github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 04:06:03 +00:00
Code Issues Projects Releases Wiki Activity

Run injector as privileged pod

Browse Source 
Privileged pod can write bypass any SELinux checks. NFS, CephFS and Gluster
test now work without setting special SELinux boolean for them.
This commit is contained in:
Jan Safranek 2019-01-22 14:49:04 +01:00
parent 27e5971c11
commit 4c4401c175
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test/e2e/framework/volume_util.go
View File

@ -486,6 +486,7 @@ func InjectHtml(client clientset.Interface, config VolumeTestConfig, volume v1.V
podClient := client.CoreV1().Pods(config.Namespace)
podName := fmt.Sprintf("%s-injector-%s", config.Prefix, rand.String(4))
volMountName := fmt.Sprintf("%s-volume-%s", config.Prefix, rand.String(4))
privileged := true
injectPod := &v1.Pod{
TypeMeta: metav1.TypeMeta{
@ -511,11 +512,9 @@ func InjectHtml(client clientset.Interface, config VolumeTestConfig, volume v1.V
MountPath: "/mnt",
},
},
},
},
SecurityContext: &v1.PodSecurityContext{
SELinuxOptions: &v1.SELinuxOptions{
Level: "s0:c0,c1",
SecurityContext: &v1.SecurityContext{
Privileged: &privileged,
},
},
},
RestartPolicy: v1.RestartPolicyNever,