mirror of https://github.com/k3s-io/k3s
1d3c7ca758
Automatic merge from submit-queue (batch tested with PRs 38727, 38726, 38347, 38348) Add 'privileged' to sandbox to indicate if any container might be privileged in it, document privileged Right now, the privileged flag is this magic thing which does "whatever Docker does". This documents it to make it a little less magic. In addition, due to how rkt uses `systemd-nspawn` as an outer layer of isolation in creating the sandbox, it's helpful to know beforehand whether the pod will be privileged so additional security options can be applied earlier / applied at all. I suspect the same indication will be useful for userns since userns should also occur at the pod layer, but it's possible that will be a separate/additional field. cc @lucab @jonboulle @yujuhong @feiskyer @kubernetes/sig-node ```release-note NONE ``` |
||
|---|---|---|
| .. | ||
| BUILD | ||
| doc.go | ||
| fake_kuberuntime_manager.go | ||
| helpers.go | ||
| helpers_test.go | ||
| instrumented_services.go | ||
| kuberuntime_container.go | ||
| kuberuntime_container_test.go | ||
| kuberuntime_gc.go | ||
| kuberuntime_gc_test.go | ||
| kuberuntime_image.go | ||
| kuberuntime_image_test.go | ||
| kuberuntime_logs.go | ||
| kuberuntime_logs_test.go | ||
| kuberuntime_manager.go | ||
| kuberuntime_manager_test.go | ||
| kuberuntime_sandbox.go | ||
| kuberuntime_sandbox_test.go | ||
| labels.go | ||
| labels_test.go | ||
| legacy.go | ||
| security_context.go | ||