You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note that the side effect is due to uncommited code and it is not a reproducible outcome. However the fact that the container can modify the host's files is still applicable.
After discussing this issue with flotta members (@masayag@eloycoto@pkliczewski@tupyy ) we resolved in documenting this use case and suggesting using OPA (validating webhooks) to prevent workloads from mounting paths that are not allowed based on each deployment use case.
Steps to reproduce:
app=mount
so that the workload will run in the devicesu -l flotta -s /bin/bash
podman exec -it mount-fedora bash
mount.service
found in/home/flotta/.config/systemd/user/default.target.wants/
Note: As a side effect, the edgeworkload is removed from the control plane as well as from the device.
The text was updated successfully, but these errors were encountered: