- Sort Score
- Result 10 results
- Languages All
Results 41 - 50 of 88 for SELinux (0.18 sec)
-
pkg/kubelet/kuberuntime/kuberuntime_container.go
"net/url" "os" "path/filepath" "regexp" goruntime "runtime" "sort" "strconv" "strings" "sync" "time" crierror "k8s.io/cri-api/pkg/errors" "github.com/opencontainers/selinux/go-selinux" grpcstatus "google.golang.org/grpc/status" "github.com/armon/circbuf" "k8s.io/klog/v2" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" kubetypes "k8s.io/apimachinery/pkg/types"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Jun 04 06:25:43 UTC 2024 - 54.7K bytes - Viewed (0) -
staging/src/k8s.io/api/core/v1/types.go
type SELinuxOptions struct { // User is a SELinux user label that applies to the container. // +optional User string `json:"user,omitempty" protobuf:"bytes,1,opt,name=user"` // Role is a SELinux role label that applies to the container. // +optional Role string `json:"role,omitempty" protobuf:"bytes,2,opt,name=role"` // Type is a SELinux type label that applies to the container. // +optional
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 390.8K bytes - Viewed (0) -
pkg/volume/util/operationexecutor/operation_executor.go
DesiredPersistentVolumeSize resource.Quantity // SELinux label that should be used to mount. // The label is set when: // * SELinuxMountReadWriteOncePod feature gate is enabled and the volume is RWOP and kubelet knows the SELinux label. // * Or, SELinuxMount feature gate is enabled and kubelet knows the SELinux label. SELinuxLabel string }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 14 06:17:25 UTC 2024 - 42.6K bytes - Viewed (0) -
pkg/kubelet/volumemanager/reconciler/reconciler_common.go
volumeToMount.DevicePath = devicePath if cache.IsSELinuxMountMismatchError(err) { // The volume is mounted, but with an unexpected SELinux context. // It will get unmounted in unmountVolumes / unmountDetachDevices and // then removed from actualStateOfWorld. rc.desiredStateOfWorld.AddErrorToPod(volumeToMount.PodName, err.Error()) continue
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 21 10:23:12 UTC 2024 - 14.8K bytes - Viewed (0) -
tools/istio-iptables/pkg/dependencies/implementation_linux.go
// Users running into this may have IPTables lock used unexpectedly or make unexpected NSS calls. // This is to support environments with restrictive access (from SELinux, but possibly others) that block these calls // See https://github.com/istio/istio/issues/48746 log.Warnf("failed to setup execution environment, attempting to continue anyways: %v", err) // Try to execute as-is
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Mar 12 20:49:10 UTC 2024 - 12K bytes - Viewed (0) -
CHANGELOG/CHANGELOG-1.2.md
* FSGroup - a special supplemental group * SELinux options * If a pod defines an FSGroup, that Pod’s system (emptyDir, secret, configMap, etc) volumes and block-device volumes will be owned by the FSGroup, and each container in the pod will run with the FSGroup as a supplemental group * Volumes that support SELinux labelling are now automatically relabeled with the Pod’s SELinux context, if specified
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Dec 04 06:36:19 UTC 2020 - 41.4K bytes - Viewed (0) -
pkg/kubelet/container/runtime.go
HostPath string // Whether the mount is read-only. ReadOnly bool // Whether the mount is recursive read-only. // Must not be true if ReadOnly is false. RecursiveReadOnly bool // Whether the mount needs SELinux relabeling SELinuxRelabel bool // Requested propagation mode Propagation runtimeapi.MountPropagation } // PortMapping contains information about the port mapping. type PortMapping struct {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 07 00:05:23 UTC 2024 - 27.8K bytes - Viewed (0) -
go.mod
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 github.com/opencontainers/runc v1.1.12 github.com/opencontainers/selinux v1.11.0 github.com/pkg/errors v0.9.1 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Jun 12 21:47:11 UTC 2024 - 11.8K bytes - Viewed (0) -
api/openapi-spec/v3/apis__batch__v1_openapi.json
"level": { "description": "Level is SELinux level label that applies to the container.", "type": "string" }, "role": { "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, "type": { "description": "Type is a SELinux type label that applies to the container.",
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Jun 05 18:37:07 UTC 2024 - 485.4K bytes - Viewed (0) -
pkg/kubelet/kubelet.go
} } if selinux.GetEnabled() { err := selinux.SetFileLabel(pluginRegistrationDir, config.KubeletPluginsDirSELinuxLabel) if err != nil { klog.InfoS("Unprivileged containerized plugins might not work, could not set selinux context on plugin registration dir", "path", pluginRegistrationDir, "err", err) } err = selinux.SetFileLabel(pluginsDir, config.KubeletPluginsDirSELinuxLabel)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Jun 14 16:09:17 UTC 2024 - 126.1K bytes - Viewed (0)