mirror of https://github.com/k3s-io/k3s
5110db5087
Users must not be allowed to step outside the volume with subPath. Therefore the final subPath directory must be "locked" somehow and checked if it's inside volume. On Windows, we lock the directories. On Linux, we bind-mount the final subPath into /var/lib/kubelet/pods/<uid>/volume-subpaths/<container name>/<subPathName>, it can't be changed to symlink user once it's bind-mounted. |
||
|---|---|---|
| .. | ||
| BUILD | ||
| removeall.go | ||
| removeall_test.go | ||