...

Text file src/github.com/Microsoft/hcsshim/internal/tools/policyenginesimulator/samples/simple_custom/policy.rego

Documentation: github.com/Microsoft/hcsshim/internal/tools/policyenginesimulator/samples/simple_custom 

     1package policy
     2
     3api_version := "0.7.0"
     4
     5overlays := {
     6    "pause": {
     7        "deviceHashes": ["16b514057a06ad665f92c02863aca074fd5976c755d26bff16365299169e8415"],
     8        "mounts": []
     9    },
    10    "python3": {
    11        "deviceHashes": [
    12            "998fe7a12356e0de0f2ffb4134615b42c9510e281c0ecfc7628c121442544309",
    13            "f65ec804a63b85f507ac11d187434ea135a18cdc16202551d8dff292f942fdf0",
    14            "04c110e9406d2b57079f1eac4c9c5247747caa3bcaab6d83651de6e7da97cb40",
    15            "e7fbe653352d546497c534c629269c4c04f1997f6892bd66c273f0c9753a4de3",
    16            "b99a9ced77c45fc4dc96bac8ea1e4d9bc1d2a66696cc057d3f3cca79dc999702",
    17            "3413e98a178646d4703ea70b9bff2d4410e606a22062046992cda8c8aedaa387",
    18            "1e66649e162d99c4d675d8d8c3af90ece3799b33d24671bc83fe9ea5143daf2f",
    19            "97112ba1d4a2c86c1c15a3e13f606e8fcc0fb1b49154743cadd1f065c42fee5a",
    20            "37e9dcf799048b7d35ce53584e0984198e1bc3366c3bb5582fd97553d31beb4e"
    21        ],
    22        "mounts": []
    23    },
    24    "resolvConf": {
    25        "deviceHashes": [
    26            "606fd6baf5eb1a71fd286aea29672a06bfe55f0007ded92ee73142a37590ed19",
    27            "97adfda6943f3af972b9bf4fa684f533f10c023d913d195048fef03f9c3c60fd",
    28            "296e5baa5b9ded863ca0170e05cd9ecf4136f86c830a9da906184ab147415c7b",
    29            "a6a6918c07c85e29e48d4a87c1194781251d5185f682c26f20d6ee4e955a239f",
    30            "285cb680a55d09f548d4baa804a663764788619824565685b32b8097cbed3d26"
    31        ],
    32        "mounts": ["/mount/resolvconf"]
    33    }
    34}
    35
    36custom_containers := [
    37    {
    38        "id": "pause",
    39        "command": ["/pause"],
    40        "overlayID": "pause",
    41        "depends": []
    42    },
    43    {
    44        "id": "attestationReport",
    45        "command": ["python3", "WebAttestationReport.py"],
    46        "overlayID": "python3",
    47        "depends": ["pause"]
    48    },
    49    {
    50        "id": "copy_resolv_conf",
    51        "command": ["bash", "/copy_resolv_conf.sh"],
    52        "overlayID": "resolvConf",
    53        "depends": ["pause"]
    54    }
    55]
    56
    57mount_device := data.custom.mount_device
    58mount_overlay := data.custom.mount_overlay
    59create_container := data.custom.create_container
    60unmount_device := {"allowed": true}
    61unmount_overlay := {"allowed": true}
    62exec_in_container := {"allowed": true}
    63exec_external := {"allowed": true}
    64shutdown_container := {"allowed": true}
    65signal_container_process := {"allowed": true}
    66plan9_mount := {"allowed": true}
    67plan9_unmount := {"allowed": true}
    68
    69default load_fragment := {"allowed": false}
    70load_fragment := {"allowed": true, "add_module": true} {
    71    input.issuer == "did:web:contoso.github.io"
    72    input.feed == "contoso.azurecr.io/custom"
    73}

View as plain text