github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-07 03:03:59 +00:00
Code Issues Projects Releases Wiki Activity

PSA: update procmount tests to have hostUsers

Browse Source 
Signed-off-by: Peter Hunt <pehunt@redhat.com>
This commit is contained in:
Peter Hunt 2024-02-27 14:54:45 -05:00
parent 23706cb90c
commit 1f9c271c8c
182 changed files with 186 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
staging/src/k8s.io/pod-security-admission/policy/check_procMount_test.go
View File

@ -27,6 +27,7 @@ func TestProcMount(t *testing.T) {
unmaskedValue := corev1.UnmaskedProcMount
otherValue := corev1.ProcMountType("other")
hostUsers := false
tests := []struct {
name string
pod *corev1.Pod
@ -43,6 +44,7 @@ func TestProcMount(t *testing.T) {
{Name: "d", SecurityContext: &corev1.SecurityContext{ProcMount: &unmaskedValue}},
{Name: "e", SecurityContext: &corev1.SecurityContext{ProcMount: &otherValue}},
},
HostUsers: &hostUsers,
}},
expectReason: `procMount`,
expectDetail: `containers "d", "e" must not set securityContext.procMount to "Unmasked", "other"`,

4
staging/src/k8s.io/pod-security-admission/test/fixtures_procMount.go
View File

@ -23,6 +23,7 @@ import (
)
func init() {
hostUsers := false
fixtureData_1_0 := fixtureGenerator{
expectErrorSubstring: "procMount",
generatePass: func(p *corev1.Pod) []*corev1.Pod {
@ -33,6 +34,7 @@ func init() {
validProcMountType := corev1.DefaultProcMount
copy.Spec.Containers[0].SecurityContext.ProcMount = &validProcMountType
copy.Spec.InitContainers[0].SecurityContext.ProcMount = &validProcMountType
copy.Spec.HostUsers = &hostUsers
}),
}
},
@ -44,11 +46,13 @@ func init() {
tweak(p, func(copy *corev1.Pod) {
unmaskedProcMountType := corev1.UnmaskedProcMount
copy.Spec.Containers[0].SecurityContext.ProcMount = &unmaskedProcMountType
copy.Spec.HostUsers = &hostUsers
}),
// set proc mount of init container to a forbidden value
tweak(p, func(copy *corev1.Pod) {
unmaskedProcMountType := corev1.UnmaskedProcMount
copy.Spec.InitContainers[0].SecurityContext.ProcMount = &unmaskedProcMountType
copy.Spec.HostUsers = &hostUsers
}),
}
},

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.0/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.1/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.16/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.17/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.18/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.19/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.2/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.20/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.21/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.22/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.23/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.24/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.25/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.26/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.27/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.28/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.29/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.3/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.4/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.5/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.6/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.7/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.8/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.9/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.0/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/fail/procmount1.yaml vendored
View File

@ -7,6 +7,7 @@ spec:
- image: registry.k8s.io/pause
name: container1
securityContext: {}
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.1/pass/procmount0.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
procMount: Default
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/procmount0.yaml vendored
View File

@ -9,6 +9,7 @@ spec:
securityContext:
allowPrivilegeEscalation: false
procMount: Unmasked
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

1
staging/src/k8s.io/pod-security-admission/test/testdata/restricted/v1.10/fail/procmount1.yaml vendored
View File

@ -8,6 +8,7 @@ spec:
name: container1
securityContext:
allowPrivilegeEscalation: false
hostUsers: false
initContainers:
- image: registry.k8s.io/pause
name: initcontainer1

Some files were not shown because too many files have changed in this diff Show More