Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 187 for seccompProfile (0.17 sec)

  2. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/helpers_linux_test.go 

    			podSc:         &v1.PodSecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost}},
			expectedError: "localhostProfile must be set if seccompProfile type is Localhost.",
		},
		{
			description:   "container seccomp profile set to SeccompProfileTypeLocalhost with empty LocalhostProfile returns error",
			containerSc:   &v1.SecurityContext{SeccompProfile: &v1.SeccompProfile{Type: v1.SeccompProfileTypeLocalhost}},
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Apr 24 18:25:29 UTC 2024
    - 16.6K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    pkg/securitycontext/accessors_test.go 

    				continue
			}
		}

		// SeccompProfile
		{
			modifiedSC := nonNilSC(tc.newSC())
			m := NewPodSecurityContextMutator(tc.newSC())
			modifiedSC.SeccompProfile = &api.SeccompProfile{Type: api.SeccompProfileTypeLocalhost, LocalhostProfile: pointer.String("verylocalhostey")}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Feb 22 16:15:27 UTC 2023
    - 27.8K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    pkg/securitycontext/accessors.go 

    	w.podSC.RunAsNonRoot = v
}
func (w *podSecurityContextWrapper) SeccompProfile() *api.SeccompProfile {
	if w.podSC == nil {
		return nil
	}
	return w.podSC.SeccompProfile
}
func (w *podSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) {
	if w.podSC == nil && p == nil {
		return
	}
	w.ensurePodSC()
	w.podSC.SeccompProfile = p
}
func (w *podSecurityContextWrapper) SupplementalGroups() []int64 {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Feb 22 16:15:27 UTC 2023
    - 14.4K bytes
    - Viewed (0)
  5. github.com/istio/istio

    releasenotes/notes/40115.yaml 

    apiVersion: release-notes/v2
kind: feature
area: installation
issue:
- 39791
releaseNotes:
- |
  **Added** `seccompProfile` fields to set the `seccompProfile` field in container
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Aug 16 23:57:10 UTC 2022
    - 262 bytes
    - Viewed (0)
  6. github.com/istio/istio

    manifests/charts/istio-operator/templates/deployment.yaml 

                  drop:
              - ALL
            privileged: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
{{- if .Values.operator.seccompProfile }}
            seccompProfile:
{{ toYaml .Values.operator.seccompProfile | trim | indent 14 }}
{{- end }}
{{- if .Values.imagePullPolicy }}
          imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- end }}
          resources:
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Fri Aug 25 19:10:42 UTC 2023
    - 2.6K bytes
    - Viewed (0)
  7. github.com/kubernetes/kubernetes

    staging/src/k8s.io/client-go/applyconfigurations/core/v1/podsecuritycontext.go 

    	FSGroupChangePolicy      *corev1.PodFSGroupChangePolicy                   `json:"fsGroupChangePolicy,omitempty"`
	SeccompProfile           *SeccompProfileApplyConfiguration                `json:"seccompProfile,omitempty"`
	AppArmorProfile          *AppArmorProfileApplyConfiguration               `json:"appArmorProfile,omitempty"`
}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 29 22:40:29 UTC 2024
    - 8.1K bytes
    - Viewed (0)
  8. github.com/kubernetes/kubernetes

    cluster/addons/metadata-agent/stackdriver/metadata-agent.yaml 

      namespace: kube-system
spec:
  selector:
    matchLabels:
      app: metadata-agent
  template:
    metadata:
      labels:
        app: metadata-agent
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      serviceAccountName: metadata-agent
      priorityClassName: system-node-critical
      nodeSelector:
        kubernetes.io/os: linux
      containers:
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu Aug 13 07:45:36 UTC 2020
    - 3.5K bytes
    - Viewed (0)
  9. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/helpers.go 

    	if containerSecContext != nil && containerSecContext.SeccompProfile != nil {
		return fieldSeccompProfile(containerSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault)
	}

	// when container seccomp is not defined, try to apply from pod field
	if podSecContext != nil && podSecContext.SeccompProfile != nil {
		return fieldSeccompProfile(podSecContext.SeccompProfile, m.seccompProfileRoot, fallbackToRuntimeDefault)
	}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 22 02:01:31 UTC 2024
    - 12K bytes
    - Viewed (0)
  10. github.com/kubernetes/kubernetes

    hack/testdata/pod-restricted-runtime-default.yaml 

    apiVersion: v1
kind: Pod
metadata:
  labels:
    run: target
  name: target
spec:
  securityContext:
    seccompProfile: 
      type: RuntimeDefault
  containers:
  - image: busybox
    name: target
    command: ["/bin/sh", "-c", "sleep 100"]
    securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        runAsNonRoot: true
        allowPrivilegeEscalation: false
        capabilities:
          drop:
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 24 11:16:49 UTC 2023
    - 437 bytes
    - Viewed (0)
  11. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/kuberuntime_sandbox_test.go 

    	pod := newTestPod()
	if podFieldProfile != nil {
		pod.Spec.SecurityContext = &v1.PodSecurityContext{
			SeccompProfile: podFieldProfile,
		}
	}
	if containerFieldProfile != nil {
		pod.Spec.Containers[0].SecurityContext = &v1.SecurityContext{
			SeccompProfile: containerFieldProfile,
		}
	}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Apr 24 18:25:29 UTC 2024
    - 14.3K bytes
    - Viewed (0)
Back to top