Search Options

Results per page
Sort
Preferred Languages
Advance

Results 11 - 20 of 590 for SecurityContext (0.18 sec)

  2. github.com/kubernetes/kubernetes

    pkg/kubelet/sysctl/util.go 

    // according to the linux sysctl conversion rules.
// see https://man7.org/linux/man-pages/man5/sysctl.d.5.html for more details.
func ConvertPodSysctlsVariableToDotsSeparator(securityContext *v1.PodSecurityContext) {
	if securityContext == nil {
		return
	}
	for i, sysctl := range securityContext.Sysctls {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Oct 27 22:58:54 UTC 2023
    - 1.2K bytes
    - Viewed (0)
  3. github.com/istio/istio

    pkg/config/analysis/analyzers/deployment/pod.go 

    	if p.SecurityContext != nil && p.SecurityContext.RunAsUser != nil {
		if *p.SecurityContext.RunAsUser == UserID {
			context.Report(gvk.Pod, message)
		}
	}
	for _, container := range p.Containers {
		if container.Name != util.IstioProxyName && container.Name != util.IstioOperator {
			if container.SecurityContext != nil && container.SecurityContext.RunAsUser != nil {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Wed Mar 01 01:34:15 UTC 2023
    - 3.2K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    plugin/pkg/admission/imagepolicy/admission_test.go 

    			pod: &api.Pod{
				Spec: api.PodSpec{
					ServiceAccountName: "default",
					SecurityContext:    &api.PodSecurityContext{},
					Containers: []api.Container{
						{
							Image:           "bad",
							SecurityContext: &api.SecurityContext{},
						},
						{
							Image:           "good",
							SecurityContext: &api.SecurityContext{},
						},
					},
				},
			},
			wantAllowed: false,
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri Jun 02 06:05:06 UTC 2023
    - 32.9K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    cmd/kubeadm/app/util/staticpod/utils_linux.go 

    		}
	}
	pod.Spec.Containers[0].SecurityContext = &v1.SecurityContext{
		AllowPrivilegeEscalation: ptr.To(false),
		Capabilities: &v1.Capabilities{
			// We drop all capabilities that are added by default.
			Drop: []v1.Capability{"ALL"},
		},
	}
	pod.Spec.SecurityContext.RunAsUser = runAsUser
	pod.Spec.SecurityContext.RunAsGroup = runAsGroup
	pod.Spec.SecurityContext.SupplementalGroups = []int64{*supplementalGroup}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Sep 11 14:41:12 UTC 2023
    - 8.4K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    pkg/securitycontext/fake.go 

    limitations under the License.
*/

package securitycontext

import (
	"k8s.io/api/core/v1"
	api "k8s.io/kubernetes/pkg/apis/core"
)

// ValidSecurityContextWithContainerDefaults creates a valid security context provider based on
// empty container defaults.  Used for testing.
func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext {
	priv := false
	defProcMount := v1.DefaultProcMount
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu Dec 20 19:43:52 UTC 2018
    - 1.4K bytes
    - Viewed (0)
  7. github.com/kubernetes/kubernetes

    pkg/volume/util/util_test.go 

    			pod: &v1.Pod{
				Spec: v1.PodSpec{
					SecurityContext: &v1.PodSecurityContext{},
					InitContainers: []v1.Container{
						{
							SecurityContext: &v1.SecurityContext{
								RunAsUser: ptr.To[int64](1000),
							},
						},
					},
					Containers: []v1.Container{
						{
							SecurityContext: &v1.SecurityContext{
								RunAsUser: ptr.To[int64](1000),
							},
						},
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Fri May 31 12:32:15 UTC 2024
    - 28.7K bytes
    - Viewed (0)
  8. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/kuberuntime_sandbox_test.go 

    	pod := newTestPod()
	if podFieldProfile != nil {
		pod.Spec.SecurityContext = &v1.PodSecurityContext{
			SeccompProfile: podFieldProfile,
		}
	}
	if containerFieldProfile != nil {
		pod.Spec.Containers[0].SecurityContext = &v1.SecurityContext{
			SeccompProfile: containerFieldProfile,
		}
	}
	return pod
}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Apr 24 18:25:29 UTC 2024
    - 14.3K bytes
    - Viewed (0)
  9. github.com/kubernetes/kubernetes

    pkg/securitycontext/accessors_test.go 

    	testcases := map[string]struct {
		newSC func() *api.SecurityContext
	}{
		"nil": {
			newSC: func() *api.SecurityContext { return nil },
		},
		"zero": {
			newSC: func() *api.SecurityContext { return &api.SecurityContext{} },
		},
		"populated": {
			newSC: func() *api.SecurityContext {
				return &api.SecurityContext{
					Capabilities:   &api.Capabilities{Drop: []api.Capability{"test"}},
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Feb 22 16:15:27 UTC 2023
    - 27.8K bytes
    - Viewed (0)
  10. github.com/kubernetes/kubernetes

    pkg/kubelet/container/helpers_test.go 

    		return &b
	}
	tests := map[string]struct {
		securityContext *v1.SecurityContext
		expected        bool
	}{
		"nil security context": {
			securityContext: nil,
			expected:        false,
		},
		"nil privileged": {
			securityContext: &v1.SecurityContext{},
			expected:        false,
		},
		"false privileged": {
			securityContext: &v1.SecurityContext{Privileged: newBoolPtr(false)},
			expected:        false,
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed May 22 01:55:46 UTC 2024
    - 24.5K bytes
    - Viewed (0)
  11. github.com/kubernetes/kubernetes

    pkg/kubelet/kuberuntime/security_context_windows.go 

    	}
	if effectiveSc.SELinuxOptions != nil {
		klog.InfoS("Windows container does not support SecurityContext.SELinuxOptions, please use SecurityContext.WindowsOptions",
			"pod", klog.KObj(pod), "containerName", container.Name)
	}
	if effectiveSc.RunAsGroup != nil {
		klog.InfoS("Windows container does not support SecurityContext.RunAsGroup", "pod", klog.KObj(pod), "containerName", container.Name)
	}
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Jul 18 22:23:13 UTC 2022
    - 3.4K bytes
    - Viewed (0)
Back to top