- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 12 for SELinux (0.1 sec)
-
pkg/volume/util/selinux.go
import ( "fmt" "github.com/opencontainers/selinux/go-selinux" "github.com/opencontainers/selinux/go-selinux/label" v1 "k8s.io/api/core/v1" utilfeature "k8s.io/apiserver/pkg/util/feature" v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" "k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/volume" ) // SELinuxLabelTranslator translates v1.SELinuxOptions of a process to SELinux file label. type SELinuxLabelTranslator interface {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Feb 20 14:40:21 UTC 2024 - 6.3K bytes - Viewed (0) -
pkg/kubelet/volumemanager/cache/desired_state_of_wold_selinux_metrics.go
seLinuxContainerContextErrors = compbasemetrics.NewGaugeVec( &compbasemetrics.GaugeOpts{ Name: "volume_manager_selinux_container_errors_total", Help: "Number of errors when kubelet cannot compute SELinux context for a container. Kubelet can't start such a Pod then and it will retry, therefore value of this metric may not represent the actual nr. of containers.", StabilityLevel: compbasemetrics.ALPHA, },
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Mar 04 12:16:56 UTC 2024 - 4.6K bytes - Viewed (0) -
pkg/kubelet/cm/devicemanager/plugin/v1beta1/server.go
klog.ErrorS(err, "Failed to create the device plugin socket directory", "directory", s.socketDir) return err } if selinux.GetEnabled() { if err := selinux.SetFileLabel(s.socketDir, config.KubeletPluginsDirSELinuxLabel); err != nil { klog.InfoS("Unprivileged containerized plugins might not work. Could not set selinux context on socket dir", "path", s.socketDir, "err", err) } }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Jan 27 02:10:25 UTC 2024 - 5.4K bytes - Viewed (0) -
src/make.bash
echo echo 'Run sudo apt-get remove binutils-gold.' echo exit 1 fi # Test for bad SELinux. # On Fedora 16 the selinux filesystem is mounted at /sys/fs/selinux, # so loop through the possible selinux mount points. for se_mount in /selinux /sys/fs/selinux do if [[ -d $se_mount && -f $se_mount/booleans/allow_execstack && -x /usr/sbin/selinuxenabled ]] && /usr/sbin/selinuxenabled; then
Registered: Wed Jun 12 16:32:35 UTC 2024 - Last Modified: Wed May 29 13:48:46 UTC 2024 - 7.6K bytes - Viewed (0) -
releasenotes/notes/43945.yaml
apiVersion: release-notes/v2 kind: bug-fix area: installation issue: - 42485 releaseNotes: - | **Fixed** SELinux issue on CentOS9/RHEL9 where iptables-restore isn't allowed to open files in /tmp. Rules passed to iptables-restore are no longer written
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 15 19:51:19 UTC 2023 - 298 bytes - Viewed (0) -
releasenotes/notes/cni-no-sh.yaml
The new logic runs with no external dependencies, and will attempt to continue if errors are encountered (which could be caused by things like SELinux rules).
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jan 22 21:29:52 UTC 2024 - 445 bytes - Viewed (0) -
pkg/volume/util/hostutil/fake_hostutil.go
func (hu *FakeHostUtil) GetOwner(pathname string) (int64, int64, error) { return -1, -1, errors.New("GetOwner not implemented") } // GetSELinuxSupport tests if pathname is on a mount that supports SELinux. // Not implemented for testing func (hu *FakeHostUtil) GetSELinuxSupport(pathname string) (bool, error) { return false, nil } // GetMode returns permissions of pathname. // Not implemented for testing
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Mar 14 13:32:38 UTC 2023 - 3.7K bytes - Viewed (0) -
samples/security/psp/sidecar-psp.yaml
apiVersion: policy/v1 kind: PodSecurityPolicy metadata: name: istio-sidecar spec: # Allow the istio sidecar injector to work allowedCapabilities: - NET_ADMIN - NET_RAW seLinux: rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny fsGroup: rule: RunAsAny volumes: - '*' --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Nov 27 17:55:37 UTC 2023 - 881 bytes - Viewed (0) -
src/net/mptcpsock_linux.go
// system. But also fallback in case of any error with MPTCP. // // Possible MPTCP specific error: ENOPROTOOPT (sysctl net.mptcp.enabled=0) // But just in case MPTCP is blocked differently (SELinux, etc.), just // retry with "plain" TCP. return sd.dialTCP(ctx, laddr, raddr) } func (sl *sysListener) listenMPTCP(ctx context.Context, laddr *TCPAddr) (*TCPListener, error) { if supportsMultipathTCP() {
Registered: Wed Jun 12 16:32:35 UTC 2024 - Last Modified: Wed May 24 18:48:34 UTC 2023 - 4K bytes - Viewed (0) -
pkg/volume/util/hostutil/hostutil_windows.go
func (hu *HostUtil) GetOwner(pathname string) (int64, int64, error) { return -1, -1, nil } // GetSELinuxSupport returns a boolean indicating support for SELinux. // Windows does not support SELinux. func (hu *HostUtil) GetSELinuxSupport(pathname string) (bool, error) { return false, nil } // GetMode returns permissions of the path.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Feb 28 13:38:40 UTC 2024 - 4.7K bytes - Viewed (0)