b376b31ee0
Resolve potential devicePath symlink when MapVolume in containerized kubelet
2018-06-26 13:08:36 -04:00
74ba0878a1
Enhance ExistsPath check
...
It should return error when the check fails (e.g. no permissions, symlink link
loop etc.)
2018-05-23 10:21:20 +02:00
97b5299cd7
Add GetMode to mounter interface.
...
Kubelet must not call os.Lstat on raw volume paths when it runs in a container.
Mounter knows where the file really is.
2018-05-23 10:17:59 +02:00
598ca5accc
Add GetSELinuxSupport to mounter.
2018-05-17 13:36:37 +02:00
3748197876
Add more volume types in e2e and fix part of them.
...
- Add dir-link/dir-bindmounted/dir-link-bindmounted/blockfs volume types for e2e
tests.
- Return error if we cannot resolve volume path.
- Add GetFSGroup/GetMountRefs methods for mount.Interface.
- Fix fsGroup related e2e tests partially.
2018-05-02 10:31:42 +08:00
5110db5087
Lock subPath volumes
...
Users must not be allowed to step outside the volume with subPath.
Therefore the final subPath directory must be "locked" somehow
and checked if it's inside volume.
On Windows, we lock the directories. On Linux, we bind-mount the final
subPath into /var/lib/kubelet/pods/<uid>/volume-subpaths/<container name>/<subPathName>,
it can't be changed to symlink user once it's bind-mounted.
2018-03-05 09:14:44 +01:00
790f513d23
Fix cross-compliation of mount_exec.go
...
Add dummy implementation for non-linux platforms
2017-11-14 16:30:00 +01:00
Matthew Wong