packages/kata-runtime: alow arbitrary CDI annotations

As discussed via Teams, there is no sense in checking CDI annotations if the agent doesn't care about them anyway. This allows arbitrary CDI annotations in the policy.
edgelesssys · Feb 7, 2025 · 269828e · 269828e
1 parent f9f3ae0
commit 269828e
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/packages/by-name/kata/kata-runtime/0019-genpolicy-support-dynamic-annotations.patch b/packages/by-name/kata/kata-runtime/0019-genpolicy-support-dynamic-annotations.patch
@@ -15,7 +15,7 @@ where `XY` corresponds to a dynamic ID.
  3 files changed, 25 insertions(+), 7 deletions(-)
 
 diff --git a/src/tools/genpolicy/genpolicy-settings.json b/src/tools/genpolicy/genpolicy-settings.json
-index 9b95f9f7462717d04f0b9ce685d97c0455f949da..7dac0e5e0585c25e324a39656d1a2dcfa12e7d96 100644
+index 9b95f9f7462717d04f0b9ce685d97c0455f949da..d3f166b563f35a3de18f49bc0e38c6c421706dcc 100644
 --- a/src/tools/genpolicy/genpolicy-settings.json
 +++ b/src/tools/genpolicy/genpolicy-settings.json
 @@ -309,7 +309,10 @@
@@ -25,7 +25,7 @@ index 9b95f9f7462717d04f0b9ce685d97c0455f949da..7dac0e5e0585c25e324a39656d1a2dcf
 -        ]
 +        ],
 +        "dynamic_annotations": {
-+            "^cdi\\.k8s\\.io\\/vfio[0-9]{2}$": "^nvidia.com/gpu=[0-9]+$"
++            "^cdi\\.k8s\\.io\\/.*$": "^.*$"
 +        }
      },
      "kata_config": {