Markus Rudy
Markus Rudy
cc @katexochen @Xynnn007 ... and if you see someone else missing please loop them in!
Hey @Xynnn007, Thanks for the review! You're quite right that we already made progress in some of the points in this proposal, which is probably a good sign for convergence....
> I agree that we want to bind initdata to the TEE early, but would it make a difference if we do that AA (eagerly at process startup), like it...
The downside of adding unmeasured fields to initdata is that the measurement process will be more complex, and thus more error prone. There's a certain beauty to just hashing the...
One more data point: https://github.com/kata-containers/kata-containers/security/advisories/GHSA-989w-4xr2-ww9m could have been avoided if the agent was not in the service management business.
@danmihai1: While I agree with the general sentiment, I think we need to consider the tradeoffs between most secure on the one hand and k8s compliant on the other. Considering...
Well, if the use case is non-confidential we can also just not implement a genpolicy rule at all :)
@fidencio: afaiu, this is blocked by > Sure, let's discuss in the group meeting possible processes for safely extracting data from a CoCo Guest. Part of that discussion should also...
`list_routes` failed again on an unrelated PR: https://github.com/kata-containers/kata-containers/actions/runs/19422460215/job/55578580766?pr=11978
Thanks for debugging this, @shwetha-s-poojary - I believe you're right and we should not just `?-return` in these cases.