github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 15:05:27 +00:00
Code Issues Projects Releases Wiki Activity

AppArmor no reevaluation of host is needed

Browse Source
This commit is contained in:
Sergey Kanzhelev 2023-03-14 18:35:01 +00:00
parent 1cb334960c
commit 44159dfc32
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/security/apparmor/validate.go
View File

@ -81,11 +81,14 @@ func (v *validator) Validate(pod *v1.Pod) error {
return retErr
}
// ValidateHost verifies that the host and runtime is capable of enforcing AppArmor profiles.
// Note, this is intentionally only check the host at kubelet startup and never re-evaluates the host
// as the expectation is that the kubelet restart will be needed to enable or disable AppArmor support.
func (v *validator) ValidateHost() error {
return v.validateHostErr
}
// Verify that the host and runtime is capable of enforcing AppArmor profiles.
// validateHost verifies that the host and runtime is capable of enforcing AppArmor profiles.
func validateHost() error {
// Check feature-gates
if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) {