- Sort Score
- Result 10 results
- Languages All
Results 21 - 30 of 44 for AppArmor (0.13 sec)
-
pkg/features/kube_features.go
// beta: v1.24 // // Enables usage of any object for volume data source in PVCs AnyVolumeDataSource featuregate.Feature = "AnyVolumeDataSource" // owner: @tallclair // beta: v1.4 AppArmor featuregate.Feature = "AppArmor" // owner: @tallclair // beta: v1.30 AppArmorFields featuregate.Feature = "AppArmorFields" // owner: @danwinship // alpha: v1.27 // beta: v1.29 // GA: v1.30 //
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Jun 12 22:51:23 UTC 2024 - 45.2K bytes - Viewed (0) -
operator/cmd/mesh/install.go
# To override a setting that includes dots, escape them with a backslash (\). Your shell may require enclosing quotes. istioctl install --set "values.sidecarInjectorWebhook.injectedAnnotations.container\.apparmor\.security\.beta\.kubernetes\.io/istio-proxy=runtime/default" `, Args: cobra.ExactArgs(0), PreRunE: func(cmd *cobra.Command, args []string) error {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 17 21:52:35 UTC 2024 - 15.4K bytes - Viewed (0) -
pkg/api/pod/warnings.go
} } // use of container AppArmor annotation without accompanying field if utilfeature.DefaultFeatureGate.Enabled(features.AppArmorFields) { isPodTemplate := fieldPath != nil // Pod warnings are emitted through applyAppArmorVersionSkew instead.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 07 17:51:48 UTC 2024 - 16.6K bytes - Viewed (0) -
pkg/apis/core/validation/validation_test.go
core.SeccompPodAnnotationKey: "localhost/../foo", }, }, Spec: validPodSpec(nil), }, }, "AppArmor profile must apply to a container": { expectedError: "metadata.annotations[container.apparmor.security.beta.kubernetes.io/fake-ctr]", spec: core.Pod{ ObjectMeta: metav1.ObjectMeta{ Name: "123", Namespace: "ns",
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 857.7K bytes - Viewed (0) -
pkg/kubelet/kubelet.go
// trigger deleting containers in a pod containerDeletor *podContainerDeletor // config iptables util rules makeIPTablesUtilChains bool // The AppArmor validator for checking whether AppArmor is supported. appArmorValidator apparmor.Validator // StatsProvider provides the node and the container stats. StatsProvider *stats.Provider
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 14 16:09:17 UTC 2024 - 126.1K bytes - Viewed (0) -
operator/README.md
To override a setting that includes dots, escape them with a backslash (\). Your shell may require enclosing quotes. ``` bash istioctl manifest generate --set "values.sidecarInjectorWebhook.injectedAnnotations.container\.apparmor\.security\.beta\.kubernetes\.io/istio-proxy=runtime/default" ``` To override a setting that is part of a list, use brackets. ``` bash
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sun Sep 17 08:27:52 UTC 2023 - 17.5K bytes - Viewed (0) -
src/syscall/exec_linux.go
// See user_namespaces(7). // // Note that User Namespaces are not available on a number of popular Linux // versions (due to security issues), or are available but subject to AppArmor // restrictions like in Ubuntu 24.04. type SysProcIDMap struct { ContainerID int // Container ID. HostID int // Host ID. Size int // Size. } type SysProcAttr struct {
Registered: Wed Jun 12 16:32:35 UTC 2024 - Last Modified: Wed May 15 07:45:37 UTC 2024 - 23K bytes - Viewed (0) -
pkg/apis/core/validation/validation.go
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 349.5K bytes - Viewed (0) -
src/syscall/exec_linux_test.go
} func TestAmbientCapsUserns(t *testing.T) { b, err := os.ReadFile("/proc/sys/kernel/apparmor_restrict_unprivileged_userns") if err == nil && strings.TrimSpace(string(b)) == "1" { t.Skip("AppArmor restriction for unprivileged user namespaces is enabled") } testAmbientCaps(t, true) } func testAmbientCaps(t *testing.T, userns bool) { if os.Getenv("GO_WANT_HELPER_PROCESS") == "1" {
Registered: Wed Jun 12 16:32:35 UTC 2024 - Last Modified: Wed May 15 07:45:37 UTC 2024 - 20.6K bytes - Viewed (0) -
pkg/apis/core/types.go
) // AppArmorProfile defines a pod or container's AppArmor settings. // +union type AppArmorProfile struct { // type indicates which kind of AppArmor profile will be applied. // Valid options are: // Localhost - a profile pre-loaded on the node. // RuntimeDefault - the container runtime's default profile. // Unconfined - no AppArmor enforcement. // +unionDescriminator Type AppArmorProfileType
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 268.9K bytes - Viewed (0)