github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-05 15:37:24 +00:00
Code Issues Projects Releases Wiki Activity

Add "MayRunAs" value among other GroupStrategies

Browse Source 
Adds "MayRunAs" value among other group strategies. This strategy
allows to define a certain range of GIDs for FSGroupStrategy and
SupplementalGroupStrategy in a PSP.

This new strategy works similarly to the "MustRunAs" one, except that
when no GID is specified in a pod/container security context then no
GID is generated for the respective containers.

Resolves #56173
This commit is contained in:
Stanislav Laznicka
2018-06-15 12:49:19 +02:00
parent e3dbad3211
commit a577b50012
11 changed files with 389 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/apis/policy/fuzzer/fuzzer.go
View File

@@ -48,12 +48,14 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
supplementalGroupsRules := []policy.SupplementalGroupsStrategyType{
policy.SupplementalGroupsStrategyRunAsAny,
policy.SupplementalGroupsStrategyMayRunAs,
policy.SupplementalGroupsStrategyMustRunAs,
}
psp.SupplementalGroups.Rule = supplementalGroupsRules[c.Rand.Intn(len(supplementalGroupsRules))]
fsGroupRules := []policy.FSGroupStrategyType{
policy.FSGroupStrategyMustRunAs,
policy.FSGroupStrategyMayRunAs,
policy.FSGroupStrategyRunAsAny,
}
psp.FSGroup.Rule = fsGroupRules[c.Rand.Intn(len(fsGroupRules))]