mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
ingore apparmor on non Linux operating systems.
This commit is contained in:
parent
e36e68f5f6
commit
995d654167
@ -25,6 +25,7 @@ import (
|
||||
"net/url"
|
||||
"os"
|
||||
"path"
|
||||
sysruntime "runtime"
|
||||
"sort"
|
||||
"strings"
|
||||
"sync"
|
||||
@ -784,8 +785,11 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
|
||||
opt(klet)
|
||||
}
|
||||
|
||||
klet.appArmorValidator = apparmor.NewValidator(containerRuntime)
|
||||
klet.softAdmitHandlers.AddPodAdmitHandler(lifecycle.NewAppArmorAdmitHandler(klet.appArmorValidator))
|
||||
if sysruntime.GOOS == "linux" {
|
||||
// AppArmor is a Linux kernel security module and it does not support other operating systems.
|
||||
klet.appArmorValidator = apparmor.NewValidator(containerRuntime)
|
||||
klet.softAdmitHandlers.AddPodAdmitHandler(lifecycle.NewAppArmorAdmitHandler(klet.appArmorValidator))
|
||||
}
|
||||
klet.softAdmitHandlers.AddPodAdmitHandler(lifecycle.NewNoNewPrivsAdmitHandler(klet.containerRuntime))
|
||||
klet.softAdmitHandlers.AddPodAdmitHandler(lifecycle.NewProcMountAdmitHandler(klet.containerRuntime))
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user