github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Improve an error message when privileged containers are disallowed globally on the cluster.

pull/6/head
Slava Semushin 2017-01-05 18:07:50 +01:00
parent bd100b3b80
commit 7e4b047743
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/api/validation/validation.go
View File

@ -3692,7 +3692,7 @@ func ValidateSecurityContext(sc *api.SecurityContext, fldPath *field.Path) field
if sc.Privileged != nil {
if *sc.Privileged && !capabilities.Get().AllowPrivileged {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), "disallowed by policy"))
allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), "disallowed by cluster policy"))
}
}

2
pkg/api/validation/validation_test.go
View File

@ -8601,7 +8601,7 @@ func TestValidateSecurityContext(t *testing.T) {
"request privileged when capabilities forbids": {
sc: privRequestWithGlobalDeny,
errorType: "FieldValueForbidden",
errorDetail: "disallowed by policy",
errorDetail: "disallowed by cluster policy",
},
"negative RunAsUser": {
sc: negativeRunAsUser,