiNjc5YjI3ZDU1Mix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWI2NDNiNjIxNzc0ODk4MzgzMGIyNmFjMTRhMzVhMzMyMmRkNTI4YzAwOTYzZWFhZGQ5MWVmNTVmNTEzZGM3M2Y=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379:2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\"], \"source\": \"none\"}", "tests/kata/data/pod-lifecycle/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379:2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\", \"8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080:b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f\"], \"source\": \"\"}", "tests/kata/data/pod-lifecycle/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=MmMzNDJhMTM3ZTY5M2M3ODk4YWVjMzZkYTEwNDdmMTkxZGM3YzE2ODdlNjYxOThhZGFjYzQzOWNmNGFkZjM3OSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTg1NjhjNzBjMGNjZmUwMDUxMDkyZTgxOGRhNzY5MTExYTU5ODgyY2QxOWRkNzk5ZDNiY2E1ZmZhODI3OTEwODA=\", \"io.katacontainers.fs-opt.layer=MjU3MGUzYTE5ZTFiZjIwZGRkYTQ1NDk4YTk2MjdmNjE1NTVkMmQ2YzAxNDc5YjliNzY0NjBiNjc5YjI3ZDU1Mix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWI2NDNiNjIxNzc0ODk4MzgzMGIyNmFjMTRhMzVhMzMyMmRkNTI4YzAwOTYzZWFhZGQ5MWVmNTVmNTEzZGM3M2Y=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379:2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\"], \"source\": \"none\"}", "tests/kata/data/pod-lifecycle/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/pod-lifecycle/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/pod-lifecycle/policy.rego:850: allow_storage_options 2: policy_ids = [\"2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379\", \"2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552\"]", "tests/kata/data/pod-lifecycle/policy.rego:854: allow_storage_options 2: policy_hashes = [\"8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080\", \"b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f\"]", "tests/kata/data/pod-lifecycle/policy.rego:857: allow_storage_options 2: p_count = 2", "tests/kata/data/pod-lifecycle/policy.rego:862: allow_storage_options 2: i_count = 5", "tests/kata/data/pod-lifecycle/policy.rego:865: allow_storage_options 2: i_storage.options[0] = io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers", "tests/kata/data/pod-lifecycle/policy.rego:868: allow_storage_options 2: i_storage.options[i_count - 2] = io.katacontainers.fs-opt.overlay-rw", "tests/kata/data/pod-lifecycle/policy.rego:872: allow_storage_options 2: lowerdir = lowerdir=2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379:2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552", "tests/kata/data/pod-lifecycle/policy.rego:874: allow_storage_options 2: i_storage.options[i_count - 1] = lowerdir=2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379:2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552", "tests/kata/data/pod-lifecycle/policy.rego:929: allow_overlay_layer: policy_id = 2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379 policy_hash = 8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080", "tests/kata/data/pod-lifecycle/policy.rego:930: allow_overlay_layer: i_option = io.katacontainers.fs-opt.layer=MmMzNDJhMTM3ZTY5M2M3ODk4YWVjMzZkYTEwNDdmMTkxZGM3YzE2ODdlNjYxOThhZGFjYzQzOWNmNGFkZjM3OSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTg1NjhjNzBjMGNjZmUwMDUxMDkyZTgxOGRhNzY5MTExYTU5ODgyY2QxOWRkNzk5ZDNiY2E1ZmZhODI3OTEwODA=", "tests/kata/data/pod-lifecycle/policy.rego:935: allow_overlay_layer: i_value_decoded = 2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080", "tests/kata/data/pod-lifecycle/policy.rego:939: allow_overlay_layer: p_value = 2c342a137e693c7898aec36da1047f191dc7c1687e66198adacc439cf4adf379,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=8568c70c0ccfe0051092e818da769111a59882cd19dd799d3bca5ffa82791080", "tests/kata/data/pod-lifecycle/policy.rego:943: allow_overlay_layer: true", "tests/kata/data/pod-lifecycle/policy.rego:929: allow_overlay_layer: policy_id = 2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552 policy_hash = b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f", "tests/kata/data/pod-lifecycle/policy.rego:930: allow_overlay_layer: i_option = io.katacontainers.fs-opt.layer=MjU3MGUzYTE5ZTFiZjIwZGRkYTQ1NDk4YTk2MjdmNjE1NTVkMmQ2YzAxNDc5YjliNzY0NjBiNjc5YjI3ZDU1Mix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWI2NDNiNjIxNzc0ODk4MzgzMGIyNmFjMTRhMzVhMzMyMmRkNTI4YzAwOTYzZWFhZGQ5MWVmNTVmNTEzZGM3M2Y=", "tests/kata/data/pod-lifecycle/policy.rego:935: allow_overlay_layer: i_value_decoded = 2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f", "tests/kata/data/pod-lifecycle/policy.rego:939: allow_overlay_layer: p_value = 2570e3a19e1bf20ddda45498a9627f61555d2d6c01479b9b76460b679b27d552,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=b643b6217748983830b26ac14a35a3322dd528c00963eaadd91ef55f513dc73f", "tests/kata/data/pod-lifecycle/policy.rego:943: allow_overlay_layer: true", "tests/kata/data/pod-lifecycle/policy.rego:881: allow_storage_options 2: true", "tests/kata/data/pod-lifecycle/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/pod-lifecycle/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/pod-lifecycle/policy.rego:972: allow_mount_point 2: mount2 = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67", "tests/kata/data/pod-lifecycle/policy.rego:976: allow_mount_point 2: true", "tests/kata/data/pod-lifecycle/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/shared/containers/45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67", "tests/kata/data/pod-lifecycle/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/pod-lifecycle/policy.rego:832: allow_storage: true", "tests/kata/data/pod-lifecycle/policy.rego:814: allow_storages: true", "tests/kata/data/pod-lifecycle/policy.rego:457: allow_by_bundle_or_sandbox_id: true", "tests/kata/data/pod-lifecycle/policy.rego:464: allow_process: i terminal = false p terminal = false", "tests/kata/data/pod-lifecycle/policy.rego:467: allow_process: i cwd = / i cwd = /", "tests/kata/data/pod-lifecycle/policy.rego:470: allow_process: i noNewPrivileges = false p noNewPrivileges = false", "tests/kata/data/pod-lifecycle/policy.rego:1052: allow_caps: policy Ambient = []", "tests/kata/data/pod-lifecycle/policy.rego:1053: allow_caps: input Ambient = []", "tests/kata/data/pod-lifecycle/policy.rego:1074: match_caps 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1078: match_caps 1: true", "tests/kata/data/pod-lifecycle/policy.rego:1081: match_caps 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1092: match_caps 3: start", "tests/kata/data/pod-lifecycle/policy.rego:1056: allow_caps: policy Bounding = [\"$(privileged_caps)\"]", "tests/kata/data/pod-lifecycle/policy.rego:1057: allow_caps: input Bounding = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_DAC_READ_SEARCH\", \"CAP_FOWNER\", \"CAP_FSETID\", \"CAP_KILL\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETPCAP\", \"CAP_LINUX_IMMUTABLE\", \"CAP_NET_BIND_SERVICE\", \"CAP_NET_BROADCAST\", \"CAP_NET_ADMIN\", \"CAP_NET_RAW\", \"CAP_IPC_LOCK\", \"CAP_IPC_OWNER\", \"CAP_SYS_MODULE\", \"CAP_SYS_RAWIO\", \"CAP_SYS_CHROOT\", \"CAP_SYS_PTRACE\", \"CAP_SYS_PACCT\", \"CAP_SYS_ADMIN\", \"CAP_SYS_BOOT\", \"CAP_SYS_NICE\", \"CAP_SYS_RESOURCE\", \"CAP_SYS_TIME\", \"CAP_SYS_TTY_CONFIG\", \"CAP_MKNOD\", \"CAP_LEASE\", \"CAP_AUDIT_WRITE\", \"CAP_AUDIT_CONTROL\", \"CAP_SETFCAP\", \"CAP_MAC_OVERRIDE\", \"CAP_MAC_ADMIN\", \"CAP_SYSLOG\", \"CAP_WAKE_ALARM\", \"CAP_BLOCK_SUSPEND\", \"CAP_AUDIT_READ\", \"CAP_PERFMON\", \"CAP_BPF\", \"CAP_CHECKPOINT_RESTORE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1074: match_caps 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1081: match_caps 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1092: match_caps 3: start", "tests/kata/data/pod-lifecycle/policy.rego:1097: match_caps 3: privileged_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_DAC_READ_SEARCH\", \"CAP_FOWNER\", \"CAP_FSETID\", \"CAP_KILL\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETPCAP\", \"CAP_LINUX_IMMUTABLE\", \"CAP_NET_BIND_SERVICE\", \"CAP_NET_BROADCAST\", \"CAP_NET_ADMIN\", \"CAP_NET_RAW\", \"CAP_IPC_LOCK\", \"CAP_IPC_OWNER\", \"CAP_SYS_MODULE\", \"CAP_SYS_RAWIO\", \"CAP_SYS_CHROOT\", \"CAP_SYS_PTRACE\", \"CAP_SYS_PACCT\", \"CAP_SYS_ADMIN\", \"CAP_SYS_BOOT\", \"CAP_SYS_NICE\", \"CAP_SYS_RESOURCE\", \"CAP_SYS_TIME\", \"CAP_SYS_TTY_CONFIG\", \"CAP_MKNOD\", \"CAP_LEASE\", \"CAP_AUDIT_WRITE\", \"CAP_AUDIT_CONTROL\", \"CAP_SETFCAP\", \"CAP_MAC_OVERRIDE\", \"CAP_MAC_ADMIN\", \"CAP_SYSLOG\", \"CAP_WAKE_ALARM\", \"CAP_BLOCK_SUSPEND\", \"CAP_AUDIT_READ\", \"CAP_PERFMON\", \"CAP_BPF\", \"CAP_CHECKPOINT_RESTORE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1100: match_caps 3: true", "tests/kata/data/pod-lifecycle/policy.rego:1060: allow_caps: policy Effective = [\"$(privileged_caps)\"]", "tests/kata/data/pod-lifecycle/policy.rego:1061: allow_caps: input Effective = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_DAC_READ_SEARCH\", \"CAP_FOWNER\", \"CAP_FSETID\", \"CAP_KILL\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETPCAP\", \"CAP_LINUX_IMMUTABLE\", \"CAP_NET_BIND_SERVICE\", \"CAP_NET_BROADCAST\", \"CAP_NET_ADMIN\", \"CAP_NET_RAW\", \"CAP_IPC_LOCK\", \"CAP_IPC_OWNER\", \"CAP_SYS_MODULE\", \"CAP_SYS_RAWIO\", \"CAP_SYS_CHROOT\", \"CAP_SYS_PTRACE\", \"CAP_SYS_PACCT\", \"CAP_SYS_ADMIN\", \"CAP_SYS_BOOT\", \"CAP_SYS_NICE\", \"CAP_SYS_RESOURCE\", \"CAP_SYS_TIME\", \"CAP_SYS_TTY_CONFIG\", \"CAP_MKNOD\", \"CAP_LEASE\", \"CAP_AUDIT_WRITE\", \"CAP_AUDIT_CONTROL\", \"CAP_SETFCAP\", \"CAP_MAC_OVERRIDE\", \"CAP_MAC_ADMIN\", \"CAP_SYSLOG\", \"CAP_WAKE_ALARM\", \"CAP_BLOCK_SUSPEND\", \"CAP_AUDIT_READ\", \"CAP_PERFMON\", \"CAP_BPF\", \"CAP_CHECKPOINT_RESTORE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1074: match_caps 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1081: match_caps 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1092: match_caps 3: start", "tests/kata/data/pod-lifecycle/policy.rego:1097: match_caps 3: privileged_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_DAC_READ_SEARCH\", \"CAP_FOWNER\", \"CAP_FSETID\", \"CAP_KILL\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETPCAP\", \"CAP_LINUX_IMMUTABLE\", \"CAP_NET_BIND_SERVICE\", \"CAP_NET_BROADCAST\", \"CAP_NET_ADMIN\", \"CAP_NET_RAW\", \"CAP_IPC_LOCK\", \"CAP_IPC_OWNER\", \"CAP_SYS_MODULE\", \"CAP_SYS_RAWIO\", \"CAP_SYS_CHROOT\", \"CAP_SYS_PTRACE\", \"CAP_SYS_PACCT\", \"CAP_SYS_ADMIN\", \"CAP_SYS_BOOT\", \"CAP_SYS_NICE\", \"CAP_SYS_RESOURCE\", \"CAP_SYS_TIME\", \"CAP_SYS_TTY_CONFIG\", \"CAP_MKNOD\", \"CAP_LEASE\", \"CAP_AUDIT_WRITE\", \"CAP_AUDIT_CONTROL\", \"CAP_SETFCAP\", \"CAP_MAC_OVERRIDE\", \"CAP_MAC_ADMIN\", \"CAP_SYSLOG\", \"CAP_WAKE_ALARM\", \"CAP_BLOCK_SUSPEND\", \"CAP_AUDIT_READ\", \"CAP_PERFMON\", \"CAP_BPF\", \"CAP_CHECKPOINT_RESTORE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1100: match_caps 3: true", "tests/kata/data/pod-lifecycle/policy.rego:1064: allow_caps: policy Inheritable = []", "tests/kata/data/pod-lifecycle/policy.rego:1065: allow_caps: input Inheritable = []", "tests/kata/data/pod-lifecycle/policy.rego:1074: match_caps 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1078: match_caps 1: true", "tests/kata/data/pod-lifecycle/policy.rego:1081: match_caps 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1092: match_caps 3: start", "tests/kata/data/pod-lifecycle/policy.rego:1068: allow_caps: policy Permitted = [\"$(privileged_caps)\"]", "tests/kata/data/pod-lifecycle/policy.rego:1069: allow_caps: input Permitted = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_DAC_READ_SEARCH\", \"CAP_FOWNER\", \"CAP_FSETID\", \"CAP_KILL\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETPCAP\", \"CAP_LINUX_IMMUTABLE\", \"CAP_NET_BIND_SERVICE\", \"CAP_NET_BROADCAST\", \"CAP_NET_ADMIN\", \"CAP_NET_RAW\", \"CAP_IPC_LOCK\", \"CAP_IPC_OWNER\", \"CAP_SYS_MODULE\", \"CAP_SYS_RAWIO\", \"CAP_SYS_CHROOT\", \"CAP_SYS_PTRACE\", \"CAP_SYS_PACCT\", \"CAP_SYS_ADMIN\", \"CAP_SYS_BOOT\", \"CAP_SYS_NICE\", \"CAP_SYS_RESOURCE\", \"CAP_SYS_TIME\", \"CAP_SYS_TTY_CONFIG\", \"CAP_MKNOD\", \"CAP_LEASE\", \"CAP_AUDIT_WRITE\", \"CAP_AUDIT_CONTROL\", \"CAP_SETFCAP\", \"CAP_MAC_OVERRIDE\", \"CAP_MAC_ADMIN\", \"CAP_SYSLOG\", \"CAP_WAKE_ALARM\", \"CAP_BLOCK_SUSPEND\", \"CAP_AUDIT_READ\", \"CAP_PERFMON\", \"CAP_BPF\", \"CAP_CHECKPOINT_RESTORE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1074: match_caps 1: start", "tests/kata/data/pod-lifecycle/policy.rego:1081: match_caps 2: start", "tests/kata/data/pod-lifecycle/policy.rego:1092: match_caps 3: start", "tests/kata/data/pod-lifecycle/policy.rego:1097: match_caps 3: privileged_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_DAC_READ_SEARCH\", \"CAP_FOWNER\", \"CAP_FSETID\", \"CAP_KILL\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETPCAP\", \"CAP_LINUX_IMMUTABLE\", \"CAP_NET_BIND_SERVICE\", \"CAP_NET_BROADCAST\", \"CAP_NET_ADMIN\", \"CAP_NET_RAW\", \"CAP_IPC_LOCK\", \"CAP_IPC_OWNER\", \"CAP_SYS_MODULE\", \"CAP_SYS_RAWIO\", \"CAP_SYS_CHROOT\", \"CAP_SYS_PTRACE\", \"CAP_SYS_PACCT\", \"CAP_SYS_ADMIN\", \"CAP_SYS_BOOT\", \"CAP_SYS_NICE\", \"CAP_SYS_RESOURCE\", \"CAP_SYS_TIME\", \"CAP_SYS_TTY_CONFIG\", \"CAP_MKNOD\", \"CAP_LEASE\", \"CAP_AUDIT_WRITE\", \"CAP_AUDIT_CONTROL\", \"CAP_SETFCAP\", \"CAP_MAC_OVERRIDE\", \"CAP_MAC_ADMIN\", \"CAP_SYSLOG\", \"CAP_WAKE_ALARM\", \"CAP_BLOCK_SUSPEND\", \"CAP_AUDIT_READ\", \"CAP_PERFMON\", \"CAP_BPF\", \"CAP_CHECKPOINT_RESTORE\"]", "tests/kata/data/pod-lifecycle/policy.rego:1100: match_caps 3: true", "tests/kata/data/pod-lifecycle/policy.rego:485: allow_user: input uid = 0 policy uid = 0", "tests/kata/data/pod-lifecycle/policy.rego:499: allow_args 1: no args", "tests/kata/data/pod-lifecycle/policy.rego:507: allow_args 2: policy args = [\"/bin/sh\", \"-c\", \"while true; do echo $(sandbox-name); sleep 10; done\"]", "tests/kata/data/pod-lifecycle/policy.rego:508: allow_args 2: input args = [\"/bin/sh\", \"-c\", \"while true; do echo pod-lifecycle; sleep 10; done\"]", "tests/kata/data/pod-lifecycle/policy.rego:520: allow_arg 1: i = 0 i_arg = /bin/sh p_arg = /bin/sh", "tests/kata/data/pod-lifecycle/policy.rego:525: allow_arg 1: true", "tests/kata/data/pod-lifecycle/policy.rego:529: allow_arg 2: i = 0 i_arg = /bin/sh p_arg = /bin/sh", "tests/kata/data/pod-lifecycle/policy.rego:538: allow_arg 3: i = 0 i_arg = /bin/sh p_arg = /bin/sh", "tests/kata/data/pod-lifecycle/policy.rego:542: allow_arg 3: p_arg3 = /bin/sh", "tests/kata/data/pod-lifecycle/policy.rego:545: allow_arg 3: true", "tests/kata/data/pod-lifecycle/policy.rego:520: allow_arg 1: i = 1 i_arg = -c p_arg = -c", "tests/kata/data/pod-lifecycle/policy.rego:525: allow_arg 1: true", "tests/kata/data/pod-lifecycle/policy.rego:529: allow_arg 2: i = 1 i_arg = -c p_arg = -c", "tests/kata/data/pod-lifecycle/policy.rego:538: allow_arg 3: i = 1 i_arg = -c p_arg = -c", "tests/kata/data/pod-lifecycle/policy.rego:542: allow_arg 3: p_arg3 = -c", "tests/kata/data/pod-lifecycle/policy.rego:545: allow_arg 3: true", "tests/kata/data/pod-lifecycle/policy.rego:520: allow_arg 1: i = 2 i_arg = while true; do echo pod-lifecycle; sleep 10; done p_arg = while true; do echo $(sandbox-name); sleep 10; done", "tests/kata/data/pod-lifecycle/policy.rego:529: allow_arg 2: i = 2 i_arg = while true; do echo pod-lifecycle; sleep 10; done p_arg = while true; do echo $(sandbox-name); sleep 10; done", "tests/kata/data/pod-lifecycle/policy.rego:538: allow_arg 3: i = 2 i_arg = while true; do echo pod-lifecycle; sleep 10; done p_arg = while true; do echo $(sandbox-name); sleep 10; done", "tests/kata/data/pod-lifecycle/policy.rego:542: allow_arg 3: p_arg3 = while true; do echo pod-lifecycle; sleep 10; done", "tests/kata/data/pod-lifecycle/policy.rego:545: allow_arg 3: true", "tests/kata/data/pod-lifecycle/policy.rego:516: allow_args 2: true", "tests/kata/data/pod-lifecycle/policy.rego:550: allow_env: p env = [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\", \"HOSTNAME=$(host-name)\", \"POD_NAME=$(sandbox-name)\", \"POD_NAMESPACE=default\", \"POD_IP=$(pod-ip)\", \"SERVICE_ACCOUNT=default\", \"PROXY_CONFIG={}\\n\", \"ISTIO_META_POD_PORTS=[\\n]\", \"ISTIO_META_APP_CONTAINERS=serviceaclient\", \"ISTIO_META_CLUSTER_ID=Kubernetes\", \"ISTIO_META_NODE_NAME=$(node-name)\"]", "tests/kata/data/pod-lifecycle/policy.rego:551: allow_env: i env = [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\", \"HOSTNAME=pod-lifecycle\", \"POD_NAME=pod-lifecycle\", \"POD_IP=10.244.0.17\", \"SERVICE_ACCOUNT=default\", \"ISTIO_META_CLUSTER_ID=Kubernetes\", \"POD_NAMESPACE=default\", \"PROXY_CONFIG={}\\n\", \"ISTIO_META_POD_PORTS=[\\n]\", \"ISTIO_META_APP_CONTAINERS=serviceaclient\", \"ISTIO_META_NODE_NAME=aks-nodepool1-38464071-vmss000000\", \"KUBERNETES_SERVICE_HOST=10.0.0.1\", \"KUBERNETES_SERVICE_PORT=443\", \"KUBERNETES_SERVICE_PORT_HTTPS=443\", \"KUBERNETES_PORT=tcp://10.0.0.1:443\", \"KUBERNETES_PORT_443_TCP=tcp://10.0.0.1:443\", \"KUBERNETES_PORT_443_TCP_PROTO=tcp\", \"KUBERNETES_PORT_443_TCP_PORT=443\", \"KUBERNETES_PORT_443_TCP_ADDR=10.0.0.1\"]", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:565: allow_var 1: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:576: allow_var 2: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = HOSTNAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:590: allow_var 3: true", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:621: allow_var 5: true", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:576: allow_var 2: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = POD_IP=10.244.0.17", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = POD_NAME=$(sandbox-name)", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:664: allow_pod_ip_var: true", "tests/kata/data/pod-lifecycle/policy.rego:602: allow_var 4: true", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = POD_IP p_var = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = POD_NAME=$(sandbox-name)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = POD_IP p_var = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:565: allow_var 1: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:576: allow_var 2: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:565: allow_var 1: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:576: allow_var 2: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:565: allow_var 1: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:576: allow_var 2: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:565: allow_var 1: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:576: allow_var 2: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:565: allow_var 1: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:576: allow_var 2: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:565: allow_var 1: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:576: allow_var 2: true", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = ISTIO_META_NODE_NAME=aks-nodepool1-38464071-vmss000000", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:621: allow_var 5: true", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = KUBERNETES_SERVICE_HOST=10.0.0.1", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:590: allow_var 3: true", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = POD_NAME=$(sandbox-name)", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = POD_NAME=$(sandbox-name)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = KUBERNETES_SERVICE_PORT=443", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:590: allow_var 3: true", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = KUBERNETES_SERVICE_PORT_HTTPS=443", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:590: allow_var 3: true", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = KUBERNETES_PORT=tcp://10.0.0.1:443", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:590: allow_var 3: true", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = KUBERNETES_PORT_443_TCP=tcp://10.0.0.1:443", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:590: allow_var 3: true", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = KUBERNETES_PORT_443_TCP_PROTO=tcp", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:590: allow_var 3: true", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = KUBERNETES_PORT_443_TCP_PORT=443", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:590: allow_var 3: true", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:554: allow_env: i_var = KUBERNETES_PORT_443_TCP_ADDR=10.0.0.1", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAME=pod-lifecycle", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:573: allow_var 2: p_var2 = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:590: allow_var 3: true", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/pod-lifecycle/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = POD_NAME=$(sandbox-name)", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = HOSTNAME=$(host-name)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = POD_NAME=$(sandbox-name)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = POD_NAMESPACE=default", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = POD_IP=$(pod-ip)", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = SERVICE_ACCOUNT=default", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = PROXY_CONFIG={}\n", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = ISTIO_META_POD_PORTS=[\n]", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = ISTIO_META_APP_CONTAINERS=serviceaclient", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = ISTIO_META_CLUSTER_ID=Kubernetes", "tests/kata/data/pod-lifecycle/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = ISTIO_META_NODE_NAME=$(node-name)", "tests/kata/data/pod-lifecycle/policy.rego:558: allow_env: true", "tests/kata/data/pod-lifecycle/policy.rego:478: allow_process: true", "tests/kata/data/pod-lifecycle/policy.rego:171: allow_by_sandbox_name: true", "tests/kata/data/pod-lifecycle/policy.rego:154: allow_by_anno 2: true", "tests/kata/data/pod-lifecycle/policy.rego:336: allow_linux: p namespaces = [{\"Path\": \"\", \"Type\": \"ipc\"}, {\"Path\": \"\", \"Type\": \"uts\"}, {\"Path\": \"\", \"Type\": \"mount\"}]", "tests/kata/data/pod-lifecycle/policy.rego:339: allow_linux: i namespaces = [{\"Path\": \"\", \"Type\": \"ipc\"}, {\"Path\": \"\", \"Type\": \"uts\"}, {\"Path\": \"\", \"Type\": \"mount\"}]", "tests/kata/data/pod-lifecycle/policy.rego:351: allow_masked_paths 1: p_paths = []", "tests/kata/data/pod-lifecycle/policy.rego:354: allow_masked_paths 1: i_paths = []", "tests/kata/data/pod-lifecycle/policy.rego:358: allow_masked_paths 1: true", "tests/kata/data/pod-lifecycle/policy.rego:361: allow_masked_paths 2: start", "tests/kata/data/pod-lifecycle/policy.rego:388: allow_readonly_paths 1: p_paths = []", "tests/kata/data/pod-lifecycle/policy.rego:391: allow_readonly_paths 1: i_paths = []", "tests/kata/data/pod-lifecycle/policy.rego:395: allow_readonly_paths 1: true", "tests/kata/data/pod-lifecycle/policy.rego:398: allow_readonly_paths 2: start", "tests/kata/data/pod-lifecycle/policy.rego:346: allow_linux: true", "tests/kata/data/pod-lifecycle/policy.rego:85: CreateContainerRequest: true" ], [], [ "tests/kata/data/pod-lifecycle/policy.rego:1176: ExecProcessRequest 1: input = {\"container_id\": \"45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67\", \"exec_id\": \"9de547dd-0cad-42b6-a830-e00c297226bf\", \"process\": {\"ApparmorProfile\": \"\", \"Args\": [\"echo\", \"hello from postStart hook\"], \"Capabilities\": null, \"ConsoleSize\": null, \"Cwd\": \"/\", \"Env\": [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\", \"HOSTNAME=pod-lifecycle\", \"POD_NAME=pod-lifecycle\", \"POD_IP=10.244.0.17\", \"SERVICE_ACCOUNT=default\", \"ISTIO_META_CLUSTER_ID=Kubernetes\", \"POD_NAMESPACE=default\", \"PROXY_CONFIG={}\\n\", \"ISTIO_META_POD_PORTS=[\\n]\", \"ISTIO_META_APP_CONTAINERS=serviceaclient\", \"ISTIO_META_NODE_NAME=aks-nodepool1-38464071-vmss000000\", \"KUBERNETES_SERVICE_HOST=10.0.0.1\", \"KUBERNETES_SERVICE_PORT=443\", \"KUBERNETES_SERVICE_PORT_HTTPS=443\", \"KUBERNETES_PORT=tcp://10.0.0.1:443\", \"KUBERNETES_PORT_443_TCP=tcp://10.0.0.1:443\", \"KUBERNETES_PORT_443_TCP_PROTO=tcp\", \"KUBERNETES_PORT_443_TCP_PORT=443\", \"KUBERNETES_PORT_443_TCP_ADDR=10.0.0.1\"], \"NoNewPrivileges\": false, \"OOMScoreAdj\": 0, \"Rlimits\": [], \"SelinuxLabel\": \"\", \"Terminal\": false, \"User\": {\"AdditionalGids\": [0, 10], \"GID\": 0, \"UID\": 0, \"Username\": \"\"}}, \"string_user\": null}", "tests/kata/data/pod-lifecycle/policy.rego:1179: ExecProcessRequest 1: i_command = echo hello from postStart hook", "tests/kata/data/pod-lifecycle/policy.rego:1188: ExecProcessRequest 2: input = {\"container_id\": \"45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67\", \"exec_id\": \"9de547dd-0cad-42b6-a830-e00c297226bf\", \"process\": {\"ApparmorProfile\": \"\", \"Args\": [\"echo\", \"hello from postStart hook\"], \"Capabilities\": null, \"ConsoleSize\": null, \"Cwd\": \"/\", \"Env\": [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\", \"HOSTNAME=pod-lifecycle\", \"POD_NAME=pod-lifecycle\", \"POD_IP=10.244.0.17\", \"SERVICE_ACCOUNT=default\", \"ISTIO_META_CLUSTER_ID=Kubernetes\", \"POD_NAMESPACE=default\", \"PROXY_CONFIG={}\\n\", \"ISTIO_META_POD_PORTS=[\\n]\", \"ISTIO_META_APP_CONTAINERS=serviceaclient\", \"ISTIO_META_NODE_NAME=aks-nodepool1-38464071-vmss000000\", \"KUBERNETES_SERVICE_HOST=10.0.0.1\", \"KUBERNETES_SERVICE_PORT=443\", \"KUBERNETES_SERVICE_PORT_HTTPS=443\", \"KUBERNETES_PORT=tcp://10.0.0.1:443\", \"KUBERNETES_PORT_443_TCP=tcp://10.0.0.1:443\", \"KUBERNETES_PORT_443_TCP_PROTO=tcp\", \"KUBERNETES_PORT_443_TCP_PORT=443\", \"KUBERNETES_PORT_443_TCP_ADDR=10.0.0.1\"], \"NoNewPrivileges\": false, \"OOMScoreAdj\": 0, \"Rlimits\": [], \"SelinuxLabel\": \"\", \"Terminal\": false, \"User\": {\"AdditionalGids\": [0, 10], \"GID\": 0, \"UID\": 0, \"Username\": \"\"}}, \"string_user\": null}", "tests/kata/data/pod-lifecycle/policy.rego:1192: ExecProcessRequest 3: i_command = echo hello from postStart hook", "tests/kata/data/pod-lifecycle/policy.rego:1196: ExecProcessRequest 2: p_command = echo hello from postStart hook", "tests/kata/data/pod-lifecycle/policy.rego:1201: ExecProcessRequest 2: true", "tests/kata/data/pod-lifecycle/policy.rego:1204: ExecProcessRequest 3: input = {\"container_id\": \"45bd74c304beec46aa5a433009e3ab6703d7995c37154ebe6a0d859924ebdf67\", \"exec_id\": \"9de547dd-0cad-42b6-a830-e00c297226bf\", \"process\": {\"ApparmorProfile\": \"\", \"Args\": [\"echo\", \"hello from postStart hook\"], \"Capabilities\": null, \"ConsoleSize\": null, \"Cwd\": \"/\", \"Env\": [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\", \"HOSTNAME=pod-lifecycle\", \"POD_NAME=pod-lifecycle\", \"POD_IP=10.244.0.17\", \"SERVICE_ACCOUNT=default\", \"ISTIO_META_CLUSTER_ID=Kubernetes\", \"POD_NAMESPACE=default\", \"PROXY_CONFIG={}\\n\", \"ISTIO_META_POD_PORTS=[\\n]\", \"ISTIO_META_APP_CONTAINERS=serviceaclient\", \"ISTIO_META_NODE_NAME=aks-nodepool1-38464071-vmss000000\", \"KUBERNETES_SERVICE_HOST=10.0.0.1\", \"KUBERNETES_SERVICE_PORT=443\", \"KUBERNETES_SERVICE_PORT_HTTPS=443\", \"KUBERNETES_PORT=tcp://10.0.0.1:443\", \"KUBERNETES_PORT_443_TCP=tcp://10.0.0.1:443\", \"KUBERNETES_PORT_443_TCP_PROTO=tcp\", \"KUBERNETES_PORT_443_TCP_PORT=443\", \"KUBERNETES_PORT_443_TCP_ADDR=10.0.0.1\"], \"NoNewPrivileges\": false, \"OOMScoreAdj\": 0, \"Rlimits\": [], \"SelinuxLabel\": \"\", \"Terminal\": false, \"User\": {\"AdditionalGids\": [0, 10], \"GID\": 0, \"UID\": 0, \"Username\": \"\"}}, \"string_user\": null}", "tests/kata/data/pod-lifecycle/policy.rego:1207: ExecProcessRequest 3: i_command = echo hello from postStart hook" ], [] ]