- Sort Score
- Result 10 results
- Languages All
Results 1 - 7 of 7 for DetermineEffectiveSecurityContext (0.68 sec)
-
pkg/kubelet/kuberuntime/security_context.go
"k8s.io/kubernetes/pkg/securitycontext" ) // determineEffectiveSecurityContext gets container's security context from v1.Pod and v1.Container. func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container, uid *int64, username string) (*runtimeapi.LinuxContainerSecurityContext, error) { effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 5.2K bytes - Viewed (0) -
pkg/securitycontext/util.go
func HasWindowsHostProcessRequest(pod *v1.Pod, container *v1.Container) bool { effectiveSc := DetermineEffectiveSecurityContext(pod, container) if effectiveSc.WindowsOptions == nil { return false } if effectiveSc.WindowsOptions.HostProcess == nil { return false } return *effectiveSc.WindowsOptions.HostProcess } // DetermineEffectiveSecurityContext returns a synthesized SecurityContext for reading effective configurations
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Feb 15 07:28:24 UTC 2023 - 7.5K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/security_context_others.go
) // verifyRunAsNonRoot verifies RunAsNonRoot. func verifyRunAsNonRoot(pod *v1.Pod, container *v1.Container, uid *int64, username string) error { effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container) // If the option is not set, or if running as root is allowed, return nil. if effectiveSc == nil || effectiveSc.RunAsNonRoot == nil || !*effectiveSc.RunAsNonRoot { return nil }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Aug 24 19:47:49 UTC 2021 - 1.8K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/security_context_windows.go
// note: usernames on Windows are NOT case sensitive! func verifyRunAsNonRoot(pod *v1.Pod, container *v1.Container, uid *int64, username string) error { effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container) // If the option is not set, or if running as root is allowed, return nil. if effectiveSc == nil || effectiveSc.RunAsNonRoot == nil || !*effectiveSc.RunAsNonRoot { return nil }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Jul 18 22:23:13 UTC 2022 - 3.4K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/kuberuntime_container_windows.go
Resources: m.generateWindowsContainerResources(pod, container), SecurityContext: &runtimeapi.WindowsContainerSecurityContext{}, } // setup security context effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container) if username != "" { wc.SecurityContext.RunAsUsername = username } if effectiveSc.WindowsOptions != nil && effectiveSc.WindowsOptions.GMSACredentialSpec != nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 8K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/kuberuntime_container_linux.go
sc, err := m.determineEffectiveSecurityContext(pod, container, uid, username) if err != nil { return nil, err } lc := &runtimeapi.LinuxContainerConfig{ Resources: m.generateLinuxContainerResources(pod, container, enforceMemoryQoS),
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 17.2K bytes - Viewed (0) -
pkg/volume/util/util.go
var seLinuxOptions *v1.SELinuxOptions if utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) { effectiveContainerSecurity := securitycontext.DetermineEffectiveSecurityContext(pod, container) if effectiveContainerSecurity != nil { // No DeepCopy, SELinuxOptions is already a copy of Pod's or container's SELinuxOptions seLinuxOptions = effectiveContainerSecurity.SELinuxOptions
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri May 31 12:32:15 UTC 2024 - 28.8K bytes - Viewed (0)