- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 145 for ProcMount (0.17 sec)
-
pkg/securitycontext/util_test.go
uPM := v1.UnmaskedProcMount tests := map[string]struct { pm *v1.ProcMountType expect []string }{ "procMount nil": { pm: nil, expect: defaultMaskedPaths, }, "procMount default": { pm: &dPM, expect: defaultMaskedPaths, }, "procMount unmasked": { pm: &uPM, expect: []string{}, }, } for k, v := range tests {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Tue May 05 01:25:23 UTC 2020 - 5K bytes - Viewed (0) -
pkg/kubelet/kuberuntime/security_context.go
if synthesized == nil { synthesized = &runtimeapi.LinuxContainerSecurityContext{ MaskedPaths: securitycontext.ConvertToRuntimeMaskedPaths(effectiveSc.ProcMount), ReadonlyPaths: securitycontext.ConvertToRuntimeReadonlyPaths(effectiveSc.ProcMount), } } var err error synthesized.Seccomp, err = m.getSeccompProfile(pod.Annotations, container.Name, pod.Spec.SecurityContext, container.SecurityContext, m.seccompDefault)
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 5.2K bytes - Viewed (0) -
pkg/securitycontext/fake.go
func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext { priv := false defProcMount := v1.DefaultProcMount return &v1.SecurityContext{ Capabilities: &v1.Capabilities{}, Privileged: &priv, ProcMount: &defProcMount, } } // ValidInternalSecurityContextWithContainerDefaults creates a valid security context provider based on // empty container defaults. Used for testing.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Dec 20 19:43:52 UTC 2018 - 1.4K bytes - Viewed (0) -
pkg/securitycontext/util.go
effectiveSc.AllowPrivilegeEscalation = new(bool) *effectiveSc.AllowPrivilegeEscalation = *containerSc.AllowPrivilegeEscalation } if containerSc.ProcMount != nil { effectiveSc.ProcMount = new(v1.ProcMountType) *effectiveSc.ProcMount = *containerSc.ProcMount } return effectiveSc } // DetermineEffectiveRunAsUser returns a pointer of UID from the provided pod's
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Feb 15 07:28:24 UTC 2023 - 7.5K bytes - Viewed (0) -
pkg/securitycontext/accessors.go
return } w.ensureContainerSC() w.containerSC.Privileged = v } func (w *containerSecurityContextWrapper) ProcMount() api.ProcMountType { if w.containerSC == nil { return api.DefaultProcMount } if w.containerSC.ProcMount == nil { return api.DefaultProcMount } return *w.containerSC.ProcMount } func (w *containerSecurityContextWrapper) SELinuxOptions() *api.SELinuxOptions { if w.containerSC == nil {
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Feb 22 16:15:27 UTC 2023 - 14.4K bytes - Viewed (0) -
pkg/api/pod/util.go
if c.SecurityContext != nil && c.SecurityContext.ProcMount != nil { // The ProcMount field was improperly forced to non-nil in 1.12. // If the feature is disabled, and the existing object is not using any non-default values, and the ProcMount field is present in the incoming object, force to the default value.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 41.3K bytes - Viewed (0) -
pkg/api/pod/util_test.go
} func TestDropProcMount(t *testing.T) { procMount := api.UnmaskedProcMount defaultProcMount := api.DefaultProcMount podWithProcMount := func() *api.Pod { return &api.Pod{ Spec: api.PodSpec{ RestartPolicy: api.RestartPolicyNever, Containers: []api.Container{{Name: "container1", Image: "testimage", SecurityContext: &api.SecurityContext{ProcMount: &procMount}}},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed May 29 22:40:29 UTC 2024 - 108.8K bytes - Viewed (0) -
staging/src/k8s.io/api/testdata/v1.29.0/apps.v1.DaemonSet.json
"runAsUser": 4, "runAsGroup": 8, "runAsNonRoot": true, "readOnlyRootFilesystem": true, "allowPrivilegeEscalation": true, "procMount": "procMountValue", "seccompProfile": { "type": "typeValue", "localhostProfile": "localhostProfileValue" } }, "stdin": true,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Dec 15 04:12:07 UTC 2023 - 53.6K bytes - Viewed (0) -
staging/src/k8s.io/api/testdata/v1.29.0/apps.v1.Deployment.json
"runAsUser": 4, "runAsGroup": 8, "runAsNonRoot": true, "readOnlyRootFilesystem": true, "allowPrivilegeEscalation": true, "procMount": "procMountValue", "seccompProfile": { "type": "typeValue", "localhostProfile": "localhostProfileValue" } }, "stdin": true,
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Dec 15 04:12:07 UTC 2023 - 53.7K bytes - Viewed (0) -
staging/src/k8s.io/api/testdata/v1.29.0/apps.v1beta2.ReplicaSet.yaml
allowPrivilegeEscalation: true capabilities: add: - addValue drop: - dropValue privileged: true procMount: procMountValue readOnlyRootFilesystem: true runAsGroup: 8 runAsNonRoot: true runAsUser: 4 seLinuxOptions: level: levelValue
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Dec 15 04:12:07 UTC 2023 - 34.2K bytes - Viewed (0)