github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
60,483 Commits
32 Branches
881 Tags
632 MiB
Commit Graph

47 Commits (56dc8f9a6ab09debeddf5349ee26730d3e9107f8)

Author SHA1 Message Date
Slava Semushin 3a461afaf5 pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests. 
- remove irrelevant test cases
- add test case for AllowPrivilegeEscalation: nil
- explicitly specify input and expected outcome
 2018-01-08 15:46:39 +01:00
Jeff Grafton efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Slava Semushin 4e74211aaf pkg/securitycontext/util.go(InternalDetermineEffectiveSecurityContext): remove unused function. 2017-11-15 17:50:03 +01:00
Dr. Stefan Schimanski bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski 012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Jordan Liggitt b6a750c1f6
SecurityContext: Add accessors/mutators for effective container security context 2017-10-16 02:22:10 -04:00
Jeff Grafton aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jess Frazelle 0ad51ed763
AllowPrivilegeEscalation: add validations for caps and privileged 
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
 2017-09-25 13:22:02 -04:00
Jeff Grafton a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton 33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Jess Frazelle 0f349cc61f
allowPrivilegeEscalation: modify api types & add functionality 
Signed-off-by: Jess Frazelle <acidburn@google.com>
 2017-07-24 12:52:41 -04:00
Chao Xu 60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00
mbohlool 70c4fe7f4f update generated files 2017-06-21 04:09:08 -07:00
mbohlool c91a12d205 Remove all references to types.UnixUserID and types.UnixGroupID 2017-06-21 04:09:07 -07:00
Jamie Hannaford 9440a68744 Use dedicated Unix User and Group ID types 2017-05-05 14:07:38 +02:00
Yu-Ju Hong 4506f4c2d0 securitycontext: move docker-specific logic into kubelet/dockertools 
This change moves the code specific to docker to kubelet/dockertools,
while leaving the common utility functions at its current package
(pkg/securitycontext).

When we deprecate dockertools in the future, the code will be moved to
pkg/kubelet/dockershim instead.
 2017-01-27 12:25:46 -08:00
Jeff Grafton 20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
Mike Danese 161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Mike Danese c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Chao Xu bcc783c594 run hack/update-all.sh 2016-11-23 15:53:09 -08:00
Chao Xu 4f3d0e3bde more dependencies packages: 
pkg/metrics
pkg/credentialprovider
pkg/security
pkg/securitycontext
pkg/serviceaccount
pkg/storage
pkg/fieldpath
 2016-11-23 15:53:09 -08:00
Pengfei Ni 3aee57d4ae Add security context support in dockershim 2016-11-07 11:07:56 +08:00
Mike Danese 3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
Matthew Wong cbdd121d2d Remove pod mutation for PVs with supplemental GIDs 2016-07-22 17:41:44 -04:00
Davanum Srinivas 2b0ed014b7 Use Go canonical import paths 
Add canonical imports only in existing doc.go files.
https://golang.org/doc/go1.4#canonicalimports

Fixes #29014
 2016-07-16 13:48:21 -04:00
Daniel Smith 360f2eb927 Revert "Remove pod mutation for PVs with supplemental GIDs" 2016-07-14 17:47:46 -07:00
Matthew Wong 58f973d8e7 Remove pod mutation for PVs with supplemental GIDs 2016-07-13 13:51:17 -04:00
David McMahon ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Alex Robinson d2a45f0ba5 Merge pull request #24909 from pmorie/security-context-loc 
Reduce LOC in security context tests
 2016-05-27 10:27:55 -07:00
Paul Weil 04dc71f959 retain read only root file system in determineEffectiveSecurityContext 2016-05-11 17:27:20 -04:00
Paul Morie 6f940a1a78 Reduce LOC in security context tests 2016-04-28 20:39:28 -04:00
Random-Liu ba4a5ed39e Refactor CreateContainer. 2016-04-14 17:05:46 -07:00
Eric Tune 4d090bfb09 Rename PodSecurityPolicy fields 
In podSecurityPolicy:
1. Rename .seLinuxContext to .seLinux
2. Rename .seLinux.type to .seLinux.rule
3. Rename .runAsUser.type to .runAsUser.rule
4. Rename .seLinux.SELinuxOptions

1,2,3 as suggested by thockin in #22159.
I added 3 for consistency with 2.
 2016-03-03 11:49:48 -08:00
Lantao Liu 4a386f881f Deprecate HostConfig at container start 2016-02-04 01:00:03 +00:00
Yifan Gu cc656ae6ac rkt: Refactor setIsolators. 
Replace manually creating isolators with isolator constructors.
Also add support for supplementary group IDs.
 2016-01-08 13:31:21 -08:00
Paul Morie 3cd12f5e05 FSGroup implementation 2015-10-22 16:40:59 -04:00
Paul Morie 393e2bc019 Inline some SecurityContext fields into PodSecurityContext 2015-10-21 19:01:17 -04:00
Sami Wagiaalla 030f882f06 Add Support for supplemental groups 2015-10-20 12:44:32 -04:00
Paul Weil e490c20c22 add non-root directive to SC and kubelet checking 2015-08-10 13:30:34 -04:00
Mike Danese 8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Paul Morie 5394aa979f Make emptyDir volumes work for non-root UIDs 2015-07-29 18:36:51 -04:00
Tim Hockin 65833e42c4 rename CapabilityType Capability 2015-05-18 17:21:30 -07:00
Shawn Smith 295286cdc8 Fix printf verb 2015-05-10 13:18:26 +09:00
Zach Loafman 875e83a741 Revert "Revert "Security context - types, kubelet, admission"" 2015-05-05 16:02:13 -07:00
Zach Loafman f48904fd5e Revert "Security context - types, kubelet, admission" 2015-05-05 15:20:39 -07:00
Paul Weil 982bf19c20 security context initial implementation - squash 2015-05-05 13:46:13 -04:00