github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-05 07:27:21 +00:00
Code Issues Projects Releases Wiki Activity

rkt: Add pod selinux support.

Browse Source 
Currently only pod level selinux context is supported, besides when
running selinux, for now we will not be able to use the overlay fs
except for coreos, see:
https://github.com/coreos/rkt/issues/1727#issuecomment-173203129.
This commit is contained in:
Yifan Gu
2016-04-27 17:16:28 -07:00
committed by Yifan Gu
parent 7b4e255219
commit 0a7537ecbf
2 changed files with 70 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
pkg/kubelet/rkt/rkt_test.go
View File

@@ -1190,6 +1190,27 @@ func TestGenerateRunCommand(t *testing.T) {
nil,
fmt.Sprintf("/bin/rkt/rkt --insecure-options=image,ondisk --local-config=/var/rkt/local/data --dir=/var/data run-prepared --net=host --hostname=%s rkt-uuid-foo", hostName),
},
// Case #5, returns --net=host --no-overlay
{
&api.Pod{
ObjectMeta: api.ObjectMeta{
Name: "pod-name-foo",
},
Spec: api.PodSpec{
SecurityContext: &api.PodSecurityContext{
HostNetwork: true,
SELinuxOptions: &api.SELinuxOptions{},
},
},
},
"rkt-uuid-foo",
"",
[]string{""},
[]string{""},
"pod-hostname-foo",
nil,
fmt.Sprintf("/bin/rkt/rkt --insecure-options=image,ondisk --local-config=/var/rkt/local/data --dir=/var/data run-prepared --no-overlay=true --net=host --hostname=%s rkt-uuid-foo", hostName),
},
}
rkt := &Runtime{