- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 88 for SELinux (0.11 sec)
-
pkg/volume/util/hostutil/fake_hostutil.go
func (hu *FakeHostUtil) GetOwner(pathname string) (int64, int64, error) { return -1, -1, errors.New("GetOwner not implemented") } // GetSELinuxSupport tests if pathname is on a mount that supports SELinux. // Not implemented for testing func (hu *FakeHostUtil) GetSELinuxSupport(pathname string) (bool, error) { return false, nil } // GetMode returns permissions of pathname. // Not implemented for testing
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Mar 14 13:32:38 UTC 2023 - 3.7K bytes - Viewed (0) -
samples/security/psp/sidecar-psp.yaml
apiVersion: policy/v1 kind: PodSecurityPolicy metadata: name: istio-sidecar spec: # Allow the istio sidecar injector to work allowedCapabilities: - NET_ADMIN - NET_RAW seLinux: rule: RunAsAny supplementalGroups: rule: RunAsAny runAsUser: rule: RunAsAny fsGroup: rule: RunAsAny volumes: - '*' --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata:
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Nov 27 17:55:37 UTC 2023 - 881 bytes - Viewed (0) -
src/net/mptcpsock_linux.go
// system. But also fallback in case of any error with MPTCP. // // Possible MPTCP specific error: ENOPROTOOPT (sysctl net.mptcp.enabled=0) // But just in case MPTCP is blocked differently (SELinux, etc.), just // retry with "plain" TCP. return sd.dialTCP(ctx, laddr, raddr) } func (sl *sysListener) listenMPTCP(ctx context.Context, laddr *TCPAddr) (*TCPListener, error) { if supportsMultipathTCP() {
Registered: Wed Jun 12 16:32:35 UTC 2024 - Last Modified: Wed May 24 18:48:34 UTC 2023 - 4K bytes - Viewed (0) -
pkg/kubelet/volumemanager/populator/desired_state_of_world_populator_test.go
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 51.4K bytes - Viewed (0) -
pkg/volume/util/hostutil/hostutil_windows.go
func (hu *HostUtil) GetOwner(pathname string) (int64, int64, error) { return -1, -1, nil } // GetSELinuxSupport returns a boolean indicating support for SELinux. // Windows does not support SELinux. func (hu *HostUtil) GetSELinuxSupport(pathname string) (bool, error) { return false, nil } // GetMode returns permissions of the path.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Feb 28 13:38:40 UTC 2024 - 4.7K bytes - Viewed (0) -
pkg/volume/util/hostutil/hostutil_linux_test.go
{ "no context", "/var/lib/foo", true, "", }, { "with context with SELinux", "/var/lib/kubelet/pods/d4f3b306-ad4c-4f7a-8983-b5b228039a8c/volumes/kubernetes.io~iscsi/mypv", true, "system_u:object_r:container_file_t:s0:c314,c894", }, { "with context with no SELinux", "/var/lib/kubelet/pods/d4f3b306-ad4c-4f7a-8983-b5b228039a8c/volumes/kubernetes.io~iscsi/mypv", false,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 20 14:49:03 UTC 2023 - 8K bytes - Viewed (0) -
pkg/volume/hostpath/host_path.go
} if err := os.MkdirAll(pv.Spec.HostPath.Path, 0750); err != nil { return nil, err } if selinux.GetEnabled() { err := selinux.SetFileLabel(pv.Spec.HostPath.Path, config.KubeletContainersSharedSELinuxLabel) if err != nil { return nil, fmt.Errorf("failed to set selinux label for %q: %v", pv.Spec.HostPath.Path, err) } } return pv, nil }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 14 06:17:25 UTC 2024 - 15.3K bytes - Viewed (0) -
pkg/volume/util/hostutil/hostutil.go
// GetOwner returns the integer ID for the user and group of the given path GetOwner(pathname string) (int64, int64, error) // GetSELinuxSupport returns true if given path is on a mount that supports // SELinux. GetSELinuxSupport(pathname string) (bool, error) // GetMode returns permissions of the path. GetMode(pathname string) (os.FileMode, error) // GetSELinuxMountContext returns value of -o context=XYZ mount option on
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Feb 28 13:38:40 UTC 2024 - 4.2K bytes - Viewed (0) -
cluster/images/etcd/Makefile
PUSH_REGISTRY?=staging-k8s.gcr.io MANIFEST_IMAGE := $(PUSH_REGISTRY)/etcd # Install binaries matching base distro permissions BIN_INSTALL := install -m 0555 # Hosts running SELinux need :z added to volume mounts SELINUX_ENABLED := $(shell cat /sys/fs/selinux/enforce 2> /dev/null || echo 0) ifeq ($(SELINUX_ENABLED),1) DOCKER_VOL_OPTS?=:z endif # This option is for running docker manifest command
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Jun 06 16:13:15 UTC 2024 - 11.1K bytes - Viewed (0) -
pkg/kubelet/volumemanager/cache/actual_state_of_world_test.go
verifyVolumeExistsWithSpecNameInVolumeAsw(t, podName, volumeSpec.Name(), asw) verifyVolumeMountedElsewhere(t, podName, generatedVolumeName, false /*expectedMountedElsewhere */, asw) } // Calls MarkVolumeAsAttached() once to add volume // Calls MarkDeviceAsMounted() with SELinux to mark volume as globally mounted.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 46.3K bytes - Viewed (0)