github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-06 07:57:35 +00:00
Code Issues Projects Releases Wiki Activity

Adds ReadOnlyRootFilesystem support for containers

Browse Source
This commit is contained in:
Nick Schuch
2016-02-12 08:31:26 +10:00
parent c30bffacc8
commit 5d511aeb54
18 changed files with 427 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

166
pkg/api/types.generated.go
View File

@@ -46664,7 +46664,7 @@ func (x *SecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
} else {
yysep2 := !z.EncBinary()
yy2arr2 := z.EncBasicHandle().StructToArray
var yyq2 [5]bool
var yyq2 [6]bool
_, _, _ = yysep2, yyq2, yy2arr2
const yyr2 bool = false
yyq2[0] = x.Capabilities != nil
@@ -46672,9 +46672,10 @@ func (x *SecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
yyq2[2] = x.SELinuxOptions != nil
yyq2[3] = x.RunAsUser != nil
yyq2[4] = x.RunAsNonRoot != nil
yyq2[5] = x.ReadOnlyRootFilesystem != nil
var yynn2 int
if yyr2 || yy2arr2 {
r.EncodeArrayStart(5)
r.EncodeArrayStart(6)
} else {
yynn2 = 0
for _, b := range yyq2 {
@@ -46836,6 +46837,41 @@ func (x *SecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
if yyq2[5] {
if x.ReadOnlyRootFilesystem == nil {
r.EncodeNil()
} else {
yy25 := *x.ReadOnlyRootFilesystem
yym26 := z.EncBinary()
_ = yym26
if false {
} else {
r.EncodeBool(bool(yy25))
}
}
} else {
r.EncodeNil()
}
} else {
if yyq2[5] {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("readOnlyRootFilesystem"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
if x.ReadOnlyRootFilesystem == nil {
r.EncodeNil()
} else {
yy27 := *x.ReadOnlyRootFilesystem
yym28 := z.EncBinary()
_ = yym28
if false {
} else {
r.EncodeBool(bool(yy27))
}
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
} else {
@@ -46967,6 +47003,22 @@ func (x *SecurityContext) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
*((*bool)(x.RunAsNonRoot)) = r.DecodeBool()
}
}
case "readOnlyRootFilesystem":
if r.TryDecodeAsNil() {
if x.ReadOnlyRootFilesystem != nil {
x.ReadOnlyRootFilesystem = nil
}
} else {
if x.ReadOnlyRootFilesystem == nil {
x.ReadOnlyRootFilesystem = new(bool)
}
yym13 := z.DecBinary()
_ = yym13
if false {
} else {
*((*bool)(x.ReadOnlyRootFilesystem)) = r.DecodeBool()
}
}
default:
z.DecStructFieldNotFound(-1, yys3)
} // end switch yys3
@@ -46978,16 +47030,16 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
var h codecSelfer1234
z, r := codec1978.GenHelperDecoder(d)
_, _, _ = h, z, r
var yyj12 int
var yyb12 bool
var yyhl12 bool = l >= 0
yyj12++
if yyhl12 {
yyb12 = yyj12 > l
var yyj14 int
var yyb14 bool
var yyhl14 bool = l >= 0
yyj14++
if yyhl14 {
yyb14 = yyj14 > l
} else {
yyb12 = r.CheckBreak()
yyb14 = r.CheckBreak()
}
if yyb12 {
if yyb14 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -47002,13 +47054,13 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
}
x.Capabilities.CodecDecodeSelf(d)
}
yyj12++
if yyhl12 {
yyb12 = yyj12 > l
yyj14++
if yyhl14 {
yyb14 = yyj14 > l
} else {
yyb12 = r.CheckBreak()
yyb14 = r.CheckBreak()
}
if yyb12 {
if yyb14 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -47021,20 +47073,20 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
if x.Privileged == nil {
x.Privileged = new(bool)
}
yym15 := z.DecBinary()
_ = yym15
yym17 := z.DecBinary()
_ = yym17
if false {
} else {
*((*bool)(x.Privileged)) = r.DecodeBool()
}
}
yyj12++
if yyhl12 {
yyb12 = yyj12 > l
yyj14++
if yyhl14 {
yyb14 = yyj14 > l
} else {
yyb12 = r.CheckBreak()
yyb14 = r.CheckBreak()
}
if yyb12 {
if yyb14 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -47049,13 +47101,13 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
}
x.SELinuxOptions.CodecDecodeSelf(d)
}
yyj12++
if yyhl12 {
yyb12 = yyj12 > l
yyj14++
if yyhl14 {
yyb14 = yyj14 > l
} else {
yyb12 = r.CheckBreak()
yyb14 = r.CheckBreak()
}
if yyb12 {
if yyb14 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -47068,20 +47120,20 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
if x.RunAsUser == nil {
x.RunAsUser = new(int64)
}
yym18 := z.DecBinary()
_ = yym18
yym20 := z.DecBinary()
_ = yym20
if false {
} else {
*((*int64)(x.RunAsUser)) = int64(r.DecodeInt(64))
}
}
yyj12++
if yyhl12 {
yyb12 = yyj12 > l
yyj14++
if yyhl14 {
yyb14 = yyj14 > l
} else {
yyb12 = r.CheckBreak()
yyb14 = r.CheckBreak()
}
if yyb12 {
if yyb14 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@@ -47094,25 +47146,51 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
if x.RunAsNonRoot == nil {
x.RunAsNonRoot = new(bool)
}
yym20 := z.DecBinary()
_ = yym20
yym22 := z.DecBinary()
_ = yym22
if false {
} else {
*((*bool)(x.RunAsNonRoot)) = r.DecodeBool()
}
}
for {
yyj12++
if yyhl12 {
yyb12 = yyj12 > l
} else {
yyb12 = r.CheckBreak()
yyj14++
if yyhl14 {
yyb14 = yyj14 > l
} else {
yyb14 = r.CheckBreak()
}
if yyb14 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
if x.ReadOnlyRootFilesystem != nil {
x.ReadOnlyRootFilesystem = nil
}
if yyb12 {
} else {
if x.ReadOnlyRootFilesystem == nil {
x.ReadOnlyRootFilesystem = new(bool)
}
yym24 := z.DecBinary()
_ = yym24
if false {
} else {
*((*bool)(x.ReadOnlyRootFilesystem)) = r.DecodeBool()
}
}
for {
yyj14++
if yyhl14 {
yyb14 = yyj14 > l
} else {
yyb14 = r.CheckBreak()
}
if yyb14 {
break
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
z.DecStructFieldNotFound(yyj12-1, "")
z.DecStructFieldNotFound(yyj14-1, "")
}
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
}