Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 21 for seLinuxOptions (0.19 sec)

  2. github.com/kubernetes/kubernetes

    pkg/securitycontext/util.go 

    		return effectiveSc
	}
	if effectiveSc == nil && containerSc != nil {
		return containerSc
	}

	if containerSc.SELinuxOptions != nil {
		effectiveSc.SELinuxOptions = new(v1.SELinuxOptions)
		*effectiveSc.SELinuxOptions = *containerSc.SELinuxOptions
	}

	if containerSc.WindowsOptions != nil {
		// only override fields that are set at the container level, not the whole thing
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Feb 15 07:28:24 UTC 2023
    - 7.5K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    pkg/volume/util/selinux.go 

    	"k8s.io/kubernetes/pkg/features"
	"k8s.io/kubernetes/pkg/volume"
)

// SELinuxLabelTranslator translates v1.SELinuxOptions of a process to SELinux file label.
type SELinuxLabelTranslator interface {
	// SELinuxOptionsToFileLabel returns SELinux file label for given SELinuxOptions
	// of a container process.
	// When Role, User or Type are empty, they're read from the system defaults.
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue Feb 20 14:40:21 UTC 2024
    - 6.3K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/security_context.go 

    	if securityContext == nil {
		return nil
	}

	sc := &runtimeapi.LinuxContainerSecurityContext{
		Capabilities:   convertToRuntimeCapabilities(securityContext.Capabilities),
		SelinuxOptions: convertToRuntimeSELinuxOption(securityContext.SELinuxOptions),
	}
	if securityContext.RunAsUser != nil {
		sc.RunAsUser = &runtimeapi.Int64Value{Value: int64(*securityContext.RunAsUser)}
	}
	if securityContext.RunAsGroup != nil {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 29 22:40:29 UTC 2024
    - 5.2K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/kuberuntime_sandbox_linux_test.go 

    			SelinuxOptions: &runtimeapi.SELinuxOption{
				User: "qux",
			},
			RunAsUser:  &runtimeapi.Int64Value{Value: 1000},
			RunAsGroup: &runtimeapi.Int64Value{Value: 10},
		},
	}

	podSandboxConfig, err := m.generatePodSandboxConfig(pod, 1)
	assert.NoError(t, err)
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 29 22:40:29 UTC 2024
    - 8K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    staging/src/k8s.io/client-go/applyconfigurations/core/v1/podsecuritycontext.go 

    // PodSecurityContextApplyConfiguration represents an declarative configuration of the PodSecurityContext type for use
// with apply.
type PodSecurityContextApplyConfiguration struct {
	SELinuxOptions           *SELinuxOptionsApplyConfiguration                `json:"seLinuxOptions,omitempty"`
	WindowsOptions           *WindowsSecurityContextOptionsApplyConfiguration `json:"windowsOptions,omitempty"`
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 29 22:40:29 UTC 2024
    - 8.1K bytes
    - Viewed (0)
  7. github.com/istio/istio

    manifests/charts/ztunnel/templates/daemonset.yaml 

              readOnlyRootFilesystem: true
          runAsGroup: 1337
          runAsNonRoot: false
          runAsUser: 0
{{- if .Values.seLinuxOptions }}
          seLinuxOptions:
{{ toYaml .Values.seLinuxOptions | trim | indent 12 }}
{{- end }}
        readinessProbe:
          httpGet:
            port: 15021
            path: /healthz/ready
        args:
        - proxy
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Jun 11 01:33:52 UTC 2024
    - 5.6K bytes
    - Viewed (0)
  8. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/security_context_windows_test.go 

    		{
			desc: "Pass if container's user and image's user aren't set and RunAsNonRoot is true",
			sc: &v1.SecurityContext{
				// verifyRunAsNonRoot should ignore the RunAsUser, SELinuxOptions, and RunAsGroup options.
				RunAsUser:      &uid,
				SELinuxOptions: &v1.SELinuxOptions{},
				RunAsGroup:     &uid,
				RunAsNonRoot:   &runAsNonRootTrue,
			},
			fail: false,
		},
		{
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Sat Jul 30 02:29:11 UTC 2022
    - 4.6K bytes
    - Viewed (0)
  9. github.com/istio/istio

    manifests/charts/ztunnel/files/profile-openshift-ambient.yaml 

        # Allow sidecars/ingress to send/receive HBONE. This is required for interop.
    PILOT_ENABLE_SENDING_HBONE: "true"
    PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true"
platform: openshift
variant: distroless
seLinuxOptions:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 30 20:24:06 UTC 2024
    - 883 bytes
    - Viewed (0)
  10. github.com/istio/istio

    manifests/helm-profiles/openshift-ambient.yaml 

        # Allow sidecars/ingress to send/receive HBONE. This is required for interop.
    PILOT_ENABLE_SENDING_HBONE: "true"
    PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true"
platform: openshift
variant: distroless
seLinuxOptions:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 30 20:24:06 UTC 2024
    - 664 bytes
    - Viewed (0)
  11. github.com/istio/istio

    manifests/charts/base/files/profile-openshift-ambient.yaml 

        # Allow sidecars/ingress to send/receive HBONE. This is required for interop.
    PILOT_ENABLE_SENDING_HBONE: "true"
    PILOT_ENABLE_SIDECAR_LISTENING_HBONE: "true"
platform: openshift
variant: distroless
seLinuxOptions:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu May 30 20:24:06 UTC 2024
    - 883 bytes
    - Viewed (0)
Back to top