github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-04 23:17:50 +00:00
Code Issues Projects Releases Wiki Activity

CRI: move apparmor annotations to container security context

Browse Source
This commit is contained in:
Pengfei Ni
2017-05-01 20:55:16 +08:00
parent 08606b530b
commit ac76766a92
10 changed files with 363 additions and 321 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/kubelet/kuberuntime/security_context.go
View File

@@ -21,6 +21,7 @@ import (
"k8s.io/kubernetes/pkg/api/v1"
runtimeapi "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
"k8s.io/kubernetes/pkg/security/apparmor"
"k8s.io/kubernetes/pkg/securitycontext"
)
@@ -32,6 +33,9 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Po
synthesized = &runtimeapi.LinuxContainerSecurityContext{}
}
// set ApparmorProfile.
synthesized.ApparmorProfile = apparmor.GetProfileNameFromPodAnnotations(pod.Annotations, container.Name)
// set RunAsUser.
if synthesized.RunAsUser == nil {
if uid != nil {