mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-29 22:46:12 +00:00
Rename to capabilities_restricted
This commit is contained in:
parent
08608a24f1
commit
250f47a45c
@ -33,25 +33,25 @@ const (
|
||||
)
|
||||
|
||||
func init() {
|
||||
addCheck(CheckDropCapabilities)
|
||||
addCheck(CheckCapabilitiesRestricted)
|
||||
}
|
||||
|
||||
// CheckDropCapabilities returns a restricted level check
|
||||
// that ensures all capabilities are dropped in 1.22+
|
||||
func CheckDropCapabilities() Check {
|
||||
// CheckCapabilitiesRestricted returns a restricted level check
|
||||
// that ensures ALL capabilities are dropped in 1.22+
|
||||
func CheckCapabilitiesRestricted() Check {
|
||||
return Check{
|
||||
ID: "dropCapabilities",
|
||||
ID: "capabilities_restricted",
|
||||
Level: api.LevelRestricted,
|
||||
Versions: []VersionedCheck{
|
||||
{
|
||||
MinimumVersion: api.MajorMinorVersion(1, 22),
|
||||
CheckPod: dropCapabilities_1_22,
|
||||
CheckPod: capabilitiesRestricted_1_22,
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func dropCapabilities_1_22(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult {
|
||||
func capabilitiesRestricted_1_22(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult {
|
||||
var (
|
||||
containersMissingDropAll []string
|
||||
containersAddingForbidden []string
|
@ -90,7 +90,7 @@ func init() {
|
||||
}
|
||||
|
||||
registerFixtureGenerator(
|
||||
fixtureKey{level: api.LevelRestricted, version: api.MajorMinorVersion(1, 22), check: "dropCapabilities"},
|
||||
fixtureKey{level: api.LevelRestricted, version: api.MajorMinorVersion(1, 22), check: "capabilities_restricted"},
|
||||
fixtureData_1_22,
|
||||
)
|
||||
}
|
Loading…
Reference in New Issue
Block a user