- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 88 for SELinux (0.1 sec)
-
pkg/volume/util/selinux.go
import ( "fmt" "github.com/opencontainers/selinux/go-selinux" "github.com/opencontainers/selinux/go-selinux/label" v1 "k8s.io/api/core/v1" utilfeature "k8s.io/apiserver/pkg/util/feature" v1helper "k8s.io/kubernetes/pkg/apis/core/v1/helper" "k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/pkg/volume" ) // SELinuxLabelTranslator translates v1.SELinuxOptions of a process to SELinux file label. type SELinuxLabelTranslator interface {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Feb 20 14:40:21 UTC 2024 - 6.3K bytes - Viewed (0) -
pkg/kubelet/volumemanager/cache/desired_state_of_wold_selinux_metrics.go
seLinuxContainerContextErrors = compbasemetrics.NewGaugeVec( &compbasemetrics.GaugeOpts{ Name: "volume_manager_selinux_container_errors_total", Help: "Number of errors when kubelet cannot compute SELinux context for a container. Kubelet can't start such a Pod then and it will retry, therefore value of this metric may not represent the actual nr. of containers.", StabilityLevel: compbasemetrics.ALPHA, },
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Mon Mar 04 12:16:56 UTC 2024 - 4.6K bytes - Viewed (0) -
pkg/kubelet/volumemanager/cache/desired_state_of_world.go
effectiveSELinuxMountFileLabel string // originalSELinuxLabel is the SELinux label that would be used if SELinux mount was supported for all access modes. // For RWOP volumes it's the same as effectiveSELinuxMountFileLabel. // It is used only to report potential SELinux mismatch metrics. // If empty, then: // - either the context+label is unknown (assigned randomly by the container runtime)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 04 06:25:43 UTC 2024 - 27.1K bytes - Viewed (0) -
pkg/kubelet/cm/devicemanager/plugin/v1beta1/server.go
klog.ErrorS(err, "Failed to create the device plugin socket directory", "directory", s.socketDir) return err } if selinux.GetEnabled() { if err := selinux.SetFileLabel(s.socketDir, config.KubeletPluginsDirSELinuxLabel); err != nil { klog.InfoS("Unprivileged containerized plugins might not work. Could not set selinux context on socket dir", "path", s.socketDir, "err", err) } }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Jan 27 02:10:25 UTC 2024 - 5.4K bytes - Viewed (0) -
pkg/kubelet/volumemanager/cache/desired_state_of_world_test.go
verifyPodExistsInVolumeDsw(t, podName, generatedVolumeName, "" /* SELinux */, dsw) verifyVolumeExistsWithSpecNameInVolumeDsw(t, podName, volumeSpec.Name(), dsw) } // Calls AddPodToVolume() with a volume that does not support SELinux. // Verifies newly added pod/volume exists via PodExistsInVolume() without SELinux context // VolumeExists() and GetVolumesToMount() and no errors.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 34K bytes - Viewed (0) -
pkg/registry/storage/csidriver/strategy_test.go
seLinuxMountReadWriteOncePodEnabled: false, old: driverWithNothing, update: driverWithSELinuxMountEnabled, wantSELinuxMount: nil, wantGeneration: 0, }, {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 16.7K bytes - Viewed (0) -
src/make.bash
echo echo 'Run sudo apt-get remove binutils-gold.' echo exit 1 fi # Test for bad SELinux. # On Fedora 16 the selinux filesystem is mounted at /sys/fs/selinux, # so loop through the possible selinux mount points. for se_mount in /selinux /sys/fs/selinux do if [[ -d $se_mount && -f $se_mount/booleans/allow_execstack && -x /usr/sbin/selinuxenabled ]] && /usr/sbin/selinuxenabled; then
Registered: Wed Jun 12 16:32:35 UTC 2024 - Last Modified: Wed May 29 13:48:46 UTC 2024 - 7.6K bytes - Viewed (0) -
pkg/volume/util/hostutil/hostutil_linux.go
limitations under the License. */ package hostutil import ( "fmt" "os" "path" "path/filepath" "strings" "syscall" "github.com/opencontainers/selinux/go-selinux" "golang.org/x/sys/unix" "k8s.io/klog/v2" "k8s.io/mount-utils" utilpath "k8s.io/utils/path" ) const ( // Location of the mountinfo file procMountInfoPath = "/proc/self/mountinfo" )
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Nov 23 08:36:44 UTC 2023 - 10K bytes - Viewed (0) -
releasenotes/notes/43945.yaml
apiVersion: release-notes/v2 kind: bug-fix area: installation issue: - 42485 releaseNotes: - | **Fixed** SELinux issue on CentOS9/RHEL9 where iptables-restore isn't allowed to open files in /tmp. Rules passed to iptables-restore are no longer written
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 15 19:51:19 UTC 2023 - 298 bytes - Viewed (0) -
releasenotes/notes/cni-no-sh.yaml
The new logic runs with no external dependencies, and will attempt to continue if errors are encountered (which could be caused by things like SELinux rules).
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jan 22 21:29:52 UTC 2024 - 445 bytes - Viewed (0)