[ [], [], [], [ "tests/kata/data/web/policy.rego:1162: CreateSandboxRequest: input.guest_hook_path = ", "tests/kata/data/web/policy.rego:1165: CreateSandboxRequest: input.kernel_modules = []", "tests/kata/data/web/policy.rego:1169: CreateSandboxRequest: i_pidns = false", "tests/kata/data/web/policy.rego:1124: allow_sandbox_storages: i_storages = [{\"driver\": \"ephemeral\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tmpfs\", \"mount_point\": \"/run/kata-containers/sandbox/shm\", \"options\": [\"noexec\", \"nosuid\", \"nodev\", \"mode=1777\", \"size=67108864\"], \"source\": \"shm\"}]", "tests/kata/data/web/policy.rego:1135: allow_sandbox_storage: i_storage = {\"driver\": \"ephemeral\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tmpfs\", \"mount_point\": \"/run/kata-containers/sandbox/shm\", \"options\": [\"noexec\", \"nosuid\", \"nodev\", \"mode=1777\", \"size=67108864\"], \"source\": \"shm\"}", "tests/kata/data/web/policy.rego:1138: allow_sandbox_storage: p_storage = {\"driver\": \"ephemeral\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tmpfs\", \"mount_point\": \"/run/kata-containers/sandbox/shm\", \"options\": [\"noexec\", \"nosuid\", \"nodev\", \"mode=1777\", \"size=67108864\"], \"source\": \"shm\"}", "tests/kata/data/web/policy.rego:1141: allow_sandbox_storage: true", "tests/kata/data/web/policy.rego:1131: allow_sandbox_storages: true" ], [], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b-f0e92b7f714aa203-resolv.conf", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:56: CreateContainerRequest: i_oci.Hooks = null", "tests/kata/data/web/policy.rego:59: CreateContainerRequest: i_oci.Linux.Seccomp = null", "tests/kata/data/web/policy.rego:63: ======== CreateContainerRequest: trying next policy container", "tests/kata/data/web/policy.rego:67: CreateContainerRequest: p_pidns = false i_pidns = false", "tests/kata/data/web/policy.rego:72: CreateContainerRequest: p Version = 1.1.0-rc.1 i Version = 1.1.0-rc.1", "tests/kata/data/web/policy.rego:75: CreateContainerRequest: p Readonly = true i Readonly = true", "tests/kata/data/web/policy.rego:90: allow_anno 1: start", "tests/kata/data/web/policy.rego:97: allow_anno 2: p Annotations = {\"io.katacontainers.pkg.oci.bundle_path\": \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/$(bundle-id)\", \"io.katacontainers.pkg.oci.container_type\": \"pod_sandbox\", \"io.kubernetes.cri.container-type\": \"sandbox\", \"io.kubernetes.cri.sandbox-id\": \"^[a-z0-9]{64}$\", \"io.kubernetes.cri.sandbox-log-directory\": \"^/var/log/pods/$(sandbox-namespace)_$(sandbox-name)_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$\", \"io.kubernetes.cri.sandbox-namespace\": \"default\", \"nerdctl/network-namespace\": \"^/var/run/netns/cni-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$\"}", "tests/kata/data/web/policy.rego:98: allow_anno 2: i Annotations = {\"io.katacontainers.pkg.oci.bundle_path\": \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b\", \"io.katacontainers.pkg.oci.container_type\": \"pod_sandbox\", \"io.kubernetes.cri.container-type\": \"sandbox\", \"io.kubernetes.cri.sandbox-cpu-period\": \"100000\", \"io.kubernetes.cri.sandbox-cpu-quota\": \"0\", \"io.kubernetes.cri.sandbox-cpu-shares\": \"2\", \"io.kubernetes.cri.sandbox-id\": \"bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b\", \"io.kubernetes.cri.sandbox-log-directory\": \"/var/log/pods/default_web-0_a03a12a9-f2d5-4b92-952c-c47f68f7b795\", \"io.kubernetes.cri.sandbox-memory\": \"0\", \"io.kubernetes.cri.sandbox-name\": \"web-0\", \"io.kubernetes.cri.sandbox-namespace\": \"default\", \"io.kubernetes.cri.sandbox-uid\": \"a03a12a9-f2d5-4b92-952c-c47f68f7b795\", \"nerdctl/network-namespace\": \"/var/run/netns/cni-441c0e6e-9425-52fd-473b-ffaf8eec9643\"}", "tests/kata/data/web/policy.rego:101: allow_anno 2: i keys = {\"io.katacontainers.pkg.oci.bundle_path\", \"io.katacontainers.pkg.oci.container_type\", \"io.kubernetes.cri.container-type\", \"io.kubernetes.cri.sandbox-cpu-period\", \"io.kubernetes.cri.sandbox-cpu-quota\", \"io.kubernetes.cri.sandbox-cpu-shares\", \"io.kubernetes.cri.sandbox-id\", \"io.kubernetes.cri.sandbox-log-directory\", \"io.kubernetes.cri.sandbox-memory\", \"io.kubernetes.cri.sandbox-name\", \"io.kubernetes.cri.sandbox-namespace\", \"io.kubernetes.cri.sandbox-uid\", \"nerdctl/network-namespace\"}", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.katacontainers.pkg.oci.bundle_path", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.katacontainers.pkg.oci.bundle_path", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.katacontainers.pkg.oci.container_type", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.katacontainers.pkg.oci.container_type", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.container-type", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.container-type", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-cpu-period", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-cpu-period", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-cpu-quota", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-cpu-quota", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-cpu-shares", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-cpu-shares", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-id", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-id", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-log-directory", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-log-directory", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-memory", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-memory", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-name", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-name", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-namespace", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-namespace", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-uid", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-uid", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = nerdctl/network-namespace", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = nerdctl/network-namespace", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:107: allow_anno 2: true", "tests/kata/data/web/policy.rego:129: allow_by_anno 1: start", "tests/kata/data/web/policy.rego:136: allow_by_anno 1: i_s_name = web-0", "tests/kata/data/web/policy.rego:158: allow_by_sandbox_name: start", "tests/kata/data/web/policy.rego:164: allow_by_sandbox_name: p_namespace = default i_namespace = default", "tests/kata/data/web/policy.rego:196: allow_by_container_types: checking io.kubernetes.cri.container-type", "tests/kata/data/web/policy.rego:202: allow_by_container_types: p_cri_type = sandbox i_cri_type = sandbox", "tests/kata/data/web/policy.rego:211: allow_by_container_type 1: i_cri_type = sandbox", "tests/kata/data/web/policy.rego:215: allow_by_container_type 1: i_kata_type = pod_sandbox", "tests/kata/data/web/policy.rego:242: allow_sandbox_container_name: start", "tests/kata/data/web/policy.rego:258: container_annotation_missing: io.kubernetes.cri.container-name", "tests/kata/data/web/policy.rego:263: container_annotation_missing: true", "tests/kata/data/web/policy.rego:246: allow_sandbox_container_name: true", "tests/kata/data/web/policy.rego:280: allow_sandbox_net_namespace: start", "tests/kata/data/web/policy.rego:286: allow_sandbox_net_namespace: p_namespace = ^/var/run/netns/cni-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ i_namespace = /var/run/netns/cni-441c0e6e-9425-52fd-473b-ffaf8eec9643", "tests/kata/data/web/policy.rego:290: allow_sandbox_net_namespace: true", "tests/kata/data/web/policy.rego:306: allow_sandbox_log_directory: start", "tests/kata/data/web/policy.rego:313: allow_sandbox_log_directory: regex2 = ^/var/log/pods/default_web-0_[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", "tests/kata/data/web/policy.rego:316: allow_sandbox_log_directory: i_dir = /var/log/pods/default_web-0_a03a12a9-f2d5-4b92-952c-c47f68f7b795", "tests/kata/data/web/policy.rego:320: allow_sandbox_log_directory: true", "tests/kata/data/web/policy.rego:222: allow_by_container_type 1: true", "tests/kata/data/web/policy.rego:226: allow_by_container_type 2: i_cri_type = sandbox", "tests/kata/data/web/policy.rego:207: allow_by_container_types: true", "tests/kata/data/web/policy.rego:436: allow_by_bundle_or_sandbox_id: start", "tests/kata/data/web/policy.rego:446: allow_by_bundle_or_sandbox_id: sandbox_id = bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b regex = ^[a-z0-9]{64}$", "tests/kata/data/web/policy.rego:703: allow_root_path: i_path = /run/kata-containers/shared/containers/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b p_path1 = $(cpath)/$(bundle-id)", "tests/kata/data/web/policy.rego:706: allow_root_path: p_path2 = /run/kata-containers/shared/containers/$(bundle-id)", "tests/kata/data/web/policy.rego:709: allow_root_path: p_path3 = /run/kata-containers/shared/containers/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b", "tests/kata/data/web/policy.rego:713: allow_root_path: true", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = proc", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = proc", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= proc", "tests/kata/data/web/policy.rego:775: mount_source_allows 3: source1 = proc", "tests/kata/data/web/policy.rego:778: mount_source_allows 3: source2 = proc", "tests/kata/data/web/policy.rego:781: mount_source_allows 3: source3 = proc", "tests/kata/data/web/policy.rego:785: mount_source_allows 3: true", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = tmpfs", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = tmpfs", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= tmpfs", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = devpts", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = devpts", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= devpts", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = mqueue", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = mqueue", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= mqueue", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = sysfs", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = sysfs", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= sysfs", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = /run/kata-containers/sandbox/shm", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = /run/kata-containers/sandbox/shm", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/sandbox/shm", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"/run/kata-containers/shared/containers/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b-f0e92b7f714aa203-resolv.conf\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"ro\", \"nosuid\", \"nodev\", \"noexec\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b-[a-z0-9]{16}-resolv.conf$", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-resolv.conf$", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b-f0e92b7f714aa203-resolv.conf", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:794: allow_storages: p_count = 2 i_count = 2", "tests/kata/data/web/policy.rego:801: allow_storages: overlay_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\", \"817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:805: allow_storages: layer_ids = [\"5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\"]", "tests/kata/data/web/policy.rego:808: allow_storages: root_hashes = [\"817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"]", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"], \"source\": \"0001:00:01.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 0", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18", "tests/kata/data/web/policy.rego:906: allow_storage_options 3: true", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:955: allow_mount_point 1: i = 0", "tests/kata/data/web/policy.rego:958: allow_mount_point 1: layer_id = 5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d", "tests/kata/data/web/policy.rego:961: allow_mount_point 1: p_mount = /run/kata-containers/sandbox/layers/5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d", "tests/kata/data/web/policy.rego:965: allow_mount_point 1: true", "tests/kata/data/web/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/sandbox/layers/5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d", "tests/kata/data/web/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/web/policy.rego:1042: allow_direct_vol_driver 1: true", "tests/kata/data/web/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/web/policy.rego:1025: allow_mount_point 6: mount1 = $(layer0)", "tests/kata/data/web/policy.rego:1028: allow_mount_point 6: mount2 = $(layer0)", "tests/kata/data/web/policy.rego:1032: allow_mount_point 6: mount3 = $(layer0)", "tests/kata/data/web/policy.rego:832: allow_storage: true", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\", \"817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"], \"source\": \"0001:00:01.0\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=NWE1YWFkODAwNTVmZjIwMDEyYTUwZGMyNWY4ZGY3YTI5OTI0NDc0MzI0ZDY1ZjdkNTMwNmVlOGVlMjdmZjcxZCx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTgxNzI1MGYxYTNlMzM2ZGE3NmY1YmQzZmE3ODRlMWIyNmQ5NTliOWMxMzE4NzY4MTViYTI2MDQwNDhiNzBjMTg=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\"], \"source\": \"none\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\", \"817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=NWE1YWFkODAwNTVmZjIwMDEyYTUwZGMyNWY4ZGY3YTI5OTI0NDc0MzI0ZDY1ZjdkNTMwNmVlOGVlMjdmZjcxZCx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTgxNzI1MGYxYTNlMzM2ZGE3NmY1YmQzZmE3ODRlMWIyNmQ5NTliOWMxMzE4NzY4MTViYTI2MDQwNDhiNzBjMTg=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\"], \"source\": \"none\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:850: allow_storage_options 2: policy_ids = [\"5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d\"]", "tests/kata/data/web/policy.rego:854: allow_storage_options 2: policy_hashes = [\"817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18\"]", "tests/kata/data/web/policy.rego:857: allow_storage_options 2: p_count = 1", "tests/kata/data/web/policy.rego:862: allow_storage_options 2: i_count = 4", "tests/kata/data/web/policy.rego:865: allow_storage_options 2: i_storage.options[0] = io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers", "tests/kata/data/web/policy.rego:868: allow_storage_options 2: i_storage.options[i_count - 2] = io.katacontainers.fs-opt.overlay-rw", "tests/kata/data/web/policy.rego:872: allow_storage_options 2: lowerdir = lowerdir=5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d", "tests/kata/data/web/policy.rego:874: allow_storage_options 2: i_storage.options[i_count - 1] = lowerdir=5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d", "tests/kata/data/web/policy.rego:929: allow_overlay_layer: policy_id = 5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d policy_hash = 817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18", "tests/kata/data/web/policy.rego:930: allow_overlay_layer: i_option = io.katacontainers.fs-opt.layer=NWE1YWFkODAwNTVmZjIwMDEyYTUwZGMyNWY4ZGY3YTI5OTI0NDc0MzI0ZDY1ZjdkNTMwNmVlOGVlMjdmZjcxZCx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTgxNzI1MGYxYTNlMzM2ZGE3NmY1YmQzZmE3ODRlMWIyNmQ5NTliOWMxMzE4NzY4MTViYTI2MDQwNDhiNzBjMTg=", "tests/kata/data/web/policy.rego:935: allow_overlay_layer: i_value_decoded = 5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18", "tests/kata/data/web/policy.rego:939: allow_overlay_layer: p_value = 5a5aad80055ff20012a50dc25f8df7a29924474324d65f7d5306ee8ee27ff71d,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=817250f1a3e336da76f5bd3fa784e1b26d959b9c131876815ba2604048b70c18", "tests/kata/data/web/policy.rego:943: allow_overlay_layer: true", "tests/kata/data/web/policy.rego:881: allow_storage_options 2: true", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:972: allow_mount_point 2: mount2 = /run/kata-containers/shared/containers/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b", "tests/kata/data/web/policy.rego:976: allow_mount_point 2: true", "tests/kata/data/web/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/shared/containers/bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b", "tests/kata/data/web/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/web/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/web/policy.rego:832: allow_storage: true", "tests/kata/data/web/policy.rego:814: allow_storages: true", "tests/kata/data/web/policy.rego:457: allow_by_bundle_or_sandbox_id: true", "tests/kata/data/web/policy.rego:464: allow_process: i terminal = false p terminal = false", "tests/kata/data/web/policy.rego:467: allow_process: i cwd = / i cwd = /", "tests/kata/data/web/policy.rego:470: allow_process: i noNewPrivileges = true p noNewPrivileges = true", "tests/kata/data/web/policy.rego:1052: allow_caps: policy Ambient = []", "tests/kata/data/web/policy.rego:1053: allow_caps: input Ambient = []", "tests/kata/data/web/policy.rego:1074: match_caps 1: start", "tests/kata/data/web/policy.rego:1078: match_caps 1: true", "tests/kata/data/web/policy.rego:1081: match_caps 2: start", "tests/kata/data/web/policy.rego:1092: match_caps 3: start", "tests/kata/data/web/policy.rego:1056: allow_caps: policy Bounding = [\"$(default_caps)\"]", "tests/kata/data/web/policy.rego:1057: allow_caps: input Bounding = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1074: match_caps 1: start", "tests/kata/data/web/policy.rego:1081: match_caps 2: start", "tests/kata/data/web/policy.rego:1086: match_caps 2: default_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1089: match_caps 2: true", "tests/kata/data/web/policy.rego:1092: match_caps 3: start", "tests/kata/data/web/policy.rego:1060: allow_caps: policy Effective = [\"$(default_caps)\"]", "tests/kata/data/web/policy.rego:1061: allow_caps: input Effective = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1074: match_caps 1: start", "tests/kata/data/web/policy.rego:1081: match_caps 2: start", "tests/kata/data/web/policy.rego:1086: match_caps 2: default_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1089: match_caps 2: true", "tests/kata/data/web/policy.rego:1092: match_caps 3: start", "tests/kata/data/web/policy.rego:1064: allow_caps: policy Inheritable = []", "tests/kata/data/web/policy.rego:1065: allow_caps: input Inheritable = []", "tests/kata/data/web/policy.rego:1074: match_caps 1: start", "tests/kata/data/web/policy.rego:1078: match_caps 1: true", "tests/kata/data/web/policy.rego:1081: match_caps 2: start", "tests/kata/data/web/policy.rego:1092: match_caps 3: start", "tests/kata/data/web/policy.rego:1068: allow_caps: policy Permitted = [\"$(default_caps)\"]", "tests/kata/data/web/policy.rego:1069: allow_caps: input Permitted = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1074: match_caps 1: start", "tests/kata/data/web/policy.rego:1081: match_caps 2: start", "tests/kata/data/web/policy.rego:1086: match_caps 2: default_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1089: match_caps 2: true", "tests/kata/data/web/policy.rego:1092: match_caps 3: start", "tests/kata/data/web/policy.rego:485: allow_user: input uid = 65535 policy uid = 65535", "tests/kata/data/web/policy.rego:499: allow_args 1: no args", "tests/kata/data/web/policy.rego:507: allow_args 2: policy args = [\"/pause\"]", "tests/kata/data/web/policy.rego:508: allow_args 2: input args = [\"/pause\"]", "tests/kata/data/web/policy.rego:520: allow_arg 1: i = 0 i_arg = /pause p_arg = /pause", "tests/kata/data/web/policy.rego:525: allow_arg 1: true", "tests/kata/data/web/policy.rego:529: allow_arg 2: i = 0 i_arg = /pause p_arg = /pause", "tests/kata/data/web/policy.rego:538: allow_arg 3: i = 0 i_arg = /pause p_arg = /pause", "tests/kata/data/web/policy.rego:542: allow_arg 3: p_arg3 = /pause", "tests/kata/data/web/policy.rego:545: allow_arg 3: true", "tests/kata/data/web/policy.rego:516: allow_args 2: true", "tests/kata/data/web/policy.rego:550: allow_env: p env = [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"]", "tests/kata/data/web/policy.rego:551: allow_env: i env = [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"]", "tests/kata/data/web/policy.rego:554: allow_env: i_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:565: allow_var 1: true", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:576: allow_var 2: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:558: allow_env: true", "tests/kata/data/web/policy.rego:478: allow_process: true", "tests/kata/data/web/policy.rego:171: allow_by_sandbox_name: true", "tests/kata/data/web/policy.rego:140: allow_by_anno 1: true", "tests/kata/data/web/policy.rego:143: allow_by_anno 2: start", "tests/kata/data/web/policy.rego:336: allow_linux: p namespaces = [{\"Path\": \"\", \"Type\": \"ipc\"}, {\"Path\": \"\", \"Type\": \"uts\"}, {\"Path\": \"\", \"Type\": \"mount\"}]", "tests/kata/data/web/policy.rego:339: allow_linux: i namespaces = [{\"Path\": \"\", \"Type\": \"ipc\"}, {\"Path\": \"\", \"Type\": \"uts\"}, {\"Path\": \"\", \"Type\": \"mount\"}]", "tests/kata/data/web/policy.rego:351: allow_masked_paths 1: p_paths = [\"/proc/acpi\", \"/proc/asound\", \"/proc/kcore\", \"/proc/keys\", \"/proc/latency_stats\", \"/proc/timer_list\", \"/proc/timer_stats\", \"/proc/sched_debug\", \"/sys/firmware\", \"/proc/scsi\"]", "tests/kata/data/web/policy.rego:354: allow_masked_paths 1: i_paths = [\"/proc/acpi\", \"/proc/asound\", \"/proc/kcore\", \"/proc/keys\", \"/proc/latency_stats\", \"/proc/timer_list\", \"/proc/timer_stats\", \"/proc/sched_debug\", \"/sys/firmware\", \"/proc/scsi\"]", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/acpi", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/asound", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/kcore", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/keys", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/latency_stats", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/timer_list", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/timer_stats", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/sched_debug", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /sys/firmware", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/scsi", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:358: allow_masked_paths 1: true", "tests/kata/data/web/policy.rego:361: allow_masked_paths 2: start", "tests/kata/data/web/policy.rego:388: allow_readonly_paths 1: p_paths = [\"/proc/bus\", \"/proc/fs\", \"/proc/irq\", \"/proc/sys\", \"/proc/sysrq-trigger\"]", "tests/kata/data/web/policy.rego:391: allow_readonly_paths 1: i_paths = [\"/proc/bus\", \"/proc/fs\", \"/proc/irq\", \"/proc/sys\", \"/proc/sysrq-trigger\"]", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/bus", "tests/kata/data/web/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/bus", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/fs", "tests/kata/data/web/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/fs", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/irq", "tests/kata/data/web/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/irq", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/sys", "tests/kata/data/web/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/sys", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/sysrq-trigger", "tests/kata/data/web/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/sysrq-trigger", "tests/kata/data/web/policy.rego:395: allow_readonly_paths 1: true", "tests/kata/data/web/policy.rego:398: allow_readonly_paths 2: start", "tests/kata/data/web/policy.rego:346: allow_linux: true", "tests/kata/data/web/policy.rego:85: CreateContainerRequest: true", "tests/kata/data/web/policy.rego:63: ======== CreateContainerRequest: trying next policy container", "tests/kata/data/web/policy.rego:67: CreateContainerRequest: p_pidns = false i_pidns = false", "tests/kata/data/web/policy.rego:72: CreateContainerRequest: p Version = 1.1.0-rc.1 i Version = 1.1.0-rc.1", "tests/kata/data/web/policy.rego:75: CreateContainerRequest: p Readonly = false i Readonly = true" ], [], [], [], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-8e80dc82103dadad-hosts", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-693bc9bb02ffa5f9-termination-log", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-4c26ca9c72f5f92f-hostname", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-911cc8f3fc1fac0f-resolv.conf", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-53c0b95bb07319ea-html", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-53c0b95bb07319ea-html/lost+found", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount/..2024_05_08_18_27_27.2903191328", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount/..2024_05_08_18_27_27.2903191328/ca.crt", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount/..2024_05_08_18_27_27.2903191328/namespace", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount/..2024_05_08_18_27_27.2903191328/token", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount/..data", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ..2024_05_08_18_27_27.2903191328", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount/ca.crt", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ..data/ca.crt", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount/namespace", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ..data/namespace", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:1145: CopyFileRequest: input.path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount/token", "tests/kata/data/web/policy.rego:1117: check_symlink_source: i_src = ..data/token", "tests/kata/data/web/policy.rego:1154: CopyFileRequest: regex4 = ^/run/kata-containers/shared/containers/[a-z0-9]{64}-[a-z0-9]{16}-", "tests/kata/data/web/policy.rego:1158: CopyFileRequest: true" ], [ "tests/kata/data/web/policy.rego:56: CreateContainerRequest: i_oci.Hooks = null", "tests/kata/data/web/policy.rego:59: CreateContainerRequest: i_oci.Linux.Seccomp = null", "tests/kata/data/web/policy.rego:63: ======== CreateContainerRequest: trying next policy container", "tests/kata/data/web/policy.rego:67: CreateContainerRequest: p_pidns = false i_pidns = false", "tests/kata/data/web/policy.rego:72: CreateContainerRequest: p Version = 1.1.0-rc.1 i Version = 1.1.0-rc.1", "tests/kata/data/web/policy.rego:75: CreateContainerRequest: p Readonly = true i Readonly = false", "tests/kata/data/web/policy.rego:63: ======== CreateContainerRequest: trying next policy container", "tests/kata/data/web/policy.rego:67: CreateContainerRequest: p_pidns = false i_pidns = false", "tests/kata/data/web/policy.rego:72: CreateContainerRequest: p Version = 1.1.0-rc.1 i Version = 1.1.0-rc.1", "tests/kata/data/web/policy.rego:75: CreateContainerRequest: p Readonly = false i Readonly = false", "tests/kata/data/web/policy.rego:90: allow_anno 1: start", "tests/kata/data/web/policy.rego:97: allow_anno 2: p Annotations = {\"io.katacontainers.pkg.oci.bundle_path\": \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/$(bundle-id)\", \"io.katacontainers.pkg.oci.container_type\": \"pod_container\", \"io.kubernetes.cri.container-name\": \"nginx\", \"io.kubernetes.cri.container-type\": \"container\", \"io.kubernetes.cri.image-name\": \"mcr.microsoft.com/cbl-mariner/base/nginx:1.22.1-9-cm2.0.20230904-amd64\", \"io.kubernetes.cri.sandbox-id\": \"^[a-z0-9]{64}$\", \"io.kubernetes.cri.sandbox-namespace\": \"default\"}", "tests/kata/data/web/policy.rego:98: allow_anno 2: i Annotations = {\"io.katacontainers.pkg.oci.bundle_path\": \"/run/containerd/io.containerd.runtime.v2.task/k8s.io/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1\", \"io.katacontainers.pkg.oci.container_type\": \"pod_container\", \"io.kubernetes.cri.container-name\": \"nginx\", \"io.kubernetes.cri.container-type\": \"container\", \"io.kubernetes.cri.image-name\": \"mcr.microsoft.com/cbl-mariner/base/nginx:1.22.1-9-cm2.0.20230904-amd64\", \"io.kubernetes.cri.sandbox-id\": \"bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b\", \"io.kubernetes.cri.sandbox-name\": \"web-0\", \"io.kubernetes.cri.sandbox-namespace\": \"default\", \"io.kubernetes.cri.sandbox-uid\": \"a03a12a9-f2d5-4b92-952c-c47f68f7b795\"}", "tests/kata/data/web/policy.rego:101: allow_anno 2: i keys = {\"io.katacontainers.pkg.oci.bundle_path\", \"io.katacontainers.pkg.oci.container_type\", \"io.kubernetes.cri.container-name\", \"io.kubernetes.cri.container-type\", \"io.kubernetes.cri.image-name\", \"io.kubernetes.cri.sandbox-id\", \"io.kubernetes.cri.sandbox-name\", \"io.kubernetes.cri.sandbox-namespace\", \"io.kubernetes.cri.sandbox-uid\"}", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.katacontainers.pkg.oci.bundle_path", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.katacontainers.pkg.oci.bundle_path", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.katacontainers.pkg.oci.container_type", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.katacontainers.pkg.oci.container_type", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.container-name", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.container-name", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.container-type", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.container-type", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.image-name", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.image-name", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-id", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-id", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-name", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-name", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-namespace", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-namespace", "tests/kata/data/web/policy.rego:123: allow_anno_key 2: true", "tests/kata/data/web/policy.rego:111: allow_anno_key 1: i key = io.kubernetes.cri.sandbox-uid", "tests/kata/data/web/policy.rego:115: allow_anno_key 1: true", "tests/kata/data/web/policy.rego:118: allow_anno_key 2: i key = io.kubernetes.cri.sandbox-uid", "tests/kata/data/web/policy.rego:107: allow_anno 2: true", "tests/kata/data/web/policy.rego:129: allow_by_anno 1: start", "tests/kata/data/web/policy.rego:136: allow_by_anno 1: i_s_name = web-0", "tests/kata/data/web/policy.rego:158: allow_by_sandbox_name: start", "tests/kata/data/web/policy.rego:164: allow_by_sandbox_name: p_namespace = default i_namespace = default", "tests/kata/data/web/policy.rego:196: allow_by_container_types: checking io.kubernetes.cri.container-type", "tests/kata/data/web/policy.rego:202: allow_by_container_types: p_cri_type = container i_cri_type = container", "tests/kata/data/web/policy.rego:211: allow_by_container_type 1: i_cri_type = container", "tests/kata/data/web/policy.rego:226: allow_by_container_type 2: i_cri_type = container", "tests/kata/data/web/policy.rego:230: allow_by_container_type 2: i_kata_type = pod_container", "tests/kata/data/web/policy.rego:250: allow_container_name: start", "tests/kata/data/web/policy.rego:267: allow_container_annotation: key = io.kubernetes.cri.container-name", "tests/kata/data/web/policy.rego:271: allow_container_annotation: p_value = nginx i_value = nginx", "tests/kata/data/web/policy.rego:275: allow_container_annotation: true", "tests/kata/data/web/policy.rego:254: allow_container_name: true", "tests/kata/data/web/policy.rego:294: allow_net_namespace: start", "tests/kata/data/web/policy.rego:301: allow_net_namespace: true", "tests/kata/data/web/policy.rego:324: allow_log_directory: start", "tests/kata/data/web/policy.rego:331: allow_log_directory: true", "tests/kata/data/web/policy.rego:237: allow_by_container_type 2: true", "tests/kata/data/web/policy.rego:207: allow_by_container_types: true", "tests/kata/data/web/policy.rego:436: allow_by_bundle_or_sandbox_id: start", "tests/kata/data/web/policy.rego:446: allow_by_bundle_or_sandbox_id: sandbox_id = bd9d8a7145f3d1b1306dac8a6ea24d35010ba5c35122ffe1bd2f0cc1bf77298b regex = ^[a-z0-9]{64}$", "tests/kata/data/web/policy.rego:703: allow_root_path: i_path = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1 p_path1 = $(cpath)/$(bundle-id)", "tests/kata/data/web/policy.rego:706: allow_root_path: p_path2 = /run/kata-containers/shared/containers/$(bundle-id)", "tests/kata/data/web/policy.rego:709: allow_root_path: p_path3 = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1", "tests/kata/data/web/policy.rego:713: allow_root_path: true", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = proc", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = proc", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= proc", "tests/kata/data/web/policy.rego:775: mount_source_allows 3: source1 = proc", "tests/kata/data/web/policy.rego:778: mount_source_allows 3: source2 = proc", "tests/kata/data/web/policy.rego:781: mount_source_allows 3: source3 = proc", "tests/kata/data/web/policy.rego:785: mount_source_allows 3: true", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = tmpfs", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = tmpfs", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= tmpfs", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = devpts", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = devpts", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= devpts", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = mqueue", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = mqueue", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= mqueue", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = sysfs", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = sysfs", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= sysfs", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = cgroup", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = cgroup", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= cgroup", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-8e80dc82103dadad-hosts\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-[a-z0-9]{16}-hosts$", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-hosts$", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-8e80dc82103dadad-hosts", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-693bc9bb02ffa5f9-termination-log\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-[a-z0-9]{16}-termination-log$", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-termination-log$", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-693bc9bb02ffa5f9-termination-log", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-4c26ca9c72f5f92f-hostname\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-[a-z0-9]{16}-hostname$", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-hostname$", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-4c26ca9c72f5f92f-hostname", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-911cc8f3fc1fac0f-resolv.conf\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-[a-z0-9]{16}-resolv.conf$", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-resolv.conf$", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-911cc8f3fc1fac0f-resolv.conf", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:732: check_mount 1: true", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = /run/kata-containers/sandbox/shm", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = /run/kata-containers/sandbox/shm", "tests/kata/data/web/policy.rego:764: mount_source_allows 2: true", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/sandbox/shm", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-53c0b95bb07319ea-html\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-[a-z0-9]{16}-html$", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-53c0b95bb07319ea-html", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:718: allow_mount: i_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/proc\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"proc\", \"type_\": \"proc\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev\", \"options\": [\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"], \"source\": \"tmpfs\", \"type_\": \"tmpfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/pts\", \"options\": [\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"], \"source\": \"devpts\", \"type_\": \"devpts\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/shm\", \"options\": [\"rbind\"], \"source\": \"/run/kata-containers/sandbox/shm\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/mqueue\", \"options\": [\"nosuid\", \"noexec\", \"nodev\"], \"source\": \"mqueue\", \"type_\": \"mqueue\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"ro\"], \"source\": \"sysfs\", \"type_\": \"sysfs\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/sys/fs/cgroup\", \"options\": [\"nosuid\", \"noexec\", \"nodev\", \"relatime\", \"ro\"], \"source\": \"cgroup\", \"type_\": \"cgroup\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hosts\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hosts$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/dev/termination-log\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)termination-log$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/hostname\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)hostname$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/etc/resolv.conf\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"$(sfprefix)resolv.conf$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)serviceaccount$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:750: mount_source_allows 1: regex4 = ^/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-[a-z0-9]{16}-serviceaccount$", "tests/kata/data/web/policy.rego:753: mount_source_allows 1: true", "tests/kata/data/web/policy.rego:761: mount_source_allows 2: regex4 = ^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-serviceaccount$", "tests/kata/data/web/policy.rego:767: mount_source_allows 3: i_mount.source= /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1-ed27a22ae4256441-serviceaccount", "tests/kata/data/web/policy.rego:741: check_mount 2: true", "tests/kata/data/web/policy.rego:727: allow_mount: true", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/var/run/secrets/azure/tokens\", \"options\": [\"rbind\", \"rprivate\", \"ro\"], \"source\": \"$(sfprefix)tokens$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:721: allow_mount: p_mount = {\"destination\": \"/usr/share/nginx/html\", \"options\": [\"rbind\", \"rprivate\", \"rw\"], \"source\": \"^/run/kata-containers/shared/containers/$(bundle-id)-[a-z0-9]{16}-html$\", \"type_\": \"bind\"}", "tests/kata/data/web/policy.rego:794: allow_storages: p_count = 7 i_count = 7", "tests/kata/data/web/policy.rego:801: allow_storages: overlay_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106:ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e:d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281:1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f:1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff:e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:805: allow_storages: layer_ids = [\"1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2\", \"c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc\", \"cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983\", \"14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c\", \"fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7\", \"8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\"]", "tests/kata/data/web/policy.rego:808: allow_storages: root_hashes = [\"073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106\", \"ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e\", \"d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281\", \"1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f\", \"1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff\", \"e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"]", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106\"], \"source\": \"0001:00:02.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 0", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106", "tests/kata/data/web/policy.rego:906: allow_storage_options 3: true", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:955: allow_mount_point 1: i = 0", "tests/kata/data/web/policy.rego:958: allow_mount_point 1: layer_id = 1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2", "tests/kata/data/web/policy.rego:961: allow_mount_point 1: p_mount = /run/kata-containers/sandbox/layers/1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2", "tests/kata/data/web/policy.rego:965: allow_mount_point 1: true", "tests/kata/data/web/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/sandbox/layers/1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2", "tests/kata/data/web/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/web/policy.rego:1042: allow_direct_vol_driver 1: true", "tests/kata/data/web/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/web/policy.rego:1025: allow_mount_point 6: mount1 = $(layer0)", "tests/kata/data/web/policy.rego:1028: allow_mount_point 6: mount2 = $(layer0)", "tests/kata/data/web/policy.rego:1032: allow_mount_point 6: mount3 = $(layer0)", "tests/kata/data/web/policy.rego:832: allow_storage: true", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer1)\", \"options\": [\"$(hash1)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106\"], \"source\": \"0001:00:02.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 1", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer2)\", \"options\": [\"$(hash2)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106\"], \"source\": \"0001:00:02.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 2", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer3)\", \"options\": [\"$(hash3)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106\"], \"source\": \"0001:00:02.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 3", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer4)\", \"options\": [\"$(hash4)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106\"], \"source\": \"0001:00:02.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 4", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer5)\", \"options\": [\"$(hash5)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106\"], \"source\": \"0001:00:02.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 5", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106:ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e:d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281:1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f:1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff:e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106\"], \"source\": \"0001:00:02.0\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e\"], \"source\": \"0001:00:03.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 0", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer1)\", \"options\": [\"$(hash1)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e\"], \"source\": \"0001:00:03.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 1", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e", "tests/kata/data/web/policy.rego:906: allow_storage_options 3: true", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:955: allow_mount_point 1: i = 1", "tests/kata/data/web/policy.rego:958: allow_mount_point 1: layer_id = c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc", "tests/kata/data/web/policy.rego:961: allow_mount_point 1: p_mount = /run/kata-containers/sandbox/layers/c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc", "tests/kata/data/web/policy.rego:965: allow_mount_point 1: true", "tests/kata/data/web/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/sandbox/layers/c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc", "tests/kata/data/web/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/web/policy.rego:1042: allow_direct_vol_driver 1: true", "tests/kata/data/web/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/web/policy.rego:1025: allow_mount_point 6: mount1 = $(layer1)", "tests/kata/data/web/policy.rego:1028: allow_mount_point 6: mount2 = $(layer1)", "tests/kata/data/web/policy.rego:1032: allow_mount_point 6: mount3 = $(layer1)", "tests/kata/data/web/policy.rego:832: allow_storage: true", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer2)\", \"options\": [\"$(hash2)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e\"], \"source\": \"0001:00:03.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 2", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer3)\", \"options\": [\"$(hash3)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e\"], \"source\": \"0001:00:03.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 3", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer4)\", \"options\": [\"$(hash4)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e\"], \"source\": \"0001:00:03.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 4", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer5)\", \"options\": [\"$(hash5)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e\"], \"source\": \"0001:00:03.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 5", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106:ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e:d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281:1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f:1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff:e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e\"], \"source\": \"0001:00:03.0\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281\"], \"source\": \"0001:00:04.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 0", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer1)\", \"options\": [\"$(hash1)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281\"], \"source\": \"0001:00:04.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 1", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer2)\", \"options\": [\"$(hash2)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281\"], \"source\": \"0001:00:04.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 2", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281", "tests/kata/data/web/policy.rego:906: allow_storage_options 3: true", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:955: allow_mount_point 1: i = 2", "tests/kata/data/web/policy.rego:958: allow_mount_point 1: layer_id = cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983", "tests/kata/data/web/policy.rego:961: allow_mount_point 1: p_mount = /run/kata-containers/sandbox/layers/cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983", "tests/kata/data/web/policy.rego:965: allow_mount_point 1: true", "tests/kata/data/web/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/sandbox/layers/cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983", "tests/kata/data/web/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/web/policy.rego:1042: allow_direct_vol_driver 1: true", "tests/kata/data/web/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/web/policy.rego:1025: allow_mount_point 6: mount1 = $(layer2)", "tests/kata/data/web/policy.rego:1028: allow_mount_point 6: mount2 = $(layer2)", "tests/kata/data/web/policy.rego:1032: allow_mount_point 6: mount3 = $(layer2)", "tests/kata/data/web/policy.rego:832: allow_storage: true", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer3)\", \"options\": [\"$(hash3)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281\"], \"source\": \"0001:00:04.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 3", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer4)\", \"options\": [\"$(hash4)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281\"], \"source\": \"0001:00:04.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 4", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer5)\", \"options\": [\"$(hash5)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281\"], \"source\": \"0001:00:04.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 5", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106:ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e:d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281:1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f:1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff:e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281\"], \"source\": \"0001:00:04.0\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f\"], \"source\": \"0001:00:05.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 0", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer1)\", \"options\": [\"$(hash1)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f\"], \"source\": \"0001:00:05.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 1", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer2)\", \"options\": [\"$(hash2)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f\"], \"source\": \"0001:00:05.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 2", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer3)\", \"options\": [\"$(hash3)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f\"], \"source\": \"0001:00:05.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 3", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f", "tests/kata/data/web/policy.rego:906: allow_storage_options 3: true", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:955: allow_mount_point 1: i = 3", "tests/kata/data/web/policy.rego:958: allow_mount_point 1: layer_id = 14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c", "tests/kata/data/web/policy.rego:961: allow_mount_point 1: p_mount = /run/kata-containers/sandbox/layers/14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c", "tests/kata/data/web/policy.rego:965: allow_mount_point 1: true", "tests/kata/data/web/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/sandbox/layers/14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c", "tests/kata/data/web/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/web/policy.rego:1042: allow_direct_vol_driver 1: true", "tests/kata/data/web/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/web/policy.rego:1025: allow_mount_point 6: mount1 = $(layer3)", "tests/kata/data/web/policy.rego:1028: allow_mount_point 6: mount2 = $(layer3)", "tests/kata/data/web/policy.rego:1032: allow_mount_point 6: mount3 = $(layer3)", "tests/kata/data/web/policy.rego:832: allow_storage: true", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer4)\", \"options\": [\"$(hash4)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f\"], \"source\": \"0001:00:05.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 4", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer5)\", \"options\": [\"$(hash5)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f\"], \"source\": \"0001:00:05.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 5", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106:ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e:d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281:1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f:1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff:e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f\"], \"source\": \"0001:00:05.0\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff\"], \"source\": \"0001:00:06.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 0", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer1)\", \"options\": [\"$(hash1)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff\"], \"source\": \"0001:00:06.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 1", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer2)\", \"options\": [\"$(hash2)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff\"], \"source\": \"0001:00:06.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 2", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer3)\", \"options\": [\"$(hash3)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff\"], \"source\": \"0001:00:06.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 3", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer4)\", \"options\": [\"$(hash4)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff\"], \"source\": \"0001:00:06.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 4", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff", "tests/kata/data/web/policy.rego:906: allow_storage_options 3: true", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:955: allow_mount_point 1: i = 4", "tests/kata/data/web/policy.rego:958: allow_mount_point 1: layer_id = fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7", "tests/kata/data/web/policy.rego:961: allow_mount_point 1: p_mount = /run/kata-containers/sandbox/layers/fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7", "tests/kata/data/web/policy.rego:965: allow_mount_point 1: true", "tests/kata/data/web/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/sandbox/layers/fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7", "tests/kata/data/web/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/web/policy.rego:1042: allow_direct_vol_driver 1: true", "tests/kata/data/web/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/web/policy.rego:1025: allow_mount_point 6: mount1 = $(layer4)", "tests/kata/data/web/policy.rego:1028: allow_mount_point 6: mount2 = $(layer4)", "tests/kata/data/web/policy.rego:1032: allow_mount_point 6: mount3 = $(layer4)", "tests/kata/data/web/policy.rego:832: allow_storage: true", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer5)\", \"options\": [\"$(hash5)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff\"], \"source\": \"0001:00:06.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 5", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106:ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e:d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281:1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f:1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff:e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff\"], \"source\": \"0001:00:06.0\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"0001:00:07.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 0", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer1)\", \"options\": [\"$(hash1)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"0001:00:07.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 1", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer2)\", \"options\": [\"$(hash2)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"0001:00:07.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 2", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer3)\", \"options\": [\"$(hash3)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"0001:00:07.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 3", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer4)\", \"options\": [\"$(hash4)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"0001:00:07.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 4", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer5)\", \"options\": [\"$(hash5)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"0001:00:07.0\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:895: allow_storage_options 3: i = 5", "tests/kata/data/web/policy.rego:898: allow_storage_options 3: hash_option = io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071", "tests/kata/data/web/policy.rego:906: allow_storage_options 3: true", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:955: allow_mount_point 1: i = 5", "tests/kata/data/web/policy.rego:958: allow_mount_point 1: layer_id = 8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a", "tests/kata/data/web/policy.rego:961: allow_mount_point 1: p_mount = /run/kata-containers/sandbox/layers/8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a", "tests/kata/data/web/policy.rego:965: allow_mount_point 1: true", "tests/kata/data/web/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/sandbox/layers/8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a", "tests/kata/data/web/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/web/policy.rego:1042: allow_direct_vol_driver 1: true", "tests/kata/data/web/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/web/policy.rego:1025: allow_mount_point 6: mount1 = $(layer5)", "tests/kata/data/web/policy.rego:1028: allow_mount_point 6: mount2 = $(layer5)", "tests/kata/data/web/policy.rego:1032: allow_mount_point 6: mount3 = $(layer5)", "tests/kata/data/web/policy.rego:832: allow_storage: true", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106:ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e:d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281:1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f:1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff:e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"/run/kata-containers/sandbox/layers/8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"options\": [\"ro\", \"io.katacontainers.fs-opt.block_device=file\", \"io.katacontainers.fs-opt.is-layer\", \"io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"0001:00:07.0\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer0)\", \"options\": [\"$(hash0)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=MWIyN2JlYzA2ODAxNmZjZTIzMGEzYzlmNDkyMGQzYmU3MjUxZTViYWFkYTdkY2EzMjA0YTkzMmNiY2RlMjdlMix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTA3M2RiYTc4MzEyOTMxMDdmODg3M2VlZGFiZjQ5MjJkMTZhNTA2MDg2ZjZmNDZiMTliNGMyMzg2ODMxYzMxMDY=\", \"io.katacontainers.fs-opt.layer=YzgyOTVjODBhNzljMmVkNzZlMDNkZGIyYWYzOTBhYzM3OTFiODc3OWRhNzk4Y2IxODNmYTk4NWNlNWNlZTFkYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWVkMGZlYWU0ZjRkY2NiNjg2NjI4OTYzYjFmMWY1ZGFlN2IzZTAxNWM4ODFlNzJmMDA1ZmYyZjk5YzY0OTQ1N2U=\", \"io.katacontainers.fs-opt.layer=Y2ZiOWZlOTdhMTg2OWVlOWIwZGFhZTNkOGNkNTk3MjBjZjM3MWRhNTY4YTZjMTRiYmExNmQ5ODJlNzA5Mjk4Myx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWQxMzgxNTJiNjYwZDJkYmNjNTA4MmFmYWU1OGVkYjFiZjBlZTU3NDJiOTE5MzNhMmY2MTY2NGI4NDdiMjMyODE=\", \"io.katacontainers.fs-opt.layer=MTRmMzk1NjQ3ODY5YTg4ZjkwYTMzZWVmNTBjOTdlODJmNGI5ODFiNmUyMGE1ODRkNTFiZjMwNDk2N2I4NTQyYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFkNjllYWY1YzVjMjU3MzFlOWE4ZWJiMDM4Yzk0MmY2YWE2YWZmNWIxNWIxMWQ4YmQ0NDQzMWU1MTRjY2Q2OWY=\", \"io.katacontainers.fs-opt.layer=ZmM3ZGQ4NjE0ODIwYmJhZmU1YjZiNjY0NWUxOTk0NWI0YWY5ODliNjYyYzk4OWZkNDZjNDY1ZmFmY2E3MDJmNyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFlYjRiZmY4MDQwYTg2YzUxNDgxNWEwMzlmNmNiNGQ3YWE0YzVmMWI3YTJlMWE0NWY2Zjg2Y2E4Yzc3MGZmZmY=\", \"io.katacontainers.fs-opt.layer=OGQzMTFlOGU1MTk4NGNhYmFjY2VjMWZiZmNiY2RkN2JmNTJhOGE5NzgxNjljZDIwYWYwN2JiZDFjM2E0NjkyYSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWU5MjhmZmY5OGRkZWEyZDI2ZGJiYTA3NTYwNTc3MGJkNmY2ZWYwNjhjOTc1Mjg5YjQ5YWNiM2Q1NTAzMGQwNzE=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\"], \"source\": \"none\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer1)\", \"options\": [\"$(hash1)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=MWIyN2JlYzA2ODAxNmZjZTIzMGEzYzlmNDkyMGQzYmU3MjUxZTViYWFkYTdkY2EzMjA0YTkzMmNiY2RlMjdlMix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTA3M2RiYTc4MzEyOTMxMDdmODg3M2VlZGFiZjQ5MjJkMTZhNTA2MDg2ZjZmNDZiMTliNGMyMzg2ODMxYzMxMDY=\", \"io.katacontainers.fs-opt.layer=YzgyOTVjODBhNzljMmVkNzZlMDNkZGIyYWYzOTBhYzM3OTFiODc3OWRhNzk4Y2IxODNmYTk4NWNlNWNlZTFkYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWVkMGZlYWU0ZjRkY2NiNjg2NjI4OTYzYjFmMWY1ZGFlN2IzZTAxNWM4ODFlNzJmMDA1ZmYyZjk5YzY0OTQ1N2U=\", \"io.katacontainers.fs-opt.layer=Y2ZiOWZlOTdhMTg2OWVlOWIwZGFhZTNkOGNkNTk3MjBjZjM3MWRhNTY4YTZjMTRiYmExNmQ5ODJlNzA5Mjk4Myx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWQxMzgxNTJiNjYwZDJkYmNjNTA4MmFmYWU1OGVkYjFiZjBlZTU3NDJiOTE5MzNhMmY2MTY2NGI4NDdiMjMyODE=\", \"io.katacontainers.fs-opt.layer=MTRmMzk1NjQ3ODY5YTg4ZjkwYTMzZWVmNTBjOTdlODJmNGI5ODFiNmUyMGE1ODRkNTFiZjMwNDk2N2I4NTQyYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFkNjllYWY1YzVjMjU3MzFlOWE4ZWJiMDM4Yzk0MmY2YWE2YWZmNWIxNWIxMWQ4YmQ0NDQzMWU1MTRjY2Q2OWY=\", \"io.katacontainers.fs-opt.layer=ZmM3ZGQ4NjE0ODIwYmJhZmU1YjZiNjY0NWUxOTk0NWI0YWY5ODliNjYyYzk4OWZkNDZjNDY1ZmFmY2E3MDJmNyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFlYjRiZmY4MDQwYTg2YzUxNDgxNWEwMzlmNmNiNGQ3YWE0YzVmMWI3YTJlMWE0NWY2Zjg2Y2E4Yzc3MGZmZmY=\", \"io.katacontainers.fs-opt.layer=OGQzMTFlOGU1MTk4NGNhYmFjY2VjMWZiZmNiY2RkN2JmNTJhOGE5NzgxNjljZDIwYWYwN2JiZDFjM2E0NjkyYSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWU5MjhmZmY5OGRkZWEyZDI2ZGJiYTA3NTYwNTc3MGJkNmY2ZWYwNjhjOTc1Mjg5YjQ5YWNiM2Q1NTAzMGQwNzE=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\"], \"source\": \"none\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer2)\", \"options\": [\"$(hash2)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=MWIyN2JlYzA2ODAxNmZjZTIzMGEzYzlmNDkyMGQzYmU3MjUxZTViYWFkYTdkY2EzMjA0YTkzMmNiY2RlMjdlMix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTA3M2RiYTc4MzEyOTMxMDdmODg3M2VlZGFiZjQ5MjJkMTZhNTA2MDg2ZjZmNDZiMTliNGMyMzg2ODMxYzMxMDY=\", \"io.katacontainers.fs-opt.layer=YzgyOTVjODBhNzljMmVkNzZlMDNkZGIyYWYzOTBhYzM3OTFiODc3OWRhNzk4Y2IxODNmYTk4NWNlNWNlZTFkYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWVkMGZlYWU0ZjRkY2NiNjg2NjI4OTYzYjFmMWY1ZGFlN2IzZTAxNWM4ODFlNzJmMDA1ZmYyZjk5YzY0OTQ1N2U=\", \"io.katacontainers.fs-opt.layer=Y2ZiOWZlOTdhMTg2OWVlOWIwZGFhZTNkOGNkNTk3MjBjZjM3MWRhNTY4YTZjMTRiYmExNmQ5ODJlNzA5Mjk4Myx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWQxMzgxNTJiNjYwZDJkYmNjNTA4MmFmYWU1OGVkYjFiZjBlZTU3NDJiOTE5MzNhMmY2MTY2NGI4NDdiMjMyODE=\", \"io.katacontainers.fs-opt.layer=MTRmMzk1NjQ3ODY5YTg4ZjkwYTMzZWVmNTBjOTdlODJmNGI5ODFiNmUyMGE1ODRkNTFiZjMwNDk2N2I4NTQyYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFkNjllYWY1YzVjMjU3MzFlOWE4ZWJiMDM4Yzk0MmY2YWE2YWZmNWIxNWIxMWQ4YmQ0NDQzMWU1MTRjY2Q2OWY=\", \"io.katacontainers.fs-opt.layer=ZmM3ZGQ4NjE0ODIwYmJhZmU1YjZiNjY0NWUxOTk0NWI0YWY5ODliNjYyYzk4OWZkNDZjNDY1ZmFmY2E3MDJmNyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFlYjRiZmY4MDQwYTg2YzUxNDgxNWEwMzlmNmNiNGQ3YWE0YzVmMWI3YTJlMWE0NWY2Zjg2Y2E4Yzc3MGZmZmY=\", \"io.katacontainers.fs-opt.layer=OGQzMTFlOGU1MTk4NGNhYmFjY2VjMWZiZmNiY2RkN2JmNTJhOGE5NzgxNjljZDIwYWYwN2JiZDFjM2E0NjkyYSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWU5MjhmZmY5OGRkZWEyZDI2ZGJiYTA3NTYwNTc3MGJkNmY2ZWYwNjhjOTc1Mjg5YjQ5YWNiM2Q1NTAzMGQwNzE=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\"], \"source\": \"none\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer3)\", \"options\": [\"$(hash3)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=MWIyN2JlYzA2ODAxNmZjZTIzMGEzYzlmNDkyMGQzYmU3MjUxZTViYWFkYTdkY2EzMjA0YTkzMmNiY2RlMjdlMix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTA3M2RiYTc4MzEyOTMxMDdmODg3M2VlZGFiZjQ5MjJkMTZhNTA2MDg2ZjZmNDZiMTliNGMyMzg2ODMxYzMxMDY=\", \"io.katacontainers.fs-opt.layer=YzgyOTVjODBhNzljMmVkNzZlMDNkZGIyYWYzOTBhYzM3OTFiODc3OWRhNzk4Y2IxODNmYTk4NWNlNWNlZTFkYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWVkMGZlYWU0ZjRkY2NiNjg2NjI4OTYzYjFmMWY1ZGFlN2IzZTAxNWM4ODFlNzJmMDA1ZmYyZjk5YzY0OTQ1N2U=\", \"io.katacontainers.fs-opt.layer=Y2ZiOWZlOTdhMTg2OWVlOWIwZGFhZTNkOGNkNTk3MjBjZjM3MWRhNTY4YTZjMTRiYmExNmQ5ODJlNzA5Mjk4Myx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWQxMzgxNTJiNjYwZDJkYmNjNTA4MmFmYWU1OGVkYjFiZjBlZTU3NDJiOTE5MzNhMmY2MTY2NGI4NDdiMjMyODE=\", \"io.katacontainers.fs-opt.layer=MTRmMzk1NjQ3ODY5YTg4ZjkwYTMzZWVmNTBjOTdlODJmNGI5ODFiNmUyMGE1ODRkNTFiZjMwNDk2N2I4NTQyYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFkNjllYWY1YzVjMjU3MzFlOWE4ZWJiMDM4Yzk0MmY2YWE2YWZmNWIxNWIxMWQ4YmQ0NDQzMWU1MTRjY2Q2OWY=\", \"io.katacontainers.fs-opt.layer=ZmM3ZGQ4NjE0ODIwYmJhZmU1YjZiNjY0NWUxOTk0NWI0YWY5ODliNjYyYzk4OWZkNDZjNDY1ZmFmY2E3MDJmNyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFlYjRiZmY4MDQwYTg2YzUxNDgxNWEwMzlmNmNiNGQ3YWE0YzVmMWI3YTJlMWE0NWY2Zjg2Y2E4Yzc3MGZmZmY=\", \"io.katacontainers.fs-opt.layer=OGQzMTFlOGU1MTk4NGNhYmFjY2VjMWZiZmNiY2RkN2JmNTJhOGE5NzgxNjljZDIwYWYwN2JiZDFjM2E0NjkyYSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWU5MjhmZmY5OGRkZWEyZDI2ZGJiYTA3NTYwNTc3MGJkNmY2ZWYwNjhjOTc1Mjg5YjQ5YWNiM2Q1NTAzMGQwNzE=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\"], \"source\": \"none\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer4)\", \"options\": [\"$(hash4)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=MWIyN2JlYzA2ODAxNmZjZTIzMGEzYzlmNDkyMGQzYmU3MjUxZTViYWFkYTdkY2EzMjA0YTkzMmNiY2RlMjdlMix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTA3M2RiYTc4MzEyOTMxMDdmODg3M2VlZGFiZjQ5MjJkMTZhNTA2MDg2ZjZmNDZiMTliNGMyMzg2ODMxYzMxMDY=\", \"io.katacontainers.fs-opt.layer=YzgyOTVjODBhNzljMmVkNzZlMDNkZGIyYWYzOTBhYzM3OTFiODc3OWRhNzk4Y2IxODNmYTk4NWNlNWNlZTFkYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWVkMGZlYWU0ZjRkY2NiNjg2NjI4OTYzYjFmMWY1ZGFlN2IzZTAxNWM4ODFlNzJmMDA1ZmYyZjk5YzY0OTQ1N2U=\", \"io.katacontainers.fs-opt.layer=Y2ZiOWZlOTdhMTg2OWVlOWIwZGFhZTNkOGNkNTk3MjBjZjM3MWRhNTY4YTZjMTRiYmExNmQ5ODJlNzA5Mjk4Myx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWQxMzgxNTJiNjYwZDJkYmNjNTA4MmFmYWU1OGVkYjFiZjBlZTU3NDJiOTE5MzNhMmY2MTY2NGI4NDdiMjMyODE=\", \"io.katacontainers.fs-opt.layer=MTRmMzk1NjQ3ODY5YTg4ZjkwYTMzZWVmNTBjOTdlODJmNGI5ODFiNmUyMGE1ODRkNTFiZjMwNDk2N2I4NTQyYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFkNjllYWY1YzVjMjU3MzFlOWE4ZWJiMDM4Yzk0MmY2YWE2YWZmNWIxNWIxMWQ4YmQ0NDQzMWU1MTRjY2Q2OWY=\", \"io.katacontainers.fs-opt.layer=ZmM3ZGQ4NjE0ODIwYmJhZmU1YjZiNjY0NWUxOTk0NWI0YWY5ODliNjYyYzk4OWZkNDZjNDY1ZmFmY2E3MDJmNyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFlYjRiZmY4MDQwYTg2YzUxNDgxNWEwMzlmNmNiNGQ3YWE0YzVmMWI3YTJlMWE0NWY2Zjg2Y2E4Yzc3MGZmZmY=\", \"io.katacontainers.fs-opt.layer=OGQzMTFlOGU1MTk4NGNhYmFjY2VjMWZiZmNiY2RkN2JmNTJhOGE5NzgxNjljZDIwYWYwN2JiZDFjM2E0NjkyYSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWU5MjhmZmY5OGRkZWEyZDI2ZGJiYTA3NTYwNTc3MGJkNmY2ZWYwNjhjOTc1Mjg5YjQ5YWNiM2Q1NTAzMGQwNzE=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\"], \"source\": \"none\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"blk\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"tar\", \"mount_point\": \"$(layer5)\", \"options\": [\"$(hash5)\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=MWIyN2JlYzA2ODAxNmZjZTIzMGEzYzlmNDkyMGQzYmU3MjUxZTViYWFkYTdkY2EzMjA0YTkzMmNiY2RlMjdlMix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTA3M2RiYTc4MzEyOTMxMDdmODg3M2VlZGFiZjQ5MjJkMTZhNTA2MDg2ZjZmNDZiMTliNGMyMzg2ODMxYzMxMDY=\", \"io.katacontainers.fs-opt.layer=YzgyOTVjODBhNzljMmVkNzZlMDNkZGIyYWYzOTBhYzM3OTFiODc3OWRhNzk4Y2IxODNmYTk4NWNlNWNlZTFkYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWVkMGZlYWU0ZjRkY2NiNjg2NjI4OTYzYjFmMWY1ZGFlN2IzZTAxNWM4ODFlNzJmMDA1ZmYyZjk5YzY0OTQ1N2U=\", \"io.katacontainers.fs-opt.layer=Y2ZiOWZlOTdhMTg2OWVlOWIwZGFhZTNkOGNkNTk3MjBjZjM3MWRhNTY4YTZjMTRiYmExNmQ5ODJlNzA5Mjk4Myx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWQxMzgxNTJiNjYwZDJkYmNjNTA4MmFmYWU1OGVkYjFiZjBlZTU3NDJiOTE5MzNhMmY2MTY2NGI4NDdiMjMyODE=\", \"io.katacontainers.fs-opt.layer=MTRmMzk1NjQ3ODY5YTg4ZjkwYTMzZWVmNTBjOTdlODJmNGI5ODFiNmUyMGE1ODRkNTFiZjMwNDk2N2I4NTQyYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFkNjllYWY1YzVjMjU3MzFlOWE4ZWJiMDM4Yzk0MmY2YWE2YWZmNWIxNWIxMWQ4YmQ0NDQzMWU1MTRjY2Q2OWY=\", \"io.katacontainers.fs-opt.layer=ZmM3ZGQ4NjE0ODIwYmJhZmU1YjZiNjY0NWUxOTk0NWI0YWY5ODliNjYyYzk4OWZkNDZjNDY1ZmFmY2E3MDJmNyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFlYjRiZmY4MDQwYTg2YzUxNDgxNWEwMzlmNmNiNGQ3YWE0YzVmMWI3YTJlMWE0NWY2Zjg2Y2E4Yzc3MGZmZmY=\", \"io.katacontainers.fs-opt.layer=OGQzMTFlOGU1MTk4NGNhYmFjY2VjMWZiZmNiY2RkN2JmNTJhOGE5NzgxNjljZDIwYWYwN2JiZDFjM2E0NjkyYSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWU5MjhmZmY5OGRkZWEyZDI2ZGJiYTA3NTYwNTc3MGJkNmY2ZWYwNjhjOTc1Mjg5YjQ5YWNiM2Q1NTAzMGQwNzE=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\"], \"source\": \"none\"}", "tests/kata/data/web/policy.rego:820: allow_storage: p_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"$(cpath)/$(bundle-id)\", \"options\": [\"1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\", \"073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106:ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e:d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281:1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f:1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff:e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"], \"source\": \"\"}", "tests/kata/data/web/policy.rego:821: allow_storage: i_storage = {\"driver\": \"overlayfs\", \"driver_options\": [], \"fs_group\": null, \"fstype\": \"fuse3.kata-overlay\", \"mount_point\": \"/run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1\", \"options\": [\"io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers\", \"io.katacontainers.fs-opt.layer=MWIyN2JlYzA2ODAxNmZjZTIzMGEzYzlmNDkyMGQzYmU3MjUxZTViYWFkYTdkY2EzMjA0YTkzMmNiY2RlMjdlMix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTA3M2RiYTc4MzEyOTMxMDdmODg3M2VlZGFiZjQ5MjJkMTZhNTA2MDg2ZjZmNDZiMTliNGMyMzg2ODMxYzMxMDY=\", \"io.katacontainers.fs-opt.layer=YzgyOTVjODBhNzljMmVkNzZlMDNkZGIyYWYzOTBhYzM3OTFiODc3OWRhNzk4Y2IxODNmYTk4NWNlNWNlZTFkYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWVkMGZlYWU0ZjRkY2NiNjg2NjI4OTYzYjFmMWY1ZGFlN2IzZTAxNWM4ODFlNzJmMDA1ZmYyZjk5YzY0OTQ1N2U=\", \"io.katacontainers.fs-opt.layer=Y2ZiOWZlOTdhMTg2OWVlOWIwZGFhZTNkOGNkNTk3MjBjZjM3MWRhNTY4YTZjMTRiYmExNmQ5ODJlNzA5Mjk4Myx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWQxMzgxNTJiNjYwZDJkYmNjNTA4MmFmYWU1OGVkYjFiZjBlZTU3NDJiOTE5MzNhMmY2MTY2NGI4NDdiMjMyODE=\", \"io.katacontainers.fs-opt.layer=MTRmMzk1NjQ3ODY5YTg4ZjkwYTMzZWVmNTBjOTdlODJmNGI5ODFiNmUyMGE1ODRkNTFiZjMwNDk2N2I4NTQyYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFkNjllYWY1YzVjMjU3MzFlOWE4ZWJiMDM4Yzk0MmY2YWE2YWZmNWIxNWIxMWQ4YmQ0NDQzMWU1MTRjY2Q2OWY=\", \"io.katacontainers.fs-opt.layer=ZmM3ZGQ4NjE0ODIwYmJhZmU1YjZiNjY0NWUxOTk0NWI0YWY5ODliNjYyYzk4OWZkNDZjNDY1ZmFmY2E3MDJmNyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFlYjRiZmY4MDQwYTg2YzUxNDgxNWEwMzlmNmNiNGQ3YWE0YzVmMWI3YTJlMWE0NWY2Zjg2Y2E4Yzc3MGZmZmY=\", \"io.katacontainers.fs-opt.layer=OGQzMTFlOGU1MTk4NGNhYmFjY2VjMWZiZmNiY2RkN2JmNTJhOGE5NzgxNjljZDIwYWYwN2JiZDFjM2E0NjkyYSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWU5MjhmZmY5OGRkZWEyZDI2ZGJiYTA3NTYwNTc3MGJkNmY2ZWYwNjhjOTc1Mjg5YjQ5YWNiM2Q1NTAzMGQwNzE=\", \"io.katacontainers.fs-opt.overlay-rw\", \"lowerdir=1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\"], \"source\": \"none\"}", "tests/kata/data/web/policy.rego:836: allow_storage_options 1: start", "tests/kata/data/web/policy.rego:844: allow_storage_options 2: start", "tests/kata/data/web/policy.rego:850: allow_storage_options 2: policy_ids = [\"1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2\", \"c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc\", \"cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983\", \"14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c\", \"fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7\", \"8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a\"]", "tests/kata/data/web/policy.rego:854: allow_storage_options 2: policy_hashes = [\"073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106\", \"ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e\", \"d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281\", \"1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f\", \"1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff\", \"e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071\"]", "tests/kata/data/web/policy.rego:857: allow_storage_options 2: p_count = 6", "tests/kata/data/web/policy.rego:862: allow_storage_options 2: i_count = 9", "tests/kata/data/web/policy.rego:865: allow_storage_options 2: i_storage.options[0] = io.katacontainers.fs-opt.layer-src-prefix=/var/lib/containerd/io.containerd.snapshotter.v1.tardev/layers", "tests/kata/data/web/policy.rego:868: allow_storage_options 2: i_storage.options[i_count - 2] = io.katacontainers.fs-opt.overlay-rw", "tests/kata/data/web/policy.rego:872: allow_storage_options 2: lowerdir = lowerdir=1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a", "tests/kata/data/web/policy.rego:874: allow_storage_options 2: i_storage.options[i_count - 1] = lowerdir=1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2:c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc:cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983:14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c:fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7:8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a", "tests/kata/data/web/policy.rego:929: allow_overlay_layer: policy_id = 1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2 policy_hash = 073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106", "tests/kata/data/web/policy.rego:930: allow_overlay_layer: i_option = io.katacontainers.fs-opt.layer=MWIyN2JlYzA2ODAxNmZjZTIzMGEzYzlmNDkyMGQzYmU3MjUxZTViYWFkYTdkY2EzMjA0YTkzMmNiY2RlMjdlMix0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTA3M2RiYTc4MzEyOTMxMDdmODg3M2VlZGFiZjQ5MjJkMTZhNTA2MDg2ZjZmNDZiMTliNGMyMzg2ODMxYzMxMDY=", "tests/kata/data/web/policy.rego:935: allow_overlay_layer: i_value_decoded = 1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106", "tests/kata/data/web/policy.rego:939: allow_overlay_layer: p_value = 1b27bec068016fce230a3c9f4920d3be7251e5baada7dca3204a932cbcde27e2,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=073dba7831293107f8873eedabf4922d16a506086f6f46b19b4c2386831c3106", "tests/kata/data/web/policy.rego:943: allow_overlay_layer: true", "tests/kata/data/web/policy.rego:929: allow_overlay_layer: policy_id = c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc policy_hash = ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e", "tests/kata/data/web/policy.rego:930: allow_overlay_layer: i_option = io.katacontainers.fs-opt.layer=YzgyOTVjODBhNzljMmVkNzZlMDNkZGIyYWYzOTBhYzM3OTFiODc3OWRhNzk4Y2IxODNmYTk4NWNlNWNlZTFkYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWVkMGZlYWU0ZjRkY2NiNjg2NjI4OTYzYjFmMWY1ZGFlN2IzZTAxNWM4ODFlNzJmMDA1ZmYyZjk5YzY0OTQ1N2U=", "tests/kata/data/web/policy.rego:935: allow_overlay_layer: i_value_decoded = c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e", "tests/kata/data/web/policy.rego:939: allow_overlay_layer: p_value = c8295c80a79c2ed76e03ddb2af390ac3791b8779da798cb183fa985ce5cee1dc,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=ed0feae4f4dccb686628963b1f1f5dae7b3e015c881e72f005ff2f99c649457e", "tests/kata/data/web/policy.rego:943: allow_overlay_layer: true", "tests/kata/data/web/policy.rego:929: allow_overlay_layer: policy_id = cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983 policy_hash = d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281", "tests/kata/data/web/policy.rego:930: allow_overlay_layer: i_option = io.katacontainers.fs-opt.layer=Y2ZiOWZlOTdhMTg2OWVlOWIwZGFhZTNkOGNkNTk3MjBjZjM3MWRhNTY4YTZjMTRiYmExNmQ5ODJlNzA5Mjk4Myx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWQxMzgxNTJiNjYwZDJkYmNjNTA4MmFmYWU1OGVkYjFiZjBlZTU3NDJiOTE5MzNhMmY2MTY2NGI4NDdiMjMyODE=", "tests/kata/data/web/policy.rego:935: allow_overlay_layer: i_value_decoded = cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281", "tests/kata/data/web/policy.rego:939: allow_overlay_layer: p_value = cfb9fe97a1869ee9b0daae3d8cd59720cf371da568a6c14bba16d982e7092983,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=d138152b660d2dbcc5082afae58edb1bf0ee5742b91933a2f61664b847b23281", "tests/kata/data/web/policy.rego:943: allow_overlay_layer: true", "tests/kata/data/web/policy.rego:929: allow_overlay_layer: policy_id = 14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c policy_hash = 1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f", "tests/kata/data/web/policy.rego:930: allow_overlay_layer: i_option = io.katacontainers.fs-opt.layer=MTRmMzk1NjQ3ODY5YTg4ZjkwYTMzZWVmNTBjOTdlODJmNGI5ODFiNmUyMGE1ODRkNTFiZjMwNDk2N2I4NTQyYyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFkNjllYWY1YzVjMjU3MzFlOWE4ZWJiMDM4Yzk0MmY2YWE2YWZmNWIxNWIxMWQ4YmQ0NDQzMWU1MTRjY2Q2OWY=", "tests/kata/data/web/policy.rego:935: allow_overlay_layer: i_value_decoded = 14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f", "tests/kata/data/web/policy.rego:939: allow_overlay_layer: p_value = 14f395647869a88f90a33eef50c97e82f4b981b6e20a584d51bf304967b8542c,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=1d69eaf5c5c25731e9a8ebb038c942f6aa6aff5b15b11d8bd44431e514ccd69f", "tests/kata/data/web/policy.rego:943: allow_overlay_layer: true", "tests/kata/data/web/policy.rego:929: allow_overlay_layer: policy_id = fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7 policy_hash = 1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff", "tests/kata/data/web/policy.rego:930: allow_overlay_layer: i_option = io.katacontainers.fs-opt.layer=ZmM3ZGQ4NjE0ODIwYmJhZmU1YjZiNjY0NWUxOTk0NWI0YWY5ODliNjYyYzk4OWZkNDZjNDY1ZmFmY2E3MDJmNyx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPTFlYjRiZmY4MDQwYTg2YzUxNDgxNWEwMzlmNmNiNGQ3YWE0YzVmMWI3YTJlMWE0NWY2Zjg2Y2E4Yzc3MGZmZmY=", "tests/kata/data/web/policy.rego:935: allow_overlay_layer: i_value_decoded = fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff", "tests/kata/data/web/policy.rego:939: allow_overlay_layer: p_value = fc7dd8614820bbafe5b6b6645e19945b4af989b662c989fd46c465fafca702f7,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=1eb4bff8040a86c514815a039f6cb4d7aa4c5f1b7a2e1a45f6f86ca8c770ffff", "tests/kata/data/web/policy.rego:943: allow_overlay_layer: true", "tests/kata/data/web/policy.rego:929: allow_overlay_layer: policy_id = 8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a policy_hash = e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071", "tests/kata/data/web/policy.rego:930: allow_overlay_layer: i_option = io.katacontainers.fs-opt.layer=OGQzMTFlOGU1MTk4NGNhYmFjY2VjMWZiZmNiY2RkN2JmNTJhOGE5NzgxNjljZDIwYWYwN2JiZDFjM2E0NjkyYSx0YXIscm8saW8ua2F0YWNvbnRhaW5lcnMuZnMtb3B0LmJsb2NrX2RldmljZT1maWxlLGlvLmthdGFjb250YWluZXJzLmZzLW9wdC5pcy1sYXllcixpby5rYXRhY29udGFpbmVycy5mcy1vcHQucm9vdC1oYXNoPWU5MjhmZmY5OGRkZWEyZDI2ZGJiYTA3NTYwNTc3MGJkNmY2ZWYwNjhjOTc1Mjg5YjQ5YWNiM2Q1NTAzMGQwNzE=", "tests/kata/data/web/policy.rego:935: allow_overlay_layer: i_value_decoded = 8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071", "tests/kata/data/web/policy.rego:939: allow_overlay_layer: p_value = 8d311e8e51984cabaccec1fbfcbcdd7bf52a8a978169cd20af07bbd1c3a4692a,tar,ro,io.katacontainers.fs-opt.block_device=file,io.katacontainers.fs-opt.is-layer,io.katacontainers.fs-opt.root-hash=e928fff98ddea2d26dbba075605770bd6f6ef068c975289b49acb3d55030d071", "tests/kata/data/web/policy.rego:943: allow_overlay_layer: true", "tests/kata/data/web/policy.rego:881: allow_storage_options 2: true", "tests/kata/data/web/policy.rego:884: allow_storage_options 3: start", "tests/kata/data/web/policy.rego:909: allow_storage_options 4: start", "tests/kata/data/web/policy.rego:972: allow_mount_point 2: mount2 = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1", "tests/kata/data/web/policy.rego:976: allow_mount_point 2: true", "tests/kata/data/web/policy.rego:1021: allow_mount_point 6: i_storage.mount_point = /run/kata-containers/shared/containers/61d94665cec0025e68f0bea6c4eea6e19b23f8c95a1a45f63a5315b0700d72b1", "tests/kata/data/web/policy.rego:1040: allow_direct_vol_driver 1: start", "tests/kata/data/web/policy.rego:1045: allow_direct_vol_driver 2: start", "tests/kata/data/web/policy.rego:832: allow_storage: true", "tests/kata/data/web/policy.rego:814: allow_storages: true", "tests/kata/data/web/policy.rego:457: allow_by_bundle_or_sandbox_id: true", "tests/kata/data/web/policy.rego:464: allow_process: i terminal = false p terminal = false", "tests/kata/data/web/policy.rego:467: allow_process: i cwd = / i cwd = /", "tests/kata/data/web/policy.rego:470: allow_process: i noNewPrivileges = false p noNewPrivileges = false", "tests/kata/data/web/policy.rego:1052: allow_caps: policy Ambient = []", "tests/kata/data/web/policy.rego:1053: allow_caps: input Ambient = []", "tests/kata/data/web/policy.rego:1074: match_caps 1: start", "tests/kata/data/web/policy.rego:1078: match_caps 1: true", "tests/kata/data/web/policy.rego:1081: match_caps 2: start", "tests/kata/data/web/policy.rego:1092: match_caps 3: start", "tests/kata/data/web/policy.rego:1056: allow_caps: policy Bounding = [\"$(default_caps)\"]", "tests/kata/data/web/policy.rego:1057: allow_caps: input Bounding = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1074: match_caps 1: start", "tests/kata/data/web/policy.rego:1081: match_caps 2: start", "tests/kata/data/web/policy.rego:1086: match_caps 2: default_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1089: match_caps 2: true", "tests/kata/data/web/policy.rego:1092: match_caps 3: start", "tests/kata/data/web/policy.rego:1060: allow_caps: policy Effective = [\"$(default_caps)\"]", "tests/kata/data/web/policy.rego:1061: allow_caps: input Effective = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1074: match_caps 1: start", "tests/kata/data/web/policy.rego:1081: match_caps 2: start", "tests/kata/data/web/policy.rego:1086: match_caps 2: default_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1089: match_caps 2: true", "tests/kata/data/web/policy.rego:1092: match_caps 3: start", "tests/kata/data/web/policy.rego:1064: allow_caps: policy Inheritable = []", "tests/kata/data/web/policy.rego:1065: allow_caps: input Inheritable = []", "tests/kata/data/web/policy.rego:1074: match_caps 1: start", "tests/kata/data/web/policy.rego:1078: match_caps 1: true", "tests/kata/data/web/policy.rego:1081: match_caps 2: start", "tests/kata/data/web/policy.rego:1092: match_caps 3: start", "tests/kata/data/web/policy.rego:1068: allow_caps: policy Permitted = [\"$(default_caps)\"]", "tests/kata/data/web/policy.rego:1069: allow_caps: input Permitted = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1074: match_caps 1: start", "tests/kata/data/web/policy.rego:1081: match_caps 2: start", "tests/kata/data/web/policy.rego:1086: match_caps 2: default_caps = [\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]", "tests/kata/data/web/policy.rego:1089: match_caps 2: true", "tests/kata/data/web/policy.rego:1092: match_caps 3: start", "tests/kata/data/web/policy.rego:485: allow_user: input uid = 0 policy uid = 0", "tests/kata/data/web/policy.rego:499: allow_args 1: no args", "tests/kata/data/web/policy.rego:507: allow_args 2: policy args = [\"/bin/sh\", \"-c\", \"while true; do echo $(sandbox-name); sleep 10; done\"]", "tests/kata/data/web/policy.rego:508: allow_args 2: input args = [\"/bin/sh\", \"-c\", \"while true; do echo web-0; sleep 10; done\"]", "tests/kata/data/web/policy.rego:520: allow_arg 1: i = 0 i_arg = /bin/sh p_arg = /bin/sh", "tests/kata/data/web/policy.rego:525: allow_arg 1: true", "tests/kata/data/web/policy.rego:529: allow_arg 2: i = 0 i_arg = /bin/sh p_arg = /bin/sh", "tests/kata/data/web/policy.rego:538: allow_arg 3: i = 0 i_arg = /bin/sh p_arg = /bin/sh", "tests/kata/data/web/policy.rego:542: allow_arg 3: p_arg3 = /bin/sh", "tests/kata/data/web/policy.rego:545: allow_arg 3: true", "tests/kata/data/web/policy.rego:520: allow_arg 1: i = 1 i_arg = -c p_arg = -c", "tests/kata/data/web/policy.rego:525: allow_arg 1: true", "tests/kata/data/web/policy.rego:529: allow_arg 2: i = 1 i_arg = -c p_arg = -c", "tests/kata/data/web/policy.rego:538: allow_arg 3: i = 1 i_arg = -c p_arg = -c", "tests/kata/data/web/policy.rego:542: allow_arg 3: p_arg3 = -c", "tests/kata/data/web/policy.rego:545: allow_arg 3: true", "tests/kata/data/web/policy.rego:520: allow_arg 1: i = 2 i_arg = while true; do echo web-0; sleep 10; done p_arg = while true; do echo $(sandbox-name); sleep 10; done", "tests/kata/data/web/policy.rego:529: allow_arg 2: i = 2 i_arg = while true; do echo web-0; sleep 10; done p_arg = while true; do echo $(sandbox-name); sleep 10; done", "tests/kata/data/web/policy.rego:538: allow_arg 3: i = 2 i_arg = while true; do echo web-0; sleep 10; done p_arg = while true; do echo $(sandbox-name); sleep 10; done", "tests/kata/data/web/policy.rego:542: allow_arg 3: p_arg3 = while true; do echo web-0; sleep 10; done", "tests/kata/data/web/policy.rego:545: allow_arg 3: true", "tests/kata/data/web/policy.rego:516: allow_args 2: true", "tests/kata/data/web/policy.rego:550: allow_env: p env = [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\", \"HOSTNAME=$(host-name)\", \"META_NAME=$(sandbox-name)\"]", "tests/kata/data/web/policy.rego:551: allow_env: i env = [\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\", \"HOSTNAME=web-0\", \"META_NAME=web-0\", \"KUBERNETES_SERVICE_HOST=10.0.0.1\", \"KUBERNETES_SERVICE_PORT=443\", \"KUBERNETES_SERVICE_PORT_HTTPS=443\", \"KUBERNETES_PORT=tcp://10.0.0.1:443\", \"KUBERNETES_PORT_443_TCP=tcp://10.0.0.1:443\", \"KUBERNETES_PORT_443_TCP_PROTO=tcp\", \"KUBERNETES_PORT_443_TCP_PORT=443\", \"KUBERNETES_PORT_443_TCP_ADDR=10.0.0.1\"]", "tests/kata/data/web/policy.rego:554: allow_env: i_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:565: allow_var 1: true", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:576: allow_var 2: true", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:554: allow_env: i_var = HOSTNAME=web-0", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:590: allow_var 3: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:621: allow_var 5: true", "tests/kata/data/web/policy.rego:554: allow_env: i_var = META_NAME=web-0", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:576: allow_var 2: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:554: allow_env: i_var = KUBERNETES_SERVICE_HOST=10.0.0.1", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:590: allow_var 3: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = META_NAME=$(sandbox-name)", "tests/kata/data/web/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_SERVICE_HOST p_var = META_NAME=$(sandbox-name)", "tests/kata/data/web/policy.rego:554: allow_env: i_var = KUBERNETES_SERVICE_PORT=443", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:590: allow_var 3: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:554: allow_env: i_var = KUBERNETES_SERVICE_PORT_HTTPS=443", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:590: allow_var 3: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:554: allow_env: i_var = KUBERNETES_PORT=tcp://10.0.0.1:443", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:590: allow_var 3: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:554: allow_env: i_var = KUBERNETES_PORT_443_TCP=tcp://10.0.0.1:443", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:590: allow_var 3: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:554: allow_env: i_var = KUBERNETES_PORT_443_TCP_PROTO=tcp", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:590: allow_var 3: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:554: allow_env: i_var = KUBERNETES_PORT_443_TCP_PORT=443", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:590: allow_var 3: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:554: allow_env: i_var = KUBERNETES_PORT_443_TCP_ADDR=10.0.0.1", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:573: allow_var 2: p_var2 = META_NAME=web-0", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^HOSTNAME=[a-zA-Z0-9_\\.\\-]+$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PROTO=tcp$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT_[0-9]{1,5}_TCP_ADDR=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:590: allow_var 3: true", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_HOST=((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_SERVICE_PORT_[a-zA-Z0-9_\\.\\-]+=[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^[A-Z0-9_\\.\\-]+_PORT=tcp://((25[0-5]|(2[0-4]|1\\d|[1-9]|)\\d)\\.?\\b){4}:[0-9]{1,5}$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_CLIENT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_TENANT_ID=[A-Fa-f0-9-]*$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_FEDERATED_TOKEN_FILE=/var/run/secrets/azure/tokens/azure-identity-token$", "tests/kata/data/web/policy.rego:587: allow_var 3: p_regex5 = ^AZURE_AUTHORITY_HOST=https://login\\.microsoftonline\\.com/$", "tests/kata/data/web/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:656: allow_pod_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = META_NAME=$(sandbox-name)", "tests/kata/data/web/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "tests/kata/data/web/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = HOSTNAME=$(host-name)", "tests/kata/data/web/policy.rego:668: allow_host_ip_var: var_name = KUBERNETES_PORT_443_TCP_ADDR p_var = META_NAME=$(sandbox-name)", "tests/kata/data/web/policy.rego:558: allow_env: true", "tests/kata/data/web/policy.rego:478: allow_process: true", "tests/kata/data/web/policy.rego:171: allow_by_sandbox_name: true", "tests/kata/data/web/policy.rego:140: allow_by_anno 1: true", "tests/kata/data/web/policy.rego:143: allow_by_anno 2: start", "tests/kata/data/web/policy.rego:336: allow_linux: p namespaces = [{\"Path\": \"\", \"Type\": \"ipc\"}, {\"Path\": \"\", \"Type\": \"uts\"}, {\"Path\": \"\", \"Type\": \"mount\"}]", "tests/kata/data/web/policy.rego:339: allow_linux: i namespaces = [{\"Path\": \"\", \"Type\": \"ipc\"}, {\"Path\": \"\", \"Type\": \"uts\"}, {\"Path\": \"\", \"Type\": \"mount\"}]", "tests/kata/data/web/policy.rego:351: allow_masked_paths 1: p_paths = [\"/proc/acpi\", \"/proc/kcore\", \"/proc/keys\", \"/proc/latency_stats\", \"/proc/timer_list\", \"/proc/timer_stats\", \"/proc/sched_debug\", \"/proc/scsi\", \"/sys/firmware\"]", "tests/kata/data/web/policy.rego:354: allow_masked_paths 1: i_paths = [\"/proc/asound\", \"/proc/acpi\", \"/proc/kcore\", \"/proc/keys\", \"/proc/latency_stats\", \"/proc/timer_list\", \"/proc/timer_stats\", \"/proc/sched_debug\", \"/proc/scsi\", \"/sys/firmware\"]", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/acpi", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/kcore", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/keys", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/latency_stats", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/timer_list", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/timer_stats", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/sched_debug", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /proc/scsi", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:378: allow_masked_path: p_elem = /sys/firmware", "tests/kata/data/web/policy.rego:383: allow_masked_path: true", "tests/kata/data/web/policy.rego:358: allow_masked_paths 1: true", "tests/kata/data/web/policy.rego:361: allow_masked_paths 2: start", "tests/kata/data/web/policy.rego:388: allow_readonly_paths 1: p_paths = [\"/proc/asound\", \"/proc/bus\", \"/proc/fs\", \"/proc/irq\", \"/proc/sys\", \"/proc/sysrq-trigger\"]", "tests/kata/data/web/policy.rego:391: allow_readonly_paths 1: i_paths = [\"/proc/bus\", \"/proc/fs\", \"/proc/irq\", \"/proc/sys\", \"/proc/sysrq-trigger\"]", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/asound", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/asound", "tests/kata/data/web/policy.rego:430: allow_readonly_path 2: true", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/bus", "tests/kata/data/web/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/bus", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/fs", "tests/kata/data/web/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/fs", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/irq", "tests/kata/data/web/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/irq", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/sys", "tests/kata/data/web/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/sys", "tests/kata/data/web/policy.rego:417: allow_readonly_path 1: p_elem = /proc/sysrq-trigger", "tests/kata/data/web/policy.rego:422: allow_readonly_path 1: true", "tests/kata/data/web/policy.rego:425: allow_readonly_path 2: p_elem = /proc/sysrq-trigger", "tests/kata/data/web/policy.rego:395: allow_readonly_paths 1: true", "tests/kata/data/web/policy.rego:398: allow_readonly_paths 2: start", "tests/kata/data/web/policy.rego:346: allow_linux: true", "tests/kata/data/web/policy.rego:85: CreateContainerRequest: true" ], [] ]