- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 473 for privilege (0.11 sec)
-
pkg/registry/rbac/clusterrolebinding/policybased/storage.go
See the License for the specific language governing permissions and limitations under the License. */ // Package policybased implements a standard storage for ClusterRoleBinding that prevents privilege escalation. package policybased import ( "context" rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime"
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Nov 18 10:11:16 UTC 2022 - 4.9K bytes - Viewed (0) -
manifests/charts/istio-cni/templates/daemonset.yaml
port: 8000 securityContext: privileged: true # always requires privilege to be useful (install node plugin, etc) runAsGroup: 0 runAsUser: 0 runAsNonRoot: false # Both ambient and sidecar repair mode require elevated node privileges to function. # But we don't need _everything_ in `privileged`, so drop+readd capabilities based on feature.
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 17 21:52:29 UTC 2024 - 7.9K bytes - Viewed (0) -
src/cmd/go/testdata/script/mod_tidy_compat_ambiguous.txt
# root of the module graph contains the package), whereas it is ambiguous in # Go 1.16 (because two different modules contain plausible packages and Go 1.16 # does not privilege roots above other dependencies). # # However, the overall build list is identical for both versions. cp go.mod go.mod.orig ! go mod tidy
Registered: Wed Jun 12 16:32:35 UTC 2024 - Last Modified: Thu May 30 14:56:56 UTC 2024 - 4.8K bytes - Viewed (0) -
platforms/core-runtime/base-services/src/main/java/org/gradle/internal/SystemProperties.java
} public String getLineSeparator() { return System.getProperty("line.separator"); } /** * @deprecated Using the temporary directory on UNIX-based systems can lead to local privilege escalation or local sensitive information disclosure vulnerabilities. */ @Deprecated @SuppressWarnings("InlineMeSuggester") public String getJavaIoTmpDir() {
Registered: Wed Jun 12 18:38:38 UTC 2024 - Last Modified: Wed May 29 06:47:40 UTC 2024 - 7.6K bytes - Viewed (0) -
src/net/textproto/reader_test.go
"Content-Language: en\r\n" + "SID : 0\r\n" + "Audio Mode : None\r\n" + "Privilege : 127\r\n\r\n") m, err := r.ReadMIMEHeader() want := MIMEHeader{ "Foo": {"bar"}, "Content-Language": {"en"}, "SID ": {"0"}, "Audio Mode ": {"None"}, "Privilege ": {"127"}, } if !reflect.DeepEqual(m, want) || err != nil {
Registered: Wed Jun 12 16:32:35 UTC 2024 - Last Modified: Tue Mar 05 18:31:56 UTC 2024 - 14.7K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy_test.go
case "system:aggregate-to-edit": ret.edit = &role case "system:aggregate-to-view": ret.view = &role } } return ret } // viewEscalatingNamespaceResources is the list of rules that would allow privilege escalation attacks based on // ability to view (GET) them var viewEscalatingNamespaceResources = []rbacv1.PolicyRule{ rbacv1helpers.NewRule(bootstrappolicy.Read...).Groups("").Resources("pods/attach").RuleOrDie(),
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 12 15:45:31 UTC 2023 - 9.5K bytes - Viewed (0) -
cni/pkg/repair/repaircontroller.go
patchBytes := fmt.Sprintf(`{"metadata":{"labels":{%q:%q}}}`, c.cfg.LabelKey, c.cfg.LabelValue) // Both "pods" and "pods/status" can mutate the metadata. However, pods/status is lower privilege, so we use that instead. _, err := c.client.Kube().CoreV1().Pods(pod.Namespace).Patch(context.Background(), pod.Name, types.MergePatchType, []byte(patchBytes), metav1.PatchOptions{}, "status") if err != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Sat Feb 10 00:31:55 UTC 2024 - 10.4K bytes - Viewed (0) -
cluster/gce/windows/testonly/install-ssh.psm1
# # Just catch them and ignore them. Create-NewProfile $username $pw -ErrorAction Stop # Add the user to the Administrators group, otherwise we will not have # privilege when we ssh. Add-LocalGroupMember -Group Administrators -Member $username } catch {} $user_dir = "C:\Users\" + $username if (-not (Test-Path $user_dir)) {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue Nov 09 05:09:18 UTC 2021 - 11.6K bytes - Viewed (0) -
common-protos/k8s.io/api/policy/v1beta1/generated.proto
repeated PodSecurityPolicy items = 2; } // PodSecurityPolicySpec defines the policy enforced. message PodSecurityPolicySpec { // privileged determines if a pod can request to be run as privileged. // +optional optional bool privileged = 1; // defaultAddCapabilities is the default set of capabilities that will be added to the container
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Mar 11 18:43:24 UTC 2024 - 19.6K bytes - Viewed (0) -
operator/pkg/apis/istio/v1alpha1/values_types.proto
// Note the pod will be crashlooping, so this may take a few minutes to become fully functional based on when the retry occurs. // This requires no RBAC privilege, but will require the CNI agent to run as a privileged pod. bool repairPods = 11; // No longer used. string createEvents = 6 [deprecated = true];
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Jun 03 01:55:05 UTC 2024 - 57.2K bytes - Viewed (0)