mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-29 06:27:05 +00:00
Merge pull request #115968 from stlaz/sc_accessors
add SeccompProfile to Pod and Container accessors/mutators
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
388ad23561
@ -31,6 +31,7 @@ type PodSecurityContextAccessor interface {
|
|||||||
RunAsUser() *int64
|
RunAsUser() *int64
|
||||||
RunAsGroup() *int64
|
RunAsGroup() *int64
|
||||||
RunAsNonRoot() *bool
|
RunAsNonRoot() *bool
|
||||||
|
SeccompProfile() *api.SeccompProfile
|
||||||
SupplementalGroups() []int64
|
SupplementalGroups() []int64
|
||||||
FSGroup() *int64
|
FSGroup() *int64
|
||||||
}
|
}
|
||||||
@ -46,6 +47,7 @@ type PodSecurityContextMutator interface {
|
|||||||
SetRunAsUser(*int64)
|
SetRunAsUser(*int64)
|
||||||
SetRunAsGroup(*int64)
|
SetRunAsGroup(*int64)
|
||||||
SetRunAsNonRoot(*bool)
|
SetRunAsNonRoot(*bool)
|
||||||
|
SetSeccompProfile(*api.SeccompProfile)
|
||||||
SetSupplementalGroups([]int64)
|
SetSupplementalGroups([]int64)
|
||||||
SetFSGroup(*int64)
|
SetFSGroup(*int64)
|
||||||
|
|
||||||
@ -171,6 +173,19 @@ func (w *podSecurityContextWrapper) SetRunAsNonRoot(v *bool) {
|
|||||||
w.ensurePodSC()
|
w.ensurePodSC()
|
||||||
w.podSC.RunAsNonRoot = v
|
w.podSC.RunAsNonRoot = v
|
||||||
}
|
}
|
||||||
|
func (w *podSecurityContextWrapper) SeccompProfile() *api.SeccompProfile {
|
||||||
|
if w.podSC == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return w.podSC.SeccompProfile
|
||||||
|
}
|
||||||
|
func (w *podSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) {
|
||||||
|
if w.podSC == nil && p == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
w.ensurePodSC()
|
||||||
|
w.podSC.SeccompProfile = p
|
||||||
|
}
|
||||||
func (w *podSecurityContextWrapper) SupplementalGroups() []int64 {
|
func (w *podSecurityContextWrapper) SupplementalGroups() []int64 {
|
||||||
if w.podSC == nil {
|
if w.podSC == nil {
|
||||||
return nil
|
return nil
|
||||||
@ -211,6 +226,7 @@ type ContainerSecurityContextAccessor interface {
|
|||||||
RunAsGroup() *int64
|
RunAsGroup() *int64
|
||||||
RunAsNonRoot() *bool
|
RunAsNonRoot() *bool
|
||||||
ReadOnlyRootFilesystem() *bool
|
ReadOnlyRootFilesystem() *bool
|
||||||
|
SeccompProfile() *api.SeccompProfile
|
||||||
AllowPrivilegeEscalation() *bool
|
AllowPrivilegeEscalation() *bool
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -227,6 +243,7 @@ type ContainerSecurityContextMutator interface {
|
|||||||
SetRunAsGroup(*int64)
|
SetRunAsGroup(*int64)
|
||||||
SetRunAsNonRoot(*bool)
|
SetRunAsNonRoot(*bool)
|
||||||
SetReadOnlyRootFilesystem(*bool)
|
SetReadOnlyRootFilesystem(*bool)
|
||||||
|
SetSeccompProfile(*api.SeccompProfile)
|
||||||
SetAllowPrivilegeEscalation(*bool)
|
SetAllowPrivilegeEscalation(*bool)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -357,6 +374,20 @@ func (w *containerSecurityContextWrapper) SetReadOnlyRootFilesystem(v *bool) {
|
|||||||
w.ensureContainerSC()
|
w.ensureContainerSC()
|
||||||
w.containerSC.ReadOnlyRootFilesystem = v
|
w.containerSC.ReadOnlyRootFilesystem = v
|
||||||
}
|
}
|
||||||
|
func (w *containerSecurityContextWrapper) SeccompProfile() *api.SeccompProfile {
|
||||||
|
if w.containerSC == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return w.containerSC.SeccompProfile
|
||||||
|
}
|
||||||
|
func (w *containerSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) {
|
||||||
|
if w.containerSC == nil && p == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
w.ensureContainerSC()
|
||||||
|
w.containerSC.SeccompProfile = p
|
||||||
|
}
|
||||||
|
|
||||||
func (w *containerSecurityContextWrapper) AllowPrivilegeEscalation() *bool {
|
func (w *containerSecurityContextWrapper) AllowPrivilegeEscalation() *bool {
|
||||||
if w.containerSC == nil {
|
if w.containerSC == nil {
|
||||||
return nil
|
return nil
|
||||||
@ -464,6 +495,14 @@ func (w *effectiveContainerSecurityContextWrapper) SetReadOnlyRootFilesystem(v *
|
|||||||
w.containerSC.SetReadOnlyRootFilesystem(v)
|
w.containerSC.SetReadOnlyRootFilesystem(v)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
func (w *effectiveContainerSecurityContextWrapper) SeccompProfile() *api.SeccompProfile {
|
||||||
|
return w.containerSC.SeccompProfile()
|
||||||
|
}
|
||||||
|
func (w *effectiveContainerSecurityContextWrapper) SetSeccompProfile(p *api.SeccompProfile) {
|
||||||
|
if !reflect.DeepEqual(w.SeccompProfile(), p) {
|
||||||
|
w.containerSC.SetSeccompProfile(p)
|
||||||
|
}
|
||||||
|
}
|
||||||
func (w *effectiveContainerSecurityContextWrapper) AllowPrivilegeEscalation() *bool {
|
func (w *effectiveContainerSecurityContextWrapper) AllowPrivilegeEscalation() *bool {
|
||||||
return w.containerSC.AllowPrivilegeEscalation()
|
return w.containerSC.AllowPrivilegeEscalation()
|
||||||
}
|
}
|
||||||
|
|||||||
@ -22,6 +22,7 @@ import (
|
|||||||
|
|
||||||
"k8s.io/apimachinery/pkg/util/diff"
|
"k8s.io/apimachinery/pkg/util/diff"
|
||||||
api "k8s.io/kubernetes/pkg/apis/core"
|
api "k8s.io/kubernetes/pkg/apis/core"
|
||||||
|
"k8s.io/utils/pointer"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestPodSecurityContextAccessor(t *testing.T) {
|
func TestPodSecurityContextAccessor(t *testing.T) {
|
||||||
@ -41,6 +42,7 @@ func TestPodSecurityContextAccessor(t *testing.T) {
|
|||||||
{RunAsUser: &runAsUser},
|
{RunAsUser: &runAsUser},
|
||||||
{RunAsGroup: &runAsGroup},
|
{RunAsGroup: &runAsGroup},
|
||||||
{SELinuxOptions: &api.SELinuxOptions{User: "bob"}},
|
{SELinuxOptions: &api.SELinuxOptions{User: "bob"}},
|
||||||
|
{SeccompProfile: &api.SeccompProfile{Type: api.SeccompProfileTypeRuntimeDefault}},
|
||||||
{SupplementalGroups: []int64{1, 2, 3}},
|
{SupplementalGroups: []int64{1, 2, 3}},
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -73,6 +75,9 @@ func TestPodSecurityContextAccessor(t *testing.T) {
|
|||||||
if v := a.RunAsGroup(); !reflect.DeepEqual(expected.RunAsGroup, v) {
|
if v := a.RunAsGroup(); !reflect.DeepEqual(expected.RunAsGroup, v) {
|
||||||
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsGroup, v)
|
t.Errorf("%d: expected %#v, got %#v", i, expected.RunAsGroup, v)
|
||||||
}
|
}
|
||||||
|
if v := a.SeccompProfile(); !reflect.DeepEqual(expected.SeccompProfile, v) {
|
||||||
|
t.Errorf("%d: expected %#v, got %#v", i, expected.SeccompProfile, v)
|
||||||
|
}
|
||||||
if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) {
|
if v := a.SELinuxOptions(); !reflect.DeepEqual(expected.SELinuxOptions, v) {
|
||||||
t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v)
|
t.Errorf("%d: expected %#v, got %#v", i, expected.SELinuxOptions, v)
|
||||||
}
|
}
|
||||||
@ -102,6 +107,7 @@ func TestPodSecurityContextMutator(t *testing.T) {
|
|||||||
RunAsUser: nil,
|
RunAsUser: nil,
|
||||||
RunAsGroup: nil,
|
RunAsGroup: nil,
|
||||||
RunAsNonRoot: nil,
|
RunAsNonRoot: nil,
|
||||||
|
SeccompProfile: nil,
|
||||||
SupplementalGroups: nil,
|
SupplementalGroups: nil,
|
||||||
FSGroup: nil,
|
FSGroup: nil,
|
||||||
}
|
}
|
||||||
@ -130,6 +136,7 @@ func TestPodSecurityContextMutator(t *testing.T) {
|
|||||||
m.SetRunAsNonRoot(m.RunAsNonRoot())
|
m.SetRunAsNonRoot(m.RunAsNonRoot())
|
||||||
m.SetRunAsUser(m.RunAsUser())
|
m.SetRunAsUser(m.RunAsUser())
|
||||||
m.SetRunAsGroup(m.RunAsGroup())
|
m.SetRunAsGroup(m.RunAsGroup())
|
||||||
|
m.SetSeccompProfile(m.SeccompProfile())
|
||||||
m.SetSELinuxOptions(m.SELinuxOptions())
|
m.SetSELinuxOptions(m.SELinuxOptions())
|
||||||
m.SetSupplementalGroups(m.SupplementalGroups())
|
m.SetSupplementalGroups(m.SupplementalGroups())
|
||||||
if !reflect.DeepEqual(sc, originalSC) {
|
if !reflect.DeepEqual(sc, originalSC) {
|
||||||
@ -240,6 +247,18 @@ func TestPodSecurityContextMutator(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SeccompProfile
|
||||||
|
{
|
||||||
|
modifiedSC := nonNilSC(tc.newSC())
|
||||||
|
m := NewPodSecurityContextMutator(tc.newSC())
|
||||||
|
modifiedSC.SeccompProfile = &api.SeccompProfile{Type: api.SeccompProfileTypeLocalhost, LocalhostProfile: pointer.String("verylocalhostey")}
|
||||||
|
m.SetSeccompProfile(&api.SeccompProfile{Type: api.SeccompProfileTypeLocalhost, LocalhostProfile: pointer.String("verylocalhostey")})
|
||||||
|
if !reflect.DeepEqual(m.PodSecurityContext(), modifiedSC) {
|
||||||
|
t.Errorf("%s: unexpected object:\n%s", k, diff.ObjectGoPrintSideBySide(modifiedSC, m.PodSecurityContext()))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// SupplementalGroups
|
// SupplementalGroups
|
||||||
{
|
{
|
||||||
modifiedSC := nonNilSC(tc.newSC())
|
modifiedSC := nonNilSC(tc.newSC())
|
||||||
@ -272,6 +291,7 @@ func TestContainerSecurityContextAccessor(t *testing.T) {
|
|||||||
{RunAsGroup: &runAsGroup},
|
{RunAsGroup: &runAsGroup},
|
||||||
{RunAsNonRoot: &runAsNonRoot},
|
{RunAsNonRoot: &runAsNonRoot},
|
||||||
{ReadOnlyRootFilesystem: &readOnlyRootFilesystem},
|
{ReadOnlyRootFilesystem: &readOnlyRootFilesystem},
|
||||||
|
{SeccompProfile: &api.SeccompProfile{Type: api.SeccompProfileTypeRuntimeDefault}},
|
||||||
{AllowPrivilegeEscalation: &allowPrivilegeEscalation},
|
{AllowPrivilegeEscalation: &allowPrivilegeEscalation},
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -304,6 +324,9 @@ func TestContainerSecurityContextAccessor(t *testing.T) {
|
|||||||
if v := a.ReadOnlyRootFilesystem(); !reflect.DeepEqual(expected.ReadOnlyRootFilesystem, v) {
|
if v := a.ReadOnlyRootFilesystem(); !reflect.DeepEqual(expected.ReadOnlyRootFilesystem, v) {
|
||||||
t.Errorf("%d: expected %#v, got %#v", i, expected.ReadOnlyRootFilesystem, v)
|
t.Errorf("%d: expected %#v, got %#v", i, expected.ReadOnlyRootFilesystem, v)
|
||||||
}
|
}
|
||||||
|
if v := a.SeccompProfile(); !reflect.DeepEqual(expected.SeccompProfile, v) {
|
||||||
|
t.Errorf("%d: expected %#v, got %#v", i, expected.SeccompProfile, v)
|
||||||
|
}
|
||||||
if v := a.AllowPrivilegeEscalation(); !reflect.DeepEqual(expected.AllowPrivilegeEscalation, v) {
|
if v := a.AllowPrivilegeEscalation(); !reflect.DeepEqual(expected.AllowPrivilegeEscalation, v) {
|
||||||
t.Errorf("%d: expected %#v, got %#v", i, expected.AllowPrivilegeEscalation, v)
|
t.Errorf("%d: expected %#v, got %#v", i, expected.AllowPrivilegeEscalation, v)
|
||||||
}
|
}
|
||||||
@ -325,6 +348,7 @@ func TestContainerSecurityContextMutator(t *testing.T) {
|
|||||||
return &api.SecurityContext{
|
return &api.SecurityContext{
|
||||||
Capabilities: &api.Capabilities{Drop: []api.Capability{"test"}},
|
Capabilities: &api.Capabilities{Drop: []api.Capability{"test"}},
|
||||||
SELinuxOptions: &api.SELinuxOptions{},
|
SELinuxOptions: &api.SELinuxOptions{},
|
||||||
|
SeccompProfile: &api.SeccompProfile{},
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -450,6 +474,18 @@ func TestContainerSecurityContextMutator(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SeccompProfile
|
||||||
|
{
|
||||||
|
modifiedSC := nonNilSC(tc.newSC())
|
||||||
|
m := NewContainerSecurityContextMutator(tc.newSC())
|
||||||
|
modifiedSC.SeccompProfile = &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined}
|
||||||
|
m.SetSeccompProfile(&api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined})
|
||||||
|
if !reflect.DeepEqual(m.ContainerSecurityContext(), modifiedSC) {
|
||||||
|
t.Errorf("%s: unexpected object:\n%s", k, diff.ObjectGoPrintSideBySide(modifiedSC, m.ContainerSecurityContext()))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// SELinuxOptions
|
// SELinuxOptions
|
||||||
{
|
{
|
||||||
modifiedSC := nonNilSC(tc.newSC())
|
modifiedSC := nonNilSC(tc.newSC())
|
||||||
@ -493,12 +529,14 @@ func TestEffectiveContainerSecurityContextAccessor(t *testing.T) {
|
|||||||
{
|
{
|
||||||
PodSC: &api.PodSecurityContext{
|
PodSC: &api.PodSecurityContext{
|
||||||
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
||||||
|
SeccompProfile: &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined},
|
||||||
RunAsUser: &runAsUser,
|
RunAsUser: &runAsUser,
|
||||||
RunAsNonRoot: &runAsNonRoot,
|
RunAsNonRoot: &runAsNonRoot,
|
||||||
},
|
},
|
||||||
SC: nil,
|
SC: nil,
|
||||||
Effective: &api.SecurityContext{
|
Effective: &api.SecurityContext{
|
||||||
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
||||||
|
SeccompProfile: &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined},
|
||||||
RunAsUser: &runAsUser,
|
RunAsUser: &runAsUser,
|
||||||
RunAsNonRoot: &runAsNonRoot,
|
RunAsNonRoot: &runAsNonRoot,
|
||||||
},
|
},
|
||||||
@ -506,12 +544,14 @@ func TestEffectiveContainerSecurityContextAccessor(t *testing.T) {
|
|||||||
{
|
{
|
||||||
PodSC: &api.PodSecurityContext{
|
PodSC: &api.PodSecurityContext{
|
||||||
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
||||||
|
SeccompProfile: &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined},
|
||||||
RunAsUser: &runAsUserPod,
|
RunAsUser: &runAsUserPod,
|
||||||
RunAsNonRoot: &runAsNonRootPod,
|
RunAsNonRoot: &runAsNonRootPod,
|
||||||
},
|
},
|
||||||
SC: &api.SecurityContext{},
|
SC: &api.SecurityContext{},
|
||||||
Effective: &api.SecurityContext{
|
Effective: &api.SecurityContext{
|
||||||
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
||||||
|
SeccompProfile: &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined},
|
||||||
RunAsUser: &runAsUserPod,
|
RunAsUser: &runAsUserPod,
|
||||||
RunAsNonRoot: &runAsNonRootPod,
|
RunAsNonRoot: &runAsNonRootPod,
|
||||||
},
|
},
|
||||||
@ -519,6 +559,7 @@ func TestEffectiveContainerSecurityContextAccessor(t *testing.T) {
|
|||||||
{
|
{
|
||||||
PodSC: &api.PodSecurityContext{
|
PodSC: &api.PodSecurityContext{
|
||||||
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
||||||
|
SeccompProfile: &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined},
|
||||||
RunAsUser: &runAsUserPod,
|
RunAsUser: &runAsUserPod,
|
||||||
RunAsNonRoot: &runAsNonRootPod,
|
RunAsNonRoot: &runAsNonRootPod,
|
||||||
},
|
},
|
||||||
@ -530,6 +571,7 @@ func TestEffectiveContainerSecurityContextAccessor(t *testing.T) {
|
|||||||
RunAsUser: &runAsUser,
|
RunAsUser: &runAsUser,
|
||||||
RunAsNonRoot: &runAsNonRoot,
|
RunAsNonRoot: &runAsNonRoot,
|
||||||
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
||||||
|
SeccompProfile: &api.SeccompProfile{Type: api.SeccompProfileTypeRuntimeDefault},
|
||||||
},
|
},
|
||||||
Effective: &api.SecurityContext{
|
Effective: &api.SecurityContext{
|
||||||
AllowPrivilegeEscalation: &allowPrivilegeEscalation,
|
AllowPrivilegeEscalation: &allowPrivilegeEscalation,
|
||||||
@ -539,6 +581,7 @@ func TestEffectiveContainerSecurityContextAccessor(t *testing.T) {
|
|||||||
RunAsUser: &runAsUser,
|
RunAsUser: &runAsUser,
|
||||||
RunAsNonRoot: &runAsNonRoot,
|
RunAsNonRoot: &runAsNonRoot,
|
||||||
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
SELinuxOptions: &api.SELinuxOptions{User: "bob"},
|
||||||
|
SeccompProfile: &api.SeccompProfile{Type: api.SeccompProfileTypeRuntimeDefault},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -621,6 +664,7 @@ func TestEffectiveContainerSecurityContextMutator(t *testing.T) {
|
|||||||
newPodSC: func() *api.PodSecurityContext {
|
newPodSC: func() *api.PodSecurityContext {
|
||||||
return &api.PodSecurityContext{
|
return &api.PodSecurityContext{
|
||||||
SELinuxOptions: &api.SELinuxOptions{User: "poduser"},
|
SELinuxOptions: &api.SELinuxOptions{User: "poduser"},
|
||||||
|
SeccompProfile: &api.SeccompProfile{},
|
||||||
RunAsNonRoot: &runAsNonRootPod,
|
RunAsNonRoot: &runAsNonRootPod,
|
||||||
RunAsUser: &runAsUserPod,
|
RunAsUser: &runAsUserPod,
|
||||||
}
|
}
|
||||||
@ -635,6 +679,7 @@ func TestEffectiveContainerSecurityContextMutator(t *testing.T) {
|
|||||||
return &api.SecurityContext{
|
return &api.SecurityContext{
|
||||||
Capabilities: &api.Capabilities{Drop: []api.Capability{"test"}},
|
Capabilities: &api.Capabilities{Drop: []api.Capability{"test"}},
|
||||||
SELinuxOptions: &api.SELinuxOptions{},
|
SELinuxOptions: &api.SELinuxOptions{},
|
||||||
|
SeccompProfile: &api.SeccompProfile{},
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -667,6 +712,7 @@ func TestEffectiveContainerSecurityContextMutator(t *testing.T) {
|
|||||||
m.SetRunAsUser(m.RunAsUser())
|
m.SetRunAsUser(m.RunAsUser())
|
||||||
m.SetRunAsGroup(m.RunAsGroup())
|
m.SetRunAsGroup(m.RunAsGroup())
|
||||||
m.SetSELinuxOptions(m.SELinuxOptions())
|
m.SetSELinuxOptions(m.SELinuxOptions())
|
||||||
|
m.SetSeccompProfile(m.SeccompProfile())
|
||||||
if !reflect.DeepEqual(podSC, originalPodSC) {
|
if !reflect.DeepEqual(podSC, originalPodSC) {
|
||||||
t.Errorf("%s: unexpected mutation: %#v, %#v", k, podSC, originalPodSC)
|
t.Errorf("%s: unexpected mutation: %#v, %#v", k, podSC, originalPodSC)
|
||||||
}
|
}
|
||||||
@ -789,6 +835,18 @@ func TestEffectiveContainerSecurityContextMutator(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SeccompProfile
|
||||||
|
{
|
||||||
|
modifiedSC := nonNilSC(tc.newSC())
|
||||||
|
m := NewContainerSecurityContextMutator(tc.newSC())
|
||||||
|
modifiedSC.SeccompProfile = &api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined}
|
||||||
|
m.SetSeccompProfile(&api.SeccompProfile{Type: api.SeccompProfileTypeUnconfined})
|
||||||
|
if !reflect.DeepEqual(m.ContainerSecurityContext(), modifiedSC) {
|
||||||
|
t.Errorf("%s: unexpected object:\n%s", k, diff.ObjectGoPrintSideBySide(modifiedSC, m.ContainerSecurityContext()))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// SELinuxOptions
|
// SELinuxOptions
|
||||||
{
|
{
|
||||||
modifiedSC := nonNilSC(tc.newSC())
|
modifiedSC := nonNilSC(tc.newSC())
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user