- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 24 for AppArmor (0.12 sec)
-
pkg/kubelet/kuberuntime/helpers.go
} func getAppArmorProfile(pod *v1.Pod, container *v1.Container) (*runtimeapi.SecurityProfile, string, error) { profile := apparmor.GetProfile(pod, container) if profile == nil { return nil, "", nil } var ( securityProfile *runtimeapi.SecurityProfile deprecatedProfile string // Deprecated apparmor profile format, still provided for backwards compatibility with older runtimes. ) switch profile.Type {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 22 02:01:31 UTC 2024 - 12K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/helpers_test.go
name string podProfile *v1.AppArmorProfile expectedProfile *runtimeapi.SecurityProfile expectedOldProfile string expectError bool }{{ name: "no appArmor", expectedProfile: nil, }, { name: "runtime default", podProfile: &v1.AppArmorProfile{Type: v1.AppArmorProfileTypeRuntimeDefault}, expectedProfile: &runtimeapi.SecurityProfile{
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 11.7K bytes - Viewed (0) -
manifests/charts/istiod-remote/values.yaml
# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: # # annotations: # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default #
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 03 01:55:05 UTC 2024 - 21K bytes - Viewed (0) -
manifests/charts/istio-control/istio-discovery/values.yaml
# This is primarily to support PSP annotations. For example, if you defined a PSP with the annotations: # # annotations: # apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default # apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default #
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 03 01:55:05 UTC 2024 - 21.1K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/security_context.go
if err != nil { return nil, err } // set ApparmorProfile. synthesized.Apparmor, synthesized.ApparmorProfile, err = getAppArmorProfile(pod, container) if err != nil { return nil, err } // set RunAsUser. if synthesized.RunAsUser == nil { if uid != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 5.2K bytes - Viewed (0) -
pkg/api/pod/util_test.go
pod api.Pod }{{ description: "with AppArmor Annotations", hasAnnotations: true, pod: api.Pod{ ObjectMeta: metav1.ObjectMeta{Annotations: map[string]string{"a": "1", v1.DeprecatedAppArmorBetaContainerAnnotationKeyPrefix + "foo": "default"}}, Spec: api.PodSpec{}, }, }, { description: "with AppArmor Annotations & fields", hasAnnotations: true, hasFields: true,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 108.8K bytes - Viewed (0) -
pkg/api/pod/util.go
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 41.3K bytes - Viewed (0) -
pkg/features/kube_features.go
// beta: v1.24 // // Enables usage of any object for volume data source in PVCs AnyVolumeDataSource featuregate.Feature = "AnyVolumeDataSource" // owner: @tallclair // beta: v1.4 AppArmor featuregate.Feature = "AppArmor" // owner: @tallclair // beta: v1.30 AppArmorFields featuregate.Feature = "AppArmorFields" // owner: @danwinship // alpha: v1.27 // beta: v1.29 // GA: v1.30 //
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Jun 12 22:51:23 UTC 2024 - 45.2K bytes - Viewed (0) -
operator/cmd/mesh/install.go
# To override a setting that includes dots, escape them with a backslash (\). Your shell may require enclosing quotes. istioctl install --set "values.sidecarInjectorWebhook.injectedAnnotations.container\.apparmor\.security\.beta\.kubernetes\.io/istio-proxy=runtime/default" `, Args: cobra.ExactArgs(0), PreRunE: func(cmd *cobra.Command, args []string) error {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 17 21:52:35 UTC 2024 - 15.4K bytes - Viewed (0) -
pkg/apis/core/validation/validation_test.go
core.SeccompPodAnnotationKey: "localhost/../foo", }, }, Spec: validPodSpec(nil), }, }, "AppArmor profile must apply to a container": { expectedError: "metadata.annotations[container.apparmor.security.beta.kubernetes.io/fake-ctr]", spec: core.Pod{ ObjectMeta: metav1.ObjectMeta{ Name: "123", Namespace: "ns",
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 857.7K bytes - Viewed (0)