github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
k3s/pkg/kubelet/rkt
History
Jan Safranek 5110db5087 Lock subPath volumes 
Users must not be allowed to step outside the volume with subPath.
Therefore the final subPath directory must be "locked" somehow
and checked if it's inside volume.

On Windows, we lock the directories. On Linux, we bind-mount the final
subPath into /var/lib/kubelet/pods/<uid>/volume-subpaths/<container name>/<subPathName>,
it can't be changed to symlink user once it's bind-mounted.
 		2018-03-05 09:14:44 +01:00
..
BUILD Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
OWNERS
cap.go
config.go
container_id.go
doc.go
fake_rkt_interface_test.go Merge pull request #56960 from islinwb/remove_unused_code_ut_pkg 2018-01-18 02:41:29 -08:00
image.go Remove dependency on v1 API in base credential provider 2018-01-05 17:52:06 -05:00
log.go run hack/update-all 2017-06-22 11:31:03 -07:00
rkt.go Lock subPath volumes 2018-03-05 09:14:44 +01:00
rkt_test.go remove duplicated import 2017-11-14 17:18:17 +08:00
systemd.go
version.go