Adding ACLPolicies to an endpoint after it has been created fails on 1803 technical preview about hcsshim HOT 7 CLOSED

is there an update to this? we would like to move to using HNS ACLs instead of firewall rules on 1803, but this would block us

from hcsshim.

@msabansal @JMesser81

from hcsshim.

@sesmith177 thanks for reporting this. Can you give me some more details on your scenario? Are you trying to apply ACLs on individual endpoints or subnets? Are you wanting to create ACLs for Windows Server (shared kernel) containers or containers with Hyper-V Isolation. There were some known bugs with ACLs which we fixed in the latest version of Windows Server version 1803 which is due out later this month.

from hcsshim.

@JMesser81 we are applying ACLs on individual endpoints with shared kernel containers

from hcsshim.

@sesmith177 Thank you for the detailed report and code sample. @JMesser81 is correct that there are some known issues which were addressed in the latest version of Windows Server version 1803.

In the build you mentioned (17093.1000.amd64fre.rs_prerelease.180202-1400) there is a schema compatibility issue which may cause some ACLPolicy's from 1709 to fail to be applied. In your code example, the "Protocol" field is likely to be the cause of the issue as it is being passed by hcsshim as an integer, while the service in that particular build is expecting a string.

That issue was fixed and in the latest version of Windows Server 1803 (due out later this month) the protocol will once again be accepted as an integer value and your code sample should work as-is.

from hcsshim.

@natalieparellano looks like we can close this out? from talking with @aminjam 1803 is functioning as expected

from hcsshim.

Yes, this seems to be fixed in the latest build of windows server (1803).

from hcsshim.