github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-13 13:14:05 +00:00
Code Issues Projects Releases Wiki Activity

Check Pod privileged container

Browse Source
This commit is contained in:
Deyuan Deng
2015-05-09 17:17:36 -04:00
committed by Deyuan Deng
parent 738f403eea
commit 2f7183cba5
4 changed files with 65 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/kubelet/rkt/rkt.go
View File

@@ -31,7 +31,6 @@ import (
"time"
"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
"github.com/GoogleCloudPlatform/kubernetes/pkg/capabilities"
"github.com/GoogleCloudPlatform/kubernetes/pkg/client/record"
"github.com/GoogleCloudPlatform/kubernetes/pkg/credentialprovider"
kubecontainer "github.com/GoogleCloudPlatform/kubernetes/pkg/kubelet/container"
@@ -213,13 +212,10 @@ func setIsolators(app *appctypes.App, c *api.Container) error {
// Retained capabilities/privileged.
privileged := false
if !capabilities.Get().AllowPrivileged && securitycontext.HasPrivilegedRequest(c) {
return fmt.Errorf("container requested privileged mode, but it is disallowed globally.")
} else {
if c.SecurityContext != nil && c.SecurityContext.Privileged != nil {
privileged = *c.SecurityContext.Privileged
}
if c.SecurityContext != nil && c.SecurityContext.Privileged != nil {
privileged = *c.SecurityContext.Privileged
}
var addCaps string
if privileged {
addCaps = getAllCapabilities()