Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 3 of 3 for ConvertToRuntimeReadonlyPaths (0.39 sec)

  2. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/security_context.go 

    	if synthesized == nil {
		synthesized = &runtimeapi.LinuxContainerSecurityContext{
			MaskedPaths:   securitycontext.ConvertToRuntimeMaskedPaths(effectiveSc.ProcMount),
			ReadonlyPaths: securitycontext.ConvertToRuntimeReadonlyPaths(effectiveSc.ProcMount),
		}
	}
	var err error

	synthesized.Seccomp, err = m.getSeccompProfile(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault)
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 29 22:40:29 UTC 2024
    - 5.2K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    pkg/securitycontext/util.go 

    		return []string{}
	}

	// Otherwise, add the default masked paths to the runtime security context.
	return defaultMaskedPaths
}

// ConvertToRuntimeReadonlyPaths converts the ProcMountType to the specified or default
// readonly paths.
func ConvertToRuntimeReadonlyPaths(opt *v1.ProcMountType) []string {
	if opt != nil && *opt == v1.UnmaskedProcMount {
		// Unmasked proc mount should have no paths set as readonly.
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Feb 15 07:28:24 UTC 2023
    - 7.5K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    pkg/securitycontext/util_test.go 

    			pm:     &dPM,
			expect: defaultReadonlyPaths,
		},
		"procMount unmasked": {
			pm:     &uPM,
			expect: []string{},
		},
	}

	for k, v := range tests {
		actual := ConvertToRuntimeReadonlyPaths(v.pm)
		if !reflect.DeepEqual(actual, v.expect) {
			t.Errorf("%s failed, expected %#v but received %#v", k, v.expect, actual)
		}
	}
}

func TestDetermineEffectiveRunAsUser(t *testing.T) {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue May 05 01:25:23 UTC 2020
    - 5K bytes
    - Viewed (0)
Back to top