Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 550 for SecurityContext (0.15 sec)

  2. github.com/istio/istio

    releasenotes/notes/securitycontext-condition.yaml 

    apiVersion: release-notes/v2
kind: bug-fix
area: installation
issue:
  - 49549
releaseNotes:
  - |
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Mon Jun 03 01:55:05 UTC 2024
    - 197 bytes
    - Viewed (0)
  3. github.com/minio/minio

    helm/minio/templates/post-job.yaml 

          tolerations: {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- if .Values.postJob.securityContext.enabled }}
      securityContext:
        runAsUser: {{ .Values.postJob.securityContext.runAsUser }}
        runAsGroup: {{ .Values.postJob.securityContext.runAsGroup }}
        fsGroup: {{ .Values.postJob.securityContext.fsGroup }}
      {{- end }}
      volumes:
        - name: etc-path
          emptyDir: {}
    Registered: Sun Jun 16 00:44:34 UTC 2024
    - Last Modified: Sat Jul 08 19:18:31 UTC 2023
    - 10.4K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/security_context_others_test.go 

    	for _, test := range []struct {
		desc     string
		sc       *v1.SecurityContext
		uid      *int64
		username string
		fail     bool
	}{
		{
			desc: "Pass if SecurityContext is not set",
			sc:   nil,
			uid:  &rootUser,
			fail: false,
		},
		{
			desc: "Pass if RunAsUser is non-root and RunAsNonRoot is true",
			sc: &v1.SecurityContext{
				RunAsNonRoot: &runAsNonRootTrue,
				RunAsUser:    &anyUser,
			},
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Mar 10 10:06:54 UTC 2023
    - 3.4K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/security_context.go 

    	if securityContext == nil {
		return nil
	}

	sc := &runtimeapi.LinuxContainerSecurityContext{
		Capabilities:   convertToRuntimeCapabilities(securityContext.Capabilities),
		SelinuxOptions: convertToRuntimeSELinuxOption(securityContext.SELinuxOptions),
	}
	if securityContext.RunAsUser != nil {
		sc.RunAsUser = &runtimeapi.Int64Value{Value: int64(*securityContext.RunAsUser)}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 29 22:40:29 UTC 2024
    - 5.2K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/security_context_windows_test.go 

    	for _, test := range []struct {
		desc     string
		sc       *v1.SecurityContext
		uid      *int64
		username string
		fail     bool
	}{
		{
			desc:     "Pass if SecurityContext is not set",
			sc:       nil,
			username: rootUser,
			fail:     false,
		},
		{
			desc: "Pass if RunAsNonRoot is not set",
			sc: &v1.SecurityContext{
				RunAsNonRoot: nil,
			},
			username: rootUser,
			fail:     false,
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Sat Jul 30 02:29:11 UTC 2022
    - 4.6K bytes
    - Viewed (0)
  7. github.com/kubernetes/kubernetes

    pkg/security/apparmor/helpers.go 

    func isRequired(pod *v1.Pod) bool {
	if pod.Spec.SecurityContext != nil && pod.Spec.SecurityContext.AppArmorProfile != nil &&
		pod.Spec.SecurityContext.AppArmorProfile.Type != v1.AppArmorProfileTypeUnconfined {
		return true
	}

	inUse := !podutil.VisitContainers(&pod.Spec, podutil.AllContainers, func(c *v1.Container, _ podutil.ContainerType) bool {
		if c.SecurityContext != nil && c.SecurityContext.AppArmorProfile != nil &&
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Mar 06 18:46:32 UTC 2024
    - 3.5K bytes
    - Viewed (0)
  8. github.com/kubernetes/kubernetes

    pkg/securitycontext/util.go 

    	var runAsUser *int64
	if pod.Spec.SecurityContext != nil && pod.Spec.SecurityContext.RunAsUser != nil {
		runAsUser = new(int64)
		*runAsUser = *pod.Spec.SecurityContext.RunAsUser
	}
	if container.SecurityContext != nil && container.SecurityContext.RunAsUser != nil {
		runAsUser = new(int64)
		*runAsUser = *container.SecurityContext.RunAsUser
	}
	if runAsUser == nil {
		return nil, false
	}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Feb 15 07:28:24 UTC 2023
    - 7.5K bytes
    - Viewed (0)
  9. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/kuberuntime_sandbox_linux_test.go 

    	assert.NoError(t, err)
	assert.Equal(t, expectedLinuxPodSandboxConfig.SecurityContext.SelinuxOptions, podSandboxConfig.Linux.SecurityContext.SelinuxOptions)
	assert.Equal(t, expectedLinuxPodSandboxConfig.SecurityContext.RunAsUser, podSandboxConfig.Linux.SecurityContext.RunAsUser)
	assert.Equal(t, expectedLinuxPodSandboxConfig.SecurityContext.RunAsGroup, podSandboxConfig.Linux.SecurityContext.RunAsGroup)
}

func newTestPodWithLinuxSecurityContext() *v1.Pod {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 29 22:40:29 UTC 2024
    - 8K bytes
    - Viewed (0)
  10. github.com/kubernetes/kubernetes

    pkg/kubelet/sysctl/util.go 

    // according to the linux sysctl conversion rules.
// see https://man7.org/linux/man-pages/man5/sysctl.d.5.html for more details.
func ConvertPodSysctlsVariableToDotsSeparator(securityContext *v1.PodSecurityContext) {
	if securityContext == nil {
		return
	}
	for i, sysctl := range securityContext.Sysctls {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Oct 27 22:58:54 UTC 2023
    - 1.2K bytes
    - Viewed (0)
  11. github.com/istio/istio

    pkg/config/analysis/analyzers/deployment/pod.go 

    	if p.SecurityContext != nil && p.SecurityContext.RunAsUser != nil {
		if *p.SecurityContext.RunAsUser == UserID {
			context.Report(gvk.Pod, message)
		}
	}
	for _, container := range p.Containers {
		if container.Name != util.IstioProxyName && container.Name != util.IstioOperator {
			if container.SecurityContext != nil && container.SecurityContext.RunAsUser != nil {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Mar 01 01:34:15 UTC 2023
    - 3.2K bytes
    - Viewed (0)
Back to top