github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #36423 from Random-Liu/support-root-nobody

Browse Source 
Automatic merge from submit-queue

CRI: Support string user name.

https://github.com/kubernetes/kubernetes/pull/33239 and https://github.com/kubernetes/kubernetes/pull/34811 combined together broke the cri e2e test. https://k8s-testgrid.appspot.com/google-gce#gci-gce-cri

The reason is that:
1) In dockershim and dockertools, we assume that `Image.Config.User` should be an integer. However, sometimes when user build the image with `USER nobody:nobody` or `USER root:root`, the field will become `nobody:nobody` and `root:root`. This makes dockershim to always return error.
2) The new kube-dns-autoscaler image is using `USER nobody:nobody`. (See https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/blob/master/Dockerfile.in#L21)

This doesn't break the normal e2e test, because in dockertools [we only inspect image uid if `RunAsNonRoot` is set](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/dockertools/docker_manager.go#L2333-L2338), which is just a coincidence. However, in kuberuntime, [we always inspect image uid first](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/kuberuntime/kuberuntime_container.go#L141).

This PR adds literal `root` and `nobody` support. One problem is that `nobody` is not quite the same in different OS distros. Usually it should be `65534`, but some os distro doesn't follow that. For example, Fedora is using `99`. (See https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/Q5GCKZ7Q7PAUQW66EV7IBJGSRJWYXBBH/?sort=date)

Possible solution:
* Option 1: ~~Just use `65534`. This is fine because currently we only need to know whether the user is root or not.~~ Actually, we need to pass the user id to runtime when creating a container.
* Option 2: Return the uid as string in CRI, and let kuberuntime handle the string directly.

This PR is using option 1.

@yujuhong @feiskyer 
/cc @kubernetes/sig-node
/cc @MrHohn
This commit is contained in:
Kubernetes Submit Queue 2016-11-08 20:24:31 -08:00 committed by GitHub
commit b600533794
12 changed files with 294 additions and 266 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

448
pkg/kubelet/api/v1alpha1/runtime/api.pb.go
View File

@ -475,8 +475,9 @@ type LinuxSandboxSecurityContext struct {
NamespaceOptions *NamespaceOption `protobuf:"bytes,1,opt,name=namespace_options,json=namespaceOptions" json:"namespace_options,omitempty"`
// Optional SELinux context to be applied.
SelinuxOptions *SELinuxOption `protobuf:"bytes,2,opt,name=selinux_options,json=selinuxOptions" json:"selinux_options,omitempty"`
// The UID to run the entrypoint of the sandbox process.
RunAsUser *int64 `protobuf:"varint,3,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"`
// The user to run the entrypoint of the sandbox process, it could be uid or
// user name.
RunAsUser *string `protobuf:"bytes,3,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"`
// If set, the root filesystem of the sandbox is read-only.
ReadonlyRootfs *bool `protobuf:"varint,4,opt,name=readonly_rootfs,json=readonlyRootfs" json:"readonly_rootfs,omitempty"`
// A list of groups applied to the first process run in the sandbox, in addition
@ -504,11 +505,11 @@ func (m *LinuxSandboxSecurityContext) GetSelinuxOptions() *SELinuxOption {
return nil
}
func (m *LinuxSandboxSecurityContext) GetRunAsUser() int64 {
func (m *LinuxSandboxSecurityContext) GetRunAsUser() string {
if m != nil && m.RunAsUser != nil {
return *m.RunAsUser
}
return 0
return ""
}
func (m *LinuxSandboxSecurityContext) GetReadonlyRootfs() bool {
@ -1335,9 +1336,10 @@ type LinuxContainerSecurityContext struct {
NamespaceOptions *NamespaceOption `protobuf:"bytes,3,opt,name=namespace_options,json=namespaceOptions" json:"namespace_options,omitempty"`
// Optional SELinux context to be applied.
SelinuxOptions *SELinuxOption `protobuf:"bytes,4,opt,name=selinux_options,json=selinuxOptions" json:"selinux_options,omitempty"`
// The UID to run the the container process as.
// The user to run the the container process as, it could be uid or user
// name.
// Defaults to user specified in image metadata if unspecified.
RunAsUser *int64 `protobuf:"varint,5,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"`
RunAsUser *string `protobuf:"bytes,5,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"`
// If set, the root filesystem of the container is read-only.
ReadonlyRootfs *bool `protobuf:"varint,6,opt,name=readonly_rootfs,json=readonlyRootfs" json:"readonly_rootfs,omitempty"`
// A list of groups applied to the first process run in the container, in addition
@ -1381,11 +1383,11 @@ func (m *LinuxContainerSecurityContext) GetSelinuxOptions() *SELinuxOption {
return nil
}
func (m *LinuxContainerSecurityContext) GetRunAsUser() int64 {
func (m *LinuxContainerSecurityContext) GetRunAsUser() string {
if m != nil && m.RunAsUser != nil {
return *m.RunAsUser
}
return 0
return ""
}
func (m *LinuxContainerSecurityContext) GetReadonlyRootfs() bool {
@ -2439,9 +2441,9 @@ type Image struct {
RepoDigests []string `protobuf:"bytes,3,rep,name=repo_digests,json=repoDigests" json:"repo_digests,omitempty"`
// The size of the image in bytes.
Size_ *uint64 `protobuf:"varint,4,opt,name=size" json:"size,omitempty"`
// The uid that will run the command(s).
Uid *int64 `protobuf:"varint,5,opt,name=uid" json:"uid,omitempty"`
XXX_unrecognized []byte `json:"-"`
// The user that will run the command(s).
User *string `protobuf:"bytes,5,opt,name=user" json:"user,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
func (m *Image) Reset() { *m = Image{} }
@ -2477,11 +2479,11 @@ func (m *Image) GetSize_() uint64 {
return 0
}
func (m *Image) GetUid() int64 {
if m != nil && m.Uid != nil {
return *m.Uid
func (m *Image) GetUser() string {
if m != nil && m.User != nil {
return *m.User
}
return 0
return ""
}
type ListImagesResponse struct {
@ -3801,214 +3803,214 @@ var _ImageService_serviceDesc = grpc.ServiceDesc{
}
var fileDescriptorApi = []byte{
// 3342 bytes of a gzipped FileDescriptorProto
// 3336 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xcc, 0x3a, 0xcd, 0x72, 0x1b, 0xc7,
0xd1, 0x04, 0x40, 0x82, 0x40, 0x83, 0x00, 0xc1, 0x21, 0x45, 0x42, 0xa0, 0x25, 0x51, 0x6b, 0xc9,
0xd1, 0x04, 0x40, 0x80, 0x40, 0x83, 0x00, 0xc1, 0x21, 0x45, 0x42, 0xa0, 0x25, 0x51, 0x6b, 0xc9,
0x96, 0x64, 0x5b, 0x9f, 0xc5, 0x2f, 0xb1, 0x62, 0xd9, 0x92, 0x0d, 0x93, 0xb4, 0x43, 0x4b, 0x82,
0xe8, 0x85, 0xe4, 0xd8, 0xe5, 0xc3, 0x66, 0x85, 0x1d, 0x82, 0x2b, 0x01, 0xbb, 0xeb, 0xd9, 0x01,
0x2d, 0xa6, 0x2a, 0xf7, 0x1c, 0x92, 0xaa, 0x5c, 0x73, 0x4a, 0x0e, 0xa9, 0x72, 0x25, 0xb9, 0xa5,
0x2a, 0x55, 0x79, 0x87, 0x54, 0x1e, 0x20, 0x8f, 0x90, 0x57, 0xc8, 0x29, 0x35, 0x7f, 0xbb, 0xb3,
0x7f, 0x14, 0x29, 0xbb, 0x62, 0xdd, 0x76, 0x7a, 0x7a, 0x7a, 0x7a, 0xba, 0x7b, 0xfa, 0x6f, 0x07,
0xea, 0x76, 0xe0, 0x5e, 0x0f, 0x88, 0x4f, 0x7d, 0x34, 0x4f, 0xa6, 0x1e, 0x75, 0x27, 0xd8, 0xb8,
0x06, 0xad, 0xcf, 0x31, 0x09, 0x5d, 0xdf, 0x33, 0xf1, 0xd7, 0x53, 0x1c, 0x52, 0xd4, 0x81, 0xf9,
0x43, 0x01, 0xe9, 0x94, 0x36, 0x4a, 0x57, 0xea, 0xa6, 0x1a, 0x1a, 0xdf, 0x96, 0x60, 0x31, 0x42,
0x0e, 0x03, 0xdf, 0x0b, 0x71, 0x31, 0x36, 0xba, 0x08, 0x0b, 0x72, 0x13, 0xcb, 0xb3, 0x27, 0xb8,
0x53, 0xe6, 0xd3, 0x0d, 0x09, 0xeb, 0xdb, 0x13, 0x8c, 0x5e, 0x87, 0x45, 0x85, 0xa2, 0x88, 0x54,
0x38, 0x56, 0x4b, 0x82, 0xe5, 0x6e, 0xe8, 0x3a, 0x2c, 0x2b, 0x44, 0x3b, 0x70, 0x23, 0xe4, 0x59,
0x8e, 0xbc, 0x24, 0xa7, 0x7a, 0x81, 0x2b, 0xf1, 0x8d, 0xaf, 0xa0, 0xbe, 0xdd, 0x1f, 0x6c, 0xf9,
0xde, 0xbe, 0x3b, 0x62, 0x2c, 0x86, 0x98, 0xb0, 0x35, 0x9d, 0xd2, 0x46, 0x85, 0xb1, 0x28, 0x87,
0xa8, 0x0b, 0xb5, 0x10, 0xdb, 0x64, 0x78, 0x80, 0xc3, 0x4e, 0x99, 0x4f, 0x45, 0x63, 0xb6, 0xca,
0x0f, 0xa8, 0xeb, 0x7b, 0x61, 0xa7, 0x22, 0x56, 0xc9, 0xa1, 0xf1, 0xbb, 0x12, 0x34, 0xf6, 0x7c,
0x42, 0xef, 0xdb, 0x41, 0xe0, 0x7a, 0x23, 0xf4, 0x16, 0xd4, 0xb8, 0x50, 0x87, 0xfe, 0x98, 0xcb,
0xa0, 0xb5, 0xb9, 0x74, 0x5d, 0xb2, 0x74, 0x7d, 0x4f, 0x4e, 0x98, 0x11, 0x0a, 0xba, 0x0c, 0xad,
0xa1, 0xef, 0x51, 0xdb, 0xf5, 0x30, 0xb1, 0x02, 0x9f, 0x50, 0x2e, 0x99, 0x39, 0xb3, 0x19, 0x41,
0x19, 0x71, 0xb4, 0x0e, 0xf5, 0x03, 0x3f, 0xa4, 0x02, 0xa3, 0xc2, 0x31, 0x6a, 0x0c, 0xc0, 0x27,
0xd7, 0x60, 0x9e, 0x4f, 0xba, 0x81, 0x94, 0x41, 0x95, 0x0d, 0x77, 0x03, 0xe3, 0xb7, 0x25, 0x98,
0xbb, 0xef, 0x4f, 0x3d, 0x9a, 0xda, 0xc6, 0xa6, 0x07, 0x52, 0x3f, 0xda, 0x36, 0x36, 0x3d, 0x88,
0xb7, 0x61, 0x18, 0x42, 0x45, 0x62, 0x1b, 0x36, 0xd9, 0x85, 0x1a, 0xc1, 0xb6, 0xe3, 0x7b, 0xe3,
0x23, 0xce, 0x42, 0xcd, 0x8c, 0xc6, 0x4c, 0x77, 0x21, 0x1e, 0xbb, 0xde, 0xf4, 0x99, 0x45, 0xf0,
0xd8, 0x7e, 0x8c, 0xc7, 0x9c, 0x95, 0x9a, 0xd9, 0x92, 0x60, 0x53, 0x40, 0x8d, 0x27, 0xb0, 0xc8,
0x94, 0x1d, 0x06, 0xf6, 0x10, 0x3f, 0xe0, 0x22, 0x64, 0xa6, 0xc1, 0x37, 0xf5, 0x30, 0xfd, 0xc6,
0x27, 0x4f, 0x39, 0x67, 0x35, 0xb3, 0xc1, 0x60, 0x7d, 0x01, 0x42, 0x67, 0xa1, 0x26, 0xf8, 0x72,
0x1d, 0xce, 0x56, 0xcd, 0xe4, 0x27, 0xde, 0x73, 0x9d, 0x68, 0xca, 0x0d, 0x86, 0x92, 0xab, 0x79,
0x71, 0xfa, 0xa1, 0xf1, 0xfb, 0x32, 0xac, 0xdf, 0x63, 0x9b, 0x0f, 0x6c, 0xcf, 0x79, 0xec, 0x3f,
0x1b, 0xe0, 0xe1, 0x94, 0xb8, 0xf4, 0x68, 0xcb, 0xf7, 0x28, 0x7e, 0x46, 0xd1, 0x0e, 0x2c, 0x79,
0x8a, 0x17, 0x4b, 0xa9, 0x97, 0xed, 0xde, 0xd8, 0xec, 0x44, 0x3a, 0x4b, 0x71, 0x6b, 0xb6, 0xbd,
0x24, 0x20, 0x44, 0x1f, 0xc4, 0x67, 0x57, 0x44, 0xca, 0x9c, 0xc8, 0x6a, 0x44, 0x64, 0xb0, 0xc3,
0xf9, 0x90, 0x24, 0x94, 0x4c, 0x14, 0x81, 0xf3, 0xc0, 0xee, 0x81, 0x65, 0x87, 0xd6, 0x34, 0xc4,
0x84, 0x9f, 0xa2, 0x62, 0xd6, 0xc9, 0xd4, 0xeb, 0x85, 0x8f, 0x42, 0x4c, 0xf8, 0xc5, 0x90, 0x82,
0xb6, 0x88, 0xef, 0xd3, 0xfd, 0x50, 0x09, 0x57, 0x81, 0x4d, 0x0e, 0x45, 0xff, 0x07, 0xcb, 0xe1,
0x34, 0x08, 0xc6, 0x78, 0x82, 0x3d, 0x6a, 0x8f, 0xad, 0x11, 0xf1, 0xa7, 0x41, 0xd8, 0x99, 0xdb,
0xa8, 0x5c, 0xa9, 0x98, 0x48, 0x9f, 0xfa, 0x84, 0xcf, 0x18, 0xbf, 0x29, 0xc1, 0x19, 0xce, 0xd9,
0x9e, 0xef, 0x48, 0x21, 0xc9, 0x6b, 0xf2, 0x2a, 0x34, 0x87, 0x7c, 0xb9, 0x15, 0xd8, 0x04, 0x7b,
0x54, 0xda, 0xcb, 0x82, 0x00, 0xee, 0x71, 0x18, 0x7a, 0x00, 0xed, 0x50, 0xca, 0xd4, 0x1a, 0x0a,
0xa1, 0xca, 0xa3, 0x5f, 0x8a, 0x8e, 0x7e, 0x8c, 0x02, 0xcc, 0xc5, 0x30, 0x09, 0x30, 0x08, 0xa0,
0x98, 0x93, 0xfb, 0x98, 0xda, 0x8e, 0x4d, 0x6d, 0x84, 0x60, 0x96, 0xfb, 0x0c, 0xc1, 0x02, 0xff,
0x46, 0x6d, 0xa8, 0x4c, 0xa5, 0x31, 0xd4, 0x4d, 0xf6, 0x89, 0x5e, 0x81, 0x7a, 0xa4, 0x1a, 0xe9,
0x38, 0x62, 0x00, 0xbb, 0xc0, 0x36, 0xa5, 0x78, 0x12, 0x50, 0x2e, 0xbb, 0xa6, 0xa9, 0x86, 0xc6,
0xdf, 0x67, 0xa1, 0x9d, 0x39, 0xfe, 0x4d, 0xa8, 0x4d, 0xe4, 0xf6, 0xd2, 0x22, 0xd6, 0xe3, 0x5b,
0x9c, 0xe1, 0xd0, 0x8c, 0x90, 0xd9, 0x25, 0x61, 0xe6, 0xa7, 0xf9, 0xb8, 0x68, 0xcc, 0x64, 0x3a,
0xf6, 0x47, 0x96, 0xe3, 0x12, 0x3c, 0xa4, 0x3e, 0x39, 0x92, 0x5c, 0x2e, 0x8c, 0xfd, 0xd1, 0xb6,
0x82, 0xa1, 0x1b, 0x00, 0x8e, 0x17, 0x32, 0x71, 0xee, 0xbb, 0x23, 0xce, 0x6b, 0x63, 0x13, 0x45,
0x7b, 0x47, 0x7e, 0xcc, 0xac, 0x3b, 0x5e, 0x28, 0x99, 0x7d, 0x17, 0x9a, 0xcc, 0x2f, 0x58, 0x13,
0xe1, 0x82, 0x84, 0xc2, 0x1b, 0x9b, 0x2b, 0x1a, 0xc7, 0x91, 0x7f, 0x32, 0x17, 0x82, 0x78, 0x10,
0xa2, 0xdb, 0x50, 0xe5, 0xf7, 0x32, 0xec, 0x54, 0xf9, 0x9a, 0xcb, 0x39, 0xa7, 0x14, 0xbb, 0x5c,
0xbf, 0xc7, 0xf1, 0x76, 0x3c, 0x4a, 0x8e, 0x4c, 0xb9, 0x08, 0xdd, 0x83, 0x86, 0xed, 0x79, 0x3e,
0xb5, 0x85, 0xd9, 0xcf, 0x73, 0x1a, 0xd7, 0x8a, 0x69, 0xf4, 0x62, 0x64, 0x41, 0x48, 0x5f, 0x8e,
0x7e, 0x04, 0x73, 0xfc, 0x5e, 0x74, 0x6a, 0xfc, 0xd4, 0xe7, 0x93, 0x36, 0x94, 0x26, 0x66, 0x0a,
0xe4, 0xee, 0xbb, 0xd0, 0xd0, 0x58, 0x63, 0x86, 0xf1, 0x14, 0x1f, 0x49, 0x5b, 0x61, 0x9f, 0x68,
0x05, 0xe6, 0x0e, 0xed, 0xf1, 0x54, 0xe9, 0x43, 0x0c, 0x6e, 0x95, 0x7f, 0x52, 0xea, 0xde, 0x81,
0x76, 0x9a, 0xa3, 0xd3, 0xac, 0x37, 0x76, 0x61, 0xc5, 0x9c, 0x7a, 0x31, 0x63, 0x2a, 0x68, 0xde,
0x80, 0xaa, 0xd4, 0x9f, 0xb0, 0x9d, 0xb3, 0x85, 0x12, 0x31, 0x25, 0xa2, 0x71, 0x1b, 0xce, 0xa4,
0x48, 0xc9, 0x90, 0x7a, 0x09, 0x5a, 0x81, 0xef, 0x58, 0xa1, 0x00, 0x5b, 0xae, 0xa3, 0x6e, 0x62,
0x10, 0xe1, 0xee, 0x3a, 0x6c, 0xf9, 0x80, 0xfa, 0x41, 0x96, 0x95, 0x93, 0x2d, 0xef, 0xc0, 0x6a,
0x7a, 0xb9, 0xd8, 0xde, 0xf8, 0x00, 0xd6, 0x4c, 0x3c, 0xf1, 0x0f, 0xf1, 0x8b, 0x92, 0xee, 0x42,
0x27, 0x4b, 0x20, 0x26, 0x1e, 0x43, 0x07, 0xd4, 0xa6, 0xd3, 0xf0, 0x74, 0xc4, 0xaf, 0xea, 0x04,
0x64, 0xb0, 0x10, 0x74, 0x50, 0x0b, 0xca, 0x6e, 0x20, 0x17, 0x95, 0xdd, 0xc0, 0xf8, 0x12, 0xea,
0x7d, 0xdd, 0x1b, 0xe8, 0xd1, 0xa6, 0x6e, 0xaa, 0x21, 0xda, 0x8c, 0x03, 0x7d, 0xf9, 0x39, 0x91,
0x20, 0x4a, 0x01, 0xee, 0x66, 0x9c, 0xa8, 0xe4, 0x61, 0x13, 0x20, 0xf2, 0x40, 0x2a, 0xb2, 0xa0,
0x2c, 0x3d, 0x53, 0xc3, 0x32, 0xfe, 0x98, 0x70, 0x47, 0xda, 0x61, 0x9c, 0xe8, 0x30, 0x4e, 0xc2,
0x3d, 0x95, 0x4f, 0xe3, 0x9e, 0xae, 0xc3, 0x5c, 0x48, 0x6d, 0x2a, 0x1c, 0x64, 0x4b, 0x3b, 0x5c,
0x72, 0x4b, 0x6c, 0x0a, 0x34, 0x74, 0x0e, 0x60, 0x48, 0xb0, 0x4d, 0xb1, 0x63, 0xd9, 0xc2, 0x73,
0x56, 0xcc, 0xba, 0x84, 0xf4, 0x28, 0xba, 0x15, 0xcb, 0x71, 0x8e, 0xb3, 0xb1, 0x91, 0x43, 0x30,
0xa1, 0x97, 0x58, 0xd2, 0xd1, 0x6d, 0xaf, 0x1e, 0x7f, 0xdb, 0xe5, 0x3a, 0x81, 0xac, 0x39, 0xac,
0xf9, 0x42, 0x87, 0x25, 0x56, 0x9c, 0xc4, 0x61, 0xd5, 0x0a, 0x1d, 0x96, 0xa4, 0x71, 0xac, 0xc3,
0xfa, 0x21, 0x5d, 0xcf, 0x7d, 0xe8, 0x64, 0xaf, 0x8e, 0x74, 0x19, 0x37, 0xa0, 0x1a, 0x72, 0xc8,
0x31, 0xee, 0x47, 0x2e, 0x91, 0x88, 0xc6, 0xbf, 0x4b, 0xba, 0xd5, 0x7d, 0xec, 0x8e, 0x29, 0x26,
0x19, 0xab, 0x8b, 0x8c, 0xa7, 0x7c, 0x32, 0xe3, 0x19, 0x40, 0x8b, 0x8b, 0xdd, 0x0a, 0xf1, 0x98,
0x47, 0x37, 0x9e, 0x3b, 0x37, 0x36, 0xdf, 0xcc, 0x59, 0x28, 0xb6, 0x14, 0x3a, 0x1b, 0x48, 0x74,
0x21, 0xf1, 0xe6, 0x58, 0x87, 0x75, 0x3f, 0x04, 0x94, 0x45, 0x3a, 0x95, 0xe8, 0x3e, 0x65, 0xd7,
0x95, 0xa5, 0xce, 0x39, 0x6e, 0x7b, 0x9f, 0xb3, 0x71, 0x8c, 0xdc, 0x04, 0x9f, 0xa6, 0x44, 0x34,
0xfe, 0x50, 0x01, 0x88, 0x27, 0x5f, 0xda, 0x7b, 0x7a, 0x33, 0xba, 0x35, 0x22, 0x35, 0xb8, 0x90,
0x43, 0x2f, 0xf7, 0xbe, 0x7c, 0x9c, 0xbc, 0x2f, 0x22, 0x49, 0xb8, 0x94, 0xb7, 0xfa, 0xa5, 0xbd,
0x29, 0x5b, 0xb0, 0x9a, 0x56, 0xb7, 0xbc, 0x27, 0x57, 0x61, 0xce, 0xa5, 0x78, 0x22, 0x0a, 0xc1,
0xc6, 0xe6, 0x72, 0xce, 0xb1, 0x4c, 0x81, 0x61, 0x5c, 0x84, 0xfa, 0xee, 0xc4, 0x1e, 0xe1, 0x41,
0x80, 0x87, 0x6c, 0x2f, 0x97, 0x0d, 0xe4, 0xfe, 0x62, 0x60, 0x6c, 0x42, 0xed, 0x2e, 0x3e, 0xfa,
0x9c, 0xed, 0x7b, 0x52, 0xfe, 0x8c, 0x7f, 0x94, 0x60, 0x8d, 0xbb, 0xbb, 0x2d, 0x55, 0x86, 0x99,
0x38, 0xf4, 0xa7, 0x64, 0x88, 0x43, 0xae, 0xd2, 0x60, 0x6a, 0x05, 0x98, 0xb8, 0xbe, 0xb0, 0x29,
0xa6, 0xd2, 0x60, 0xba, 0xc7, 0x01, 0xac, 0x54, 0x63, 0xd3, 0x5f, 0x4f, 0x7d, 0x69, 0x5b, 0x15,
0xb3, 0x36, 0x0c, 0xa6, 0x9f, 0xb1, 0xb1, 0x5a, 0x1b, 0x1e, 0xd8, 0x04, 0x87, 0xaa, 0xa0, 0x18,
0x06, 0xd3, 0x01, 0x07, 0xa0, 0x1b, 0x70, 0x66, 0x82, 0x27, 0x3e, 0x39, 0xb2, 0xc6, 0xee, 0xc4,
0xa5, 0x96, 0xeb, 0x59, 0x8f, 0x8f, 0x28, 0x0e, 0xa5, 0xe1, 0x20, 0x31, 0x79, 0x8f, 0xcd, 0xed,
0x7a, 0x1f, 0xb1, 0x19, 0x64, 0x40, 0xd3, 0xf7, 0x27, 0x56, 0x38, 0xf4, 0x09, 0xb6, 0x6c, 0xe7,
0x09, 0xf7, 0xf7, 0x15, 0xb3, 0xe1, 0xfb, 0x93, 0x01, 0x83, 0xf5, 0x9c, 0x27, 0x86, 0x0d, 0xcd,
0x44, 0xa1, 0xc3, 0x12, 0x77, 0x5e, 0xd1, 0xc8, 0xc4, 0x9d, 0x7d, 0x33, 0x18, 0xf1, 0xc7, 0x4a,
0x0e, 0xfc, 0x9b, 0xc1, 0xe8, 0x51, 0xa0, 0xb2, 0x76, 0xfe, 0xcd, 0x04, 0x36, 0xc6, 0x87, 0xb2,
0x8e, 0xac, 0x9b, 0x62, 0x60, 0x38, 0x00, 0x5b, 0x76, 0x60, 0x3f, 0x76, 0xc7, 0x2e, 0x3d, 0x42,
0x57, 0xa1, 0x6d, 0x3b, 0x8e, 0x35, 0x54, 0x10, 0x17, 0xab, 0xa2, 0x7e, 0xd1, 0x76, 0x9c, 0x2d,
0x0d, 0x8c, 0xde, 0x80, 0x25, 0x87, 0xf8, 0x41, 0x12, 0x57, 0x54, 0xf9, 0x6d, 0x36, 0xa1, 0x23,
0x1b, 0xff, 0x29, 0xc3, 0xb9, 0xa4, 0x5a, 0xd2, 0xa5, 0xe3, 0x4d, 0x58, 0x48, 0xed, 0x5a, 0x4a,
0x58, 0x50, 0xcc, 0xa4, 0x99, 0x40, 0x44, 0xe7, 0x01, 0x02, 0xe2, 0x1e, 0xba, 0x63, 0x3c, 0xc2,
0xaa, 0x96, 0xd5, 0x20, 0xf9, 0x35, 0x69, 0xe5, 0xfb, 0xa8, 0x49, 0x67, 0xbf, 0x4b, 0x4d, 0x3a,
0x77, 0x82, 0x9a, 0xb4, 0x7a, 0x9a, 0x9a, 0x74, 0xbe, 0xb0, 0x26, 0xfd, 0x53, 0x09, 0x56, 0x92,
0xc2, 0x97, 0x65, 0xce, 0x1d, 0xa8, 0x13, 0x75, 0x3b, 0xa4, 0xc0, 0x37, 0x92, 0x49, 0x43, 0xf6,
0x16, 0x99, 0xf1, 0x12, 0xf4, 0x59, 0x61, 0xb5, 0xfa, 0x5a, 0x01, 0x99, 0xe7, 0xd6, 0xab, 0x3d,
0x58, 0x8a, 0x90, 0x8f, 0x2d, 0x57, 0xb5, 0xf2, 0xb3, 0x9c, 0x2c, 0x3f, 0x3d, 0xa8, 0x6e, 0xe3,
0x43, 0x77, 0x88, 0xbf, 0x97, 0x1e, 0xcd, 0x06, 0x34, 0x02, 0x4c, 0x26, 0x6e, 0x18, 0x46, 0x86,
0x53, 0x37, 0x75, 0x90, 0xf1, 0xaf, 0x39, 0x58, 0x4c, 0x4b, 0xf6, 0x9d, 0x4c, 0xb5, 0xdb, 0x8d,
0x2d, 0x39, 0x7d, 0x3e, 0x2d, 0x4a, 0x5d, 0x51, 0x8e, 0xb0, 0x9c, 0x4a, 0x6d, 0x23, 0x5f, 0x29,
0x9d, 0x23, 0x3b, 0xff, 0xd0, 0x9f, 0x4c, 0x6c, 0xcf, 0x51, 0xfd, 0x33, 0x39, 0x64, 0xd2, 0xb2,
0xc9, 0x88, 0x99, 0x27, 0x03, 0xf3, 0x6f, 0x74, 0x01, 0x1a, 0x2c, 0x45, 0x74, 0x3d, 0x5e, 0x2c,
0x73, 0xe3, 0xab, 0x9b, 0x20, 0x41, 0xdb, 0x2e, 0x41, 0x97, 0x61, 0x16, 0x7b, 0x87, 0x2a, 0x1e,
0xc5, 0x0d, 0x36, 0xe5, 0x80, 0x4d, 0x3e, 0x8d, 0x5e, 0x83, 0xea, 0xc4, 0x9f, 0x7a, 0x54, 0x25,
0x8b, 0xad, 0x08, 0x91, 0x77, 0xc5, 0x4c, 0x39, 0x8b, 0xae, 0xc2, 0xbc, 0xc3, 0x75, 0xa0, 0x32,
0xc2, 0xc5, 0xb8, 0xe0, 0xe6, 0x70, 0x53, 0xcd, 0xa3, 0xf7, 0xa3, 0x48, 0x5a, 0x4f, 0xc5, 0xc2,
0x94, 0x50, 0x73, 0xc3, 0xe9, 0xdd, 0x64, 0x38, 0x05, 0x4e, 0xe2, 0x6a, 0x21, 0x89, 0xe3, 0xcb,
0xe5, 0xb3, 0x50, 0x1b, 0xfb, 0x23, 0x61, 0x07, 0x0d, 0x51, 0xc5, 0x8c, 0xfd, 0x11, 0x37, 0x83,
0x15, 0x96, 0x3e, 0x38, 0xae, 0xd7, 0x59, 0xe0, 0x77, 0x52, 0x0c, 0x58, 0x54, 0xe0, 0x1f, 0x96,
0xef, 0x0d, 0x71, 0xa7, 0xc9, 0xa7, 0xea, 0x1c, 0xf2, 0xc0, 0x1b, 0xf2, 0xa0, 0x45, 0xe9, 0x51,
0xa7, 0xc5, 0xe1, 0xec, 0x13, 0xfd, 0xbf, 0x4a, 0xd1, 0x17, 0xb9, 0x7e, 0xcf, 0x15, 0x5c, 0x93,
0x97, 0xa6, 0x1e, 0xff, 0x6b, 0x09, 0x56, 0xb7, 0x78, 0xd2, 0xa3, 0x79, 0x82, 0x53, 0xd4, 0x93,
0xe8, 0xed, 0xa8, 0x70, 0x4f, 0x17, 0x7f, 0xe9, 0xc3, 0x4a, 0x3c, 0xf4, 0x21, 0xb4, 0x14, 0x4d,
0xb9, 0xb2, 0xf2, 0xbc, 0x92, 0xbf, 0x19, 0xea, 0x43, 0xe3, 0x7d, 0x58, 0xcb, 0xf0, 0x2c, 0x13,
0x94, 0x8b, 0xb0, 0x10, 0x7b, 0x84, 0x88, 0xe5, 0x46, 0x04, 0xdb, 0x75, 0x8c, 0x5b, 0xac, 0xf0,
0xb7, 0x09, 0xcd, 0x1c, 0xf8, 0x04, 0x6b, 0x79, 0xd5, 0x9f, 0x5c, 0x2b, 0x0b, 0xf3, 0x01, 0xac,
0x0c, 0xa8, 0x1f, 0xbc, 0x00, 0x51, 0x76, 0xd3, 0xd9, 0xb1, 0xfd, 0x29, 0x95, 0x59, 0x89, 0x1a,
0x1a, 0x6b, 0xa2, 0x47, 0x91, 0xdd, 0xed, 0x3d, 0x58, 0x15, 0x2d, 0x82, 0x17, 0x39, 0xc4, 0x59,
0xd5, 0xa0, 0xc8, 0xd2, 0xfd, 0x75, 0x59, 0x73, 0x75, 0x05, 0x35, 0xcd, 0x5b, 0xc9, 0x9a, 0x66,
0x2d, 0xab, 0xf0, 0x44, 0x9e, 0x9d, 0x35, 0xa3, 0x4a, 0x8e, 0x19, 0x99, 0x99, 0xc2, 0x67, 0x96,
0xdf, 0xf4, 0x37, 0xb2, 0xd4, 0xff, 0x87, 0x75, 0xcf, 0xae, 0xa8, 0x7b, 0xa2, 0xad, 0xa3, 0x5e,
0xcb, 0xdb, 0xa9, 0xba, 0xa7, 0x53, 0xc4, 0x66, 0x54, 0xf6, 0xfc, 0x6a, 0x16, 0xea, 0xd1, 0x5c,
0x46, 0xa6, 0x59, 0x21, 0x95, 0x73, 0x84, 0xa4, 0x07, 0x9d, 0xca, 0x8b, 0x04, 0x9d, 0xd9, 0xe7,
0x05, 0x9d, 0x75, 0xa8, 0xf3, 0x0f, 0x8b, 0xe0, 0x7d, 0x19, 0x44, 0x6a, 0x1c, 0x60, 0xe2, 0xfd,
0x58, 0xf1, 0xd5, 0x13, 0x29, 0x3e, 0x59, 0x60, 0xcd, 0xa7, 0x0b, 0xac, 0x77, 0xa2, 0xb0, 0x20,
0x02, 0xc8, 0xf9, 0x2c, 0xb9, 0xdc, 0x80, 0xb0, 0x93, 0x0c, 0x08, 0x22, 0xa6, 0xbc, 0x9a, 0xb3,
0xf8, 0xa5, 0x2d, 0xaf, 0xee, 0x89, 0xf2, 0x4a, 0xb7, 0x2a, 0xe9, 0xbd, 0x36, 0x01, 0xa2, 0x8b,
0xaa, 0x6a, 0x2c, 0x94, 0x3d, 0x9a, 0xa9, 0x61, 0x31, 0x57, 0x90, 0x90, 0x7f, 0xdc, 0x10, 0x3c,
0x81, 0x2b, 0xf8, 0x8b, 0x9e, 0xda, 0x14, 0x74, 0xce, 0xde, 0xc9, 0x54, 0xe4, 0x27, 0xb3, 0xba,
0xb7, 0x92, 0x05, 0xf9, 0xe9, 0xcc, 0x25, 0x53, 0x8f, 0xf3, 0x48, 0x6c, 0x13, 0x39, 0x2d, 0x93,
0x6b, 0x09, 0xe9, 0x51, 0x96, 0xff, 0xec, 0xbb, 0x9e, 0x1b, 0x1e, 0x88, 0xf9, 0x2a, 0x9f, 0x07,
0x05, 0xea, 0xf1, 0xdf, 0x81, 0xf8, 0x99, 0x4b, 0xad, 0xa1, 0xef, 0x60, 0x6e, 0x8c, 0x73, 0x66,
0x8d, 0x01, 0xb6, 0x7c, 0x07, 0xc7, 0x17, 0xa4, 0x76, 0xaa, 0x0b, 0x52, 0x4f, 0x5d, 0x90, 0x55,
0xa8, 0x12, 0x6c, 0x87, 0xbe, 0xd7, 0x01, 0xf1, 0x53, 0x51, 0x8c, 0x98, 0x83, 0x9f, 0xe0, 0x30,
0x64, 0x1b, 0xc8, 0xac, 0x43, 0x0e, 0xb5, 0xdc, 0x68, 0xa1, 0x28, 0x37, 0x3a, 0xa6, 0x35, 0x97,
0xca, 0x8d, 0x9a, 0x45, 0xb9, 0xd1, 0x49, 0x3a, 0x73, 0x5a, 0xe6, 0xd7, 0x3a, 0x2e, 0xf3, 0xfb,
0x21, 0x2f, 0xce, 0x5d, 0x58, 0xcb, 0x98, 0xba, 0xbc, 0x39, 0x6f, 0xa7, 0x1a, 0x78, 0x9d, 0x22,
0x29, 0x44, 0xfd, 0xbb, 0x9f, 0xc3, 0xe2, 0xce, 0x33, 0x3c, 0x1c, 0x1c, 0x79, 0xc3, 0x53, 0xc4,
0xea, 0x36, 0x54, 0x86, 0x13, 0x47, 0x96, 0xc1, 0xec, 0x53, 0x8f, 0xde, 0x95, 0x64, 0xf4, 0xb6,
0xa0, 0x1d, 0xef, 0x20, 0xf9, 0x5c, 0x65, 0x7c, 0x3a, 0x0c, 0x99, 0x11, 0x5f, 0x30, 0xe5, 0x48,
0xc2, 0x31, 0x21, 0xfc, 0xd4, 0x02, 0x8e, 0x09, 0x49, 0x9a, 0x6d, 0x25, 0x69, 0xb6, 0xc6, 0x13,
0x68, 0xb0, 0x0d, 0xbe, 0x13, 0xfb, 0x32, 0x85, 0xad, 0xc4, 0x29, 0x6c, 0x94, 0x09, 0xcf, 0x6a,
0x99, 0xb0, 0xb1, 0x01, 0x0b, 0x62, 0x2f, 0x79, 0x90, 0x36, 0x54, 0xa6, 0x64, 0xac, 0xf4, 0x36,
0x25, 0x63, 0xe3, 0xa7, 0xd0, 0xec, 0x51, 0x6a, 0x0f, 0x0f, 0x4e, 0xc1, 0x4f, 0xb4, 0x57, 0x59,
0xdf, 0xcb, 0x80, 0x96, 0xa2, 0x54, 0xb8, 0x5b, 0x1f, 0xd0, 0x9e, 0x4f, 0xe8, 0xc7, 0x3e, 0xf9,
0xc6, 0x26, 0xce, 0xe9, 0x72, 0x56, 0x04, 0xb3, 0xf2, 0xdd, 0x40, 0xe5, 0xca, 0x9c, 0xc9, 0xbf,
0x8d, 0xd7, 0x61, 0x39, 0x41, 0xaf, 0x70, 0xe3, 0x9b, 0xd0, 0xe0, 0x5e, 0x41, 0x66, 0x47, 0x57,
0xf4, 0xce, 0xd6, 0x71, 0xae, 0x83, 0x55, 0xbe, 0xcc, 0xed, 0x73, 0x78, 0xe4, 0xa3, 0xdf, 0x4c,
0x25, 0x12, 0x2b, 0xc9, 0xf5, 0xa9, 0x24, 0xe2, 0x97, 0x30, 0xc7, 0xc1, 0x19, 0x1f, 0xbd, 0xce,
0x0a, 0xfd, 0xc0, 0xb7, 0xa8, 0x3d, 0x8a, 0x5e, 0x62, 0x30, 0xc0, 0x43, 0x7b, 0x14, 0xf2, 0x87,
0x24, 0x6c, 0xd2, 0x71, 0x47, 0x38, 0xa4, 0xea, 0x39, 0x46, 0x83, 0xc1, 0xb6, 0x05, 0x88, 0x49,
0x24, 0x74, 0x7f, 0x21, 0x12, 0x84, 0x59, 0x93, 0x7f, 0xab, 0xff, 0xc5, 0xc2, 0xd5, 0xb2, 0x4f,
0xe3, 0x7d, 0x40, 0xfa, 0x09, 0xa4, 0x88, 0x5e, 0x83, 0x2a, 0x3f, 0xa0, 0x0a, 0x58, 0xad, 0xe4,
0x11, 0x4c, 0x39, 0x6b, 0xdc, 0x01, 0x24, 0x64, 0x92, 0x08, 0x52, 0x27, 0x97, 0xdf, 0x7b, 0xb0,
0x9c, 0x58, 0x1f, 0xfd, 0xed, 0x4b, 0x10, 0x48, 0xef, 0x2e, 0x17, 0xff, 0xb3, 0x04, 0xd0, 0x9b,
0xd2, 0x03, 0x59, 0xbe, 0x77, 0xa1, 0x36, 0x0d, 0x31, 0xd1, 0x9a, 0x0e, 0xd1, 0x98, 0xcd, 0x05,
0x76, 0x18, 0x7e, 0xe3, 0x13, 0x95, 0x85, 0x45, 0x63, 0x5e, 0x7a, 0x4f, 0xe9, 0x81, 0x6a, 0xbb,
0xb1, 0x6f, 0x74, 0x19, 0x5a, 0xe2, 0x3d, 0x8c, 0x65, 0x3b, 0x0e, 0xc1, 0x61, 0x28, 0xfb, 0x6f,
0x4d, 0x01, 0xed, 0x09, 0x20, 0x43, 0x73, 0x1d, 0xec, 0x51, 0x97, 0x1e, 0x59, 0xd4, 0x7f, 0x8a,
0x3d, 0x99, 0x5f, 0x35, 0x15, 0xf4, 0x21, 0x03, 0x32, 0x34, 0x82, 0x47, 0x6e, 0x48, 0x89, 0x42,
0xab, 0x0a, 0x34, 0x05, 0xe5, 0x68, 0xc6, 0xb7, 0x25, 0x68, 0xef, 0x4d, 0xc7, 0x63, 0x71, 0xc8,
0xd3, 0xca, 0x12, 0xbd, 0x2e, 0xcf, 0x51, 0x4e, 0x35, 0xe1, 0x62, 0x11, 0xc9, 0xc3, 0x7d, 0xf7,
0x62, 0x6d, 0x19, 0x96, 0x34, 0x46, 0x65, 0x9d, 0x71, 0x07, 0x90, 0x28, 0x41, 0x5e, 0x8c, 0x7f,
0xe3, 0x0c, 0x2c, 0x27, 0xd6, 0x4b, 0xb2, 0xd7, 0xa0, 0x29, 0x7f, 0x9d, 0x49, 0x3d, 0x9f, 0x85,
0x1a, 0xf3, 0x07, 0x43, 0xd7, 0x51, 0x2d, 0xd5, 0xf9, 0xc0, 0x77, 0xb6, 0x5c, 0x87, 0x18, 0x7d,
0x68, 0x9a, 0x82, 0xbc, 0xc4, 0xbd, 0x0d, 0x2d, 0xf9, 0xa3, 0xcd, 0x4a, 0xfc, 0x8a, 0x8e, 0xfb,
0x7f, 0x09, 0xda, 0x66, 0xd3, 0xd3, 0x87, 0xc6, 0x57, 0xd0, 0x7d, 0x14, 0x38, 0x2c, 0xa1, 0xd1,
0xa9, 0xaa, 0xa3, 0xdd, 0x06, 0xf5, 0x24, 0xab, 0x88, 0x78, 0x72, 0x59, 0x93, 0xe8, 0x43, 0xe3,
0x1c, 0xac, 0xe7, 0x12, 0x97, 0xe7, 0x0e, 0xa0, 0x1d, 0x4f, 0x38, 0xae, 0xea, 0x24, 0xf3, 0x0e,
0x71, 0x49, 0xeb, 0x10, 0xaf, 0x46, 0x51, 0x52, 0xf8, 0x5b, 0x39, 0xd2, 0x12, 0x97, 0x4a, 0x51,
0xe2, 0x32, 0x9b, 0x48, 0x5c, 0x8c, 0x4f, 0x23, 0xe9, 0xc9, 0xac, 0xf1, 0x5d, 0x9e, 0xba, 0x8a,
0xbd, 0x95, 0x27, 0x38, 0x9b, 0x73, 0x38, 0x81, 0x61, 0x6a, 0xc8, 0xc6, 0x22, 0x34, 0x13, 0x3e,
0xc1, 0xf8, 0x10, 0x5a, 0xa9, 0x4b, 0x7e, 0x3d, 0x15, 0xde, 0x33, 0x62, 0x4b, 0x06, 0xf7, 0x6b,
0xaf, 0x40, 0x4d, 0xbd, 0x1c, 0x43, 0xf3, 0x50, 0x79, 0xb8, 0xb5, 0xd7, 0x9e, 0x61, 0x1f, 0x8f,
0xb6, 0xf7, 0xda, 0xa5, 0x6b, 0xb7, 0x60, 0x31, 0xf5, 0x53, 0x08, 0x2d, 0x41, 0x73, 0xd0, 0xeb,
0x6f, 0x7f, 0xf4, 0xe0, 0x0b, 0xcb, 0xdc, 0xe9, 0x6d, 0x7f, 0xd9, 0x9e, 0x41, 0x2b, 0xd0, 0x56,
0xa0, 0xfe, 0x83, 0x87, 0x02, 0x5a, 0xba, 0xf6, 0x14, 0x5a, 0xc9, 0xfc, 0x15, 0x9d, 0x81, 0xa5,
0xad, 0x07, 0xfd, 0x87, 0xbd, 0xdd, 0xfe, 0x8e, 0x69, 0x6d, 0x99, 0x3b, 0xbd, 0x87, 0x3b, 0xdb,
0xed, 0x99, 0x24, 0xd8, 0x7c, 0xd4, 0xef, 0xef, 0xf6, 0x3f, 0x69, 0x97, 0x18, 0xd5, 0x18, 0xbc,
0xf3, 0xc5, 0x2e, 0x43, 0x2e, 0x27, 0x91, 0x1f, 0xf5, 0xef, 0xf6, 0x1f, 0xfc, 0xac, 0xdf, 0xae,
0x6c, 0xfe, 0xb9, 0x01, 0x2d, 0x75, 0x40, 0x4c, 0x78, 0xcb, 0xf3, 0x0e, 0xcc, 0xab, 0x47, 0x7d,
0x71, 0x46, 0x9d, 0x7c, 0x81, 0xd8, 0xed, 0x64, 0x27, 0xa4, 0xa1, 0xcc, 0xa0, 0x3d, 0xae, 0x38,
0xed, 0x07, 0xdc, 0x39, 0x5d, 0x94, 0x99, 0x3f, 0x7c, 0xdd, 0xf3, 0x45, 0xd3, 0x11, 0xc5, 0x01,
0xd3, 0x96, 0xfe, 0x12, 0x02, 0xc5, 0x6b, 0x72, 0x5f, 0x58, 0x74, 0x2f, 0x14, 0xce, 0x47, 0x44,
0xbf, 0x84, 0x76, 0xfa, 0x0d, 0x04, 0x8a, 0x5b, 0xd7, 0x05, 0xef, 0x2b, 0xba, 0x17, 0x8f, 0xc1,
0xd0, 0x49, 0x67, 0x5e, 0x0b, 0x6c, 0x14, 0xff, 0xef, 0xcd, 0x90, 0x2e, 0xfa, 0x89, 0x2c, 0x44,
0x91, 0xfc, 0x71, 0x86, 0xf4, 0x7f, 0xf4, 0x39, 0x3f, 0x50, 0x35, 0x51, 0xe4, 0xff, 0x71, 0x33,
0x66, 0xd0, 0xe7, 0xb0, 0x98, 0xea, 0x76, 0xa1, 0x78, 0x55, 0x7e, 0xef, 0xae, 0xbb, 0x51, 0x8c,
0x90, 0xd4, 0x9b, 0xde, 0xcb, 0x4a, 0xe8, 0x2d, 0xa7, 0x41, 0x96, 0xd0, 0x5b, 0x6e, 0x13, 0x8c,
0x9b, 0x57, 0xa2, 0x63, 0xa5, 0x99, 0x57, 0x5e, 0x7b, 0xac, 0x7b, 0xbe, 0x68, 0x5a, 0x3f, 0x7e,
0xaa, 0x5b, 0xa5, 0x1d, 0x3f, 0xbf, 0x09, 0xd6, 0xdd, 0x28, 0x46, 0x48, 0xeb, 0x2a, 0xae, 0xc2,
0x53, 0xba, 0xca, 0x34, 0x7d, 0x52, 0xba, 0xca, 0x96, 0xef, 0x52, 0x57, 0xa9, 0x72, 0xfa, 0x42,
0x61, 0x25, 0x92, 0xd5, 0x55, 0x7e, 0x71, 0x63, 0xcc, 0xa0, 0x1e, 0xd4, 0x54, 0x29, 0x81, 0xe2,
0xdb, 0x9d, 0xaa, 0x5f, 0xba, 0x67, 0x73, 0x66, 0x22, 0x12, 0x3f, 0x86, 0x59, 0x06, 0x45, 0x2b,
0x09, 0x24, 0xb5, 0xf4, 0x4c, 0x0a, 0x1a, 0x2d, 0x7b, 0x0f, 0xaa, 0x22, 0x17, 0x47, 0xb1, 0xcf,
0x4d, 0xa4, 0xf9, 0xdd, 0xb5, 0x0c, 0x3c, 0x5a, 0xfc, 0xa9, 0x78, 0xe8, 0x2b, 0x93, 0x6a, 0xb4,
0x9e, 0x78, 0x5e, 0x97, 0x4c, 0xdd, 0xbb, 0xaf, 0xe4, 0x4f, 0x46, 0xb4, 0x1e, 0xc3, 0x72, 0x4e,
0x08, 0x44, 0x71, 0xe7, 0xa7, 0x38, 0xfa, 0x76, 0x2f, 0x1d, 0x8f, 0xa4, 0x1f, 0x56, 0x6a, 0x6d,
0x55, 0x37, 0x75, 0x4d, 0x59, 0x6b, 0x19, 0xb8, 0x5a, 0xbc, 0xf9, 0xb7, 0x32, 0x2c, 0x88, 0x44,
0x45, 0xba, 0xea, 0x4f, 0x00, 0xe2, 0x74, 0x19, 0x75, 0x13, 0xd6, 0x93, 0xa8, 0x02, 0xba, 0xeb,
0xb9, 0x73, 0xba, 0x18, 0xb5, 0xcc, 0x57, 0x13, 0x63, 0x36, 0x9f, 0xd6, 0xc4, 0x98, 0x93, 0x2c,
0x1b, 0x33, 0x68, 0x1b, 0xea, 0x51, 0x3a, 0x86, 0xb4, 0x2c, 0x2e, 0x95, 0x4b, 0x76, 0xbb, 0x79,
0x53, 0x3a, 0x47, 0x5a, 0xfe, 0xa5, 0x71, 0x94, 0xcd, 0xea, 0x34, 0x8e, 0xf2, 0x52, 0xb6, 0x99,
0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0x53, 0x61, 0x56, 0xc3, 0x56, 0x2f, 0x00, 0x00,
0xe8, 0x85, 0xe4, 0xd8, 0xe5, 0xc3, 0x66, 0x85, 0x1d, 0x81, 0x2b, 0x01, 0xbb, 0xeb, 0xdd, 0x81,
0x2c, 0xe6, 0x92, 0x6b, 0x0e, 0x49, 0x55, 0xae, 0x39, 0x25, 0x87, 0x54, 0xb9, 0x92, 0xdc, 0x52,
0x95, 0xaa, 0xbc, 0x43, 0x2a, 0x0f, 0x90, 0x47, 0xc8, 0x2b, 0xe4, 0x94, 0x9a, 0xdf, 0x9d, 0xfd,
0xa3, 0x48, 0xd9, 0x15, 0xeb, 0xb6, 0xd3, 0xd3, 0xd3, 0xd3, 0xd3, 0xdd, 0xd3, 0x7f, 0x3b, 0xd0,
0xb0, 0x03, 0xf7, 0x6a, 0x10, 0xfa, 0xc4, 0x47, 0x0b, 0xe1, 0xcc, 0x23, 0xee, 0x14, 0x1b, 0x57,
0xa0, 0xfd, 0x39, 0x0e, 0x23, 0xd7, 0xf7, 0x4c, 0xfc, 0xf5, 0x0c, 0x47, 0x04, 0x75, 0x61, 0xe1,
0x29, 0x87, 0x74, 0x4b, 0x9b, 0xa5, 0x4b, 0x0d, 0x53, 0x0e, 0x8d, 0x6f, 0x4b, 0xb0, 0xa4, 0x90,
0xa3, 0xc0, 0xf7, 0x22, 0x5c, 0x8c, 0x8d, 0xce, 0xc3, 0xa2, 0xd8, 0xc4, 0xf2, 0xec, 0x29, 0xee,
0x96, 0xd9, 0x74, 0x53, 0xc0, 0x06, 0xf6, 0x14, 0xa3, 0xd7, 0x61, 0x49, 0xa2, 0x48, 0x22, 0x15,
0x86, 0xd5, 0x16, 0x60, 0xb1, 0x1b, 0xba, 0x0a, 0x2b, 0x12, 0xd1, 0x0e, 0x5c, 0x85, 0x3c, 0xcf,
0x90, 0x97, 0xc5, 0x54, 0x3f, 0x70, 0x05, 0xbe, 0xf1, 0x15, 0x34, 0x76, 0x06, 0xc3, 0x6d, 0xdf,
0x7b, 0xe4, 0x8e, 0x29, 0x8b, 0x11, 0x0e, 0xe9, 0x9a, 0x6e, 0x69, 0xb3, 0x42, 0x59, 0x14, 0x43,
0xd4, 0x83, 0x7a, 0x84, 0xed, 0x70, 0x74, 0x80, 0xa3, 0x6e, 0x99, 0x4d, 0xa9, 0x31, 0x5d, 0xe5,
0x07, 0xc4, 0xf5, 0xbd, 0xa8, 0x5b, 0xe1, 0xab, 0xc4, 0xd0, 0xf8, 0x5d, 0x09, 0x9a, 0xfb, 0x7e,
0x48, 0xee, 0xda, 0x41, 0xe0, 0x7a, 0x63, 0xf4, 0x16, 0xd4, 0x99, 0x50, 0x47, 0xfe, 0x84, 0xc9,
0xa0, 0xbd, 0xb5, 0x7c, 0x55, 0xb0, 0x74, 0x75, 0x5f, 0x4c, 0x98, 0x0a, 0x05, 0x5d, 0x84, 0xf6,
0xc8, 0xf7, 0x88, 0xed, 0x7a, 0x38, 0xb4, 0x02, 0x3f, 0x24, 0x4c, 0x32, 0x55, 0xb3, 0xa5, 0xa0,
0x94, 0x38, 0xda, 0x80, 0xc6, 0x81, 0x1f, 0x11, 0x8e, 0x51, 0x61, 0x18, 0x75, 0x0a, 0x60, 0x93,
0xeb, 0xb0, 0xc0, 0x26, 0xdd, 0x40, 0xc8, 0xa0, 0x46, 0x87, 0x7b, 0x81, 0xf1, 0xdb, 0x12, 0x54,
0xef, 0xfa, 0x33, 0x8f, 0xa4, 0xb6, 0xb1, 0xc9, 0x81, 0xd0, 0x8f, 0xb6, 0x8d, 0x4d, 0x0e, 0xe2,
0x6d, 0x28, 0x06, 0x57, 0x11, 0xdf, 0x86, 0x4e, 0xf6, 0xa0, 0x1e, 0x62, 0xdb, 0xf1, 0xbd, 0xc9,
0x21, 0x63, 0xa1, 0x6e, 0xaa, 0x31, 0xd5, 0x5d, 0x84, 0x27, 0xae, 0x37, 0x7b, 0x66, 0x85, 0x78,
0x62, 0x3f, 0xc4, 0x13, 0xc6, 0x4a, 0xdd, 0x6c, 0x0b, 0xb0, 0xc9, 0xa1, 0xc6, 0x63, 0x58, 0xa2,
0xca, 0x8e, 0x02, 0x7b, 0x84, 0xef, 0x31, 0x11, 0x52, 0xd3, 0x60, 0x9b, 0x7a, 0x98, 0x7c, 0xe3,
0x87, 0x4f, 0x18, 0x67, 0x75, 0xb3, 0x49, 0x61, 0x03, 0x0e, 0x42, 0xa7, 0xa1, 0xce, 0xf9, 0x72,
0x1d, 0xc6, 0x56, 0xdd, 0x64, 0x27, 0xde, 0x77, 0x1d, 0x35, 0xe5, 0x06, 0x23, 0xc1, 0xd5, 0x02,
0x3f, 0xfd, 0xc8, 0xf8, 0x7d, 0x19, 0x36, 0xee, 0xd0, 0xcd, 0x87, 0xb6, 0xe7, 0x3c, 0xf4, 0x9f,
0x0d, 0xf1, 0x68, 0x16, 0xba, 0xe4, 0x70, 0xdb, 0xf7, 0x08, 0x7e, 0x46, 0xd0, 0x2e, 0x2c, 0x7b,
0x92, 0x17, 0x4b, 0xaa, 0x97, 0xee, 0xde, 0xdc, 0xea, 0x2a, 0x9d, 0xa5, 0xb8, 0x35, 0x3b, 0x5e,
0x12, 0x10, 0xa1, 0x0f, 0xe2, 0xb3, 0x4b, 0x22, 0x65, 0x46, 0x64, 0x4d, 0x11, 0x19, 0xee, 0x32,
0x3e, 0x04, 0x09, 0x29, 0x13, 0x49, 0xe0, 0x2c, 0xd0, 0x7b, 0x60, 0xd9, 0x91, 0x35, 0x8b, 0x70,
0x28, 0x8c, 0xbe, 0x11, 0xce, 0xbc, 0x7e, 0xf4, 0x20, 0xc2, 0x21, 0xbb, 0x18, 0x42, 0xd0, 0x56,
0xe8, 0xfb, 0xe4, 0x51, 0x24, 0x85, 0x2b, 0xc1, 0x26, 0x83, 0xa2, 0xff, 0x83, 0x95, 0x68, 0x16,
0x04, 0x13, 0x3c, 0xc5, 0x1e, 0xb1, 0x27, 0xd6, 0x38, 0xf4, 0x67, 0x41, 0xd4, 0xad, 0x6e, 0x56,
0x2e, 0x55, 0x4c, 0xa4, 0x4f, 0x7d, 0xc2, 0x66, 0x8c, 0xdf, 0x94, 0xe0, 0x14, 0xe3, 0x6c, 0xdf,
0x77, 0x84, 0x90, 0xc4, 0x35, 0x79, 0x15, 0x5a, 0x23, 0xb6, 0xdc, 0x0a, 0xec, 0x10, 0x7b, 0x44,
0xd8, 0xcb, 0x22, 0x07, 0xee, 0x33, 0x18, 0xba, 0x07, 0x9d, 0x48, 0xc8, 0xd4, 0x1a, 0x71, 0xa1,
0x8a, 0xa3, 0x5f, 0x50, 0x47, 0x3f, 0x42, 0x01, 0xe6, 0x52, 0x94, 0x04, 0x18, 0x21, 0xa0, 0x98,
0x93, 0xbb, 0x98, 0xd8, 0x8e, 0x4d, 0x6c, 0x84, 0x60, 0x9e, 0xf9, 0x0c, 0xce, 0x02, 0xfb, 0x46,
0x1d, 0xa8, 0xcc, 0x84, 0x31, 0x34, 0x4c, 0xfa, 0x89, 0x5e, 0x81, 0x86, 0x52, 0x8d, 0x94, 0xa1,
0x02, 0xd0, 0x0b, 0x6c, 0x13, 0x82, 0xa7, 0x01, 0x61, 0xb2, 0x6b, 0x99, 0x72, 0x68, 0xfc, 0x7d,
0x1e, 0x3a, 0x99, 0xe3, 0x5f, 0x87, 0xfa, 0x54, 0x6c, 0x2f, 0x2c, 0x62, 0x23, 0xbe, 0xc5, 0x19,
0x0e, 0x4d, 0x85, 0x4c, 0x2f, 0x09, 0x35, 0x3f, 0xcd, 0xc7, 0xa9, 0x31, 0x95, 0xe9, 0xc4, 0x1f,
0x5b, 0x8e, 0x1b, 0xe2, 0x11, 0xf1, 0xc3, 0x43, 0xc1, 0xe5, 0xe2, 0xc4, 0x1f, 0xef, 0x48, 0x18,
0xba, 0x06, 0xe0, 0x78, 0x11, 0x15, 0xe7, 0x23, 0x77, 0xcc, 0x78, 0x6d, 0x6e, 0x21, 0xb5, 0xb7,
0xf2, 0x63, 0x66, 0xc3, 0xf1, 0x22, 0xc1, 0xec, 0xbb, 0xd0, 0xa2, 0x7e, 0xc1, 0x9a, 0x72, 0x17,
0xc4, 0x15, 0xde, 0xdc, 0x5a, 0xd5, 0x38, 0x56, 0xfe, 0xc9, 0x5c, 0x0c, 0xe2, 0x41, 0x84, 0x6e,
0x42, 0x8d, 0xdd, 0xcb, 0xa8, 0x5b, 0x63, 0x6b, 0x2e, 0xe6, 0x9c, 0x92, 0xef, 0x72, 0xf5, 0x0e,
0xc3, 0xdb, 0xf5, 0x48, 0x78, 0x68, 0x8a, 0x45, 0xe8, 0x0e, 0x34, 0x6d, 0xcf, 0xf3, 0x89, 0xcd,
0xcd, 0x7e, 0x81, 0xd1, 0xb8, 0x52, 0x4c, 0xa3, 0x1f, 0x23, 0x73, 0x42, 0xfa, 0x72, 0xf4, 0x23,
0xa8, 0xb2, 0x7b, 0xd1, 0xad, 0xb3, 0x53, 0x9f, 0x4d, 0xda, 0x50, 0x9a, 0x98, 0xc9, 0x91, 0x7b,
0xef, 0x42, 0x53, 0x63, 0x8d, 0x1a, 0xc6, 0x13, 0x7c, 0x28, 0x6c, 0x85, 0x7e, 0xa2, 0x55, 0xa8,
0x3e, 0xb5, 0x27, 0x33, 0xa9, 0x0f, 0x3e, 0xb8, 0x51, 0xfe, 0x49, 0xa9, 0x77, 0x0b, 0x3a, 0x69,
0x8e, 0x4e, 0xb2, 0xde, 0xd8, 0x83, 0x55, 0x73, 0xe6, 0xc5, 0x8c, 0xc9, 0xa0, 0x79, 0x0d, 0x6a,
0x42, 0x7f, 0xdc, 0x76, 0x4e, 0x17, 0x4a, 0xc4, 0x14, 0x88, 0xc6, 0x4d, 0x38, 0x95, 0x22, 0x25,
0x42, 0xea, 0x05, 0x68, 0x07, 0xbe, 0x63, 0x45, 0x1c, 0x6c, 0xb9, 0x8e, 0xbc, 0x89, 0x81, 0xc2,
0xdd, 0x73, 0xe8, 0xf2, 0x21, 0xf1, 0x83, 0x2c, 0x2b, 0xc7, 0x5b, 0xde, 0x85, 0xb5, 0xf4, 0x72,
0xbe, 0xbd, 0xf1, 0x01, 0xac, 0x9b, 0x78, 0xea, 0x3f, 0xc5, 0x2f, 0x4a, 0xba, 0x07, 0xdd, 0x2c,
0x81, 0x98, 0x78, 0x0c, 0x1d, 0x12, 0x9b, 0xcc, 0xa2, 0x93, 0x11, 0xbf, 0xac, 0x13, 0x10, 0xc1,
0x82, 0xd3, 0x41, 0x6d, 0x28, 0xbb, 0x81, 0x58, 0x54, 0x76, 0x03, 0xe3, 0x4b, 0x68, 0x0c, 0x74,
0x6f, 0xa0, 0x47, 0x9b, 0x86, 0x29, 0x87, 0x68, 0x2b, 0x0e, 0xf4, 0xe5, 0xe7, 0x44, 0x02, 0x95,
0x02, 0xdc, 0xce, 0x38, 0x51, 0xc1, 0xc3, 0x16, 0x80, 0xf2, 0x40, 0x32, 0xb2, 0xa0, 0x2c, 0x3d,
0x53, 0xc3, 0x32, 0xfe, 0x98, 0x70, 0x47, 0xda, 0x61, 0x1c, 0x75, 0x18, 0x27, 0xe1, 0x9e, 0xca,
0x27, 0x71, 0x4f, 0x57, 0xa1, 0x1a, 0x11, 0x9b, 0x70, 0x07, 0xd9, 0xd6, 0x0e, 0x97, 0xdc, 0x12,
0x9b, 0x1c, 0x0d, 0x9d, 0x01, 0x18, 0x85, 0xd8, 0x26, 0xd8, 0xb1, 0x6c, 0xee, 0x39, 0x2b, 0x66,
0x43, 0x40, 0xfa, 0x04, 0xdd, 0x88, 0xe5, 0x58, 0x65, 0x6c, 0x6c, 0xe6, 0x10, 0x4c, 0xe8, 0x25,
0x96, 0xb4, 0xba, 0xed, 0xb5, 0xa3, 0x6f, 0xbb, 0x58, 0xc7, 0x91, 0x35, 0x87, 0xb5, 0x50, 0xe8,
0xb0, 0xf8, 0x8a, 0xe3, 0x38, 0xac, 0x7a, 0xa1, 0xc3, 0x12, 0x34, 0x8e, 0x74, 0x58, 0x3f, 0xa4,
0xeb, 0xb9, 0x0b, 0xdd, 0xec, 0xd5, 0x11, 0x2e, 0xe3, 0x1a, 0xd4, 0x22, 0x06, 0x39, 0xc2, 0xfd,
0x88, 0x25, 0x02, 0xd1, 0xf8, 0x77, 0x49, 0xb7, 0xba, 0x8f, 0xdd, 0x09, 0xc1, 0x61, 0xc6, 0xea,
0x94, 0xf1, 0x94, 0x8f, 0x67, 0x3c, 0x43, 0x68, 0x33, 0xb1, 0x5b, 0x11, 0x9e, 0xb0, 0xe8, 0xc6,
0x72, 0xe7, 0xe6, 0xd6, 0x9b, 0x39, 0x0b, 0xf9, 0x96, 0x5c, 0x67, 0x43, 0x81, 0xce, 0x25, 0xde,
0x9a, 0xe8, 0xb0, 0xde, 0x87, 0x80, 0xb2, 0x48, 0x27, 0x12, 0xdd, 0xa7, 0xf4, 0xba, 0xd2, 0xd4,
0x39, 0xc7, 0x6d, 0x3f, 0x62, 0x6c, 0x1c, 0x21, 0x37, 0xce, 0xa7, 0x29, 0x10, 0x8d, 0x3f, 0x54,
0x00, 0xe2, 0xc9, 0x97, 0xf6, 0x9e, 0x5e, 0x57, 0xb7, 0x86, 0xa7, 0x06, 0xe7, 0x72, 0xe8, 0xe5,
0xde, 0x97, 0x8f, 0x93, 0xf7, 0x85, 0x27, 0x09, 0x17, 0xf2, 0x56, 0xbf, 0xb4, 0x37, 0x65, 0x1b,
0xd6, 0xd2, 0xea, 0x16, 0xf7, 0xe4, 0x32, 0x54, 0x5d, 0x82, 0xa7, 0xbc, 0x10, 0x6c, 0x6e, 0xad,
0xe4, 0x1c, 0xcb, 0xe4, 0x18, 0xc6, 0x79, 0x68, 0xec, 0x4d, 0xed, 0x31, 0x1e, 0x06, 0x78, 0x44,
0xf7, 0x72, 0xe9, 0x40, 0xec, 0xcf, 0x07, 0xc6, 0x16, 0xd4, 0x6f, 0xe3, 0xc3, 0xcf, 0xe9, 0xbe,
0xc7, 0xe5, 0xcf, 0xf8, 0x47, 0x09, 0xd6, 0x99, 0xbb, 0xdb, 0x96, 0x65, 0x98, 0x89, 0x23, 0x7f,
0x16, 0x8e, 0x70, 0xc4, 0x54, 0x1a, 0xcc, 0xac, 0x00, 0x87, 0xae, 0xcf, 0x6d, 0x8a, 0xaa, 0x34,
0x98, 0xed, 0x33, 0x00, 0x2d, 0xd5, 0xe8, 0xf4, 0xd7, 0x33, 0x5f, 0xd8, 0x56, 0xc5, 0xac, 0x8f,
0x82, 0xd9, 0x67, 0x74, 0x2c, 0xd7, 0x46, 0x07, 0x76, 0x88, 0x23, 0x66, 0x43, 0x7c, 0xed, 0x90,
0x01, 0xd0, 0x35, 0x38, 0x35, 0xc5, 0x53, 0x3f, 0x3c, 0xb4, 0x26, 0xee, 0xd4, 0x25, 0x96, 0xeb,
0x59, 0x0f, 0x0f, 0x09, 0x8e, 0x84, 0xe1, 0x20, 0x3e, 0x79, 0x87, 0xce, 0xed, 0x79, 0x1f, 0xd1,
0x19, 0x64, 0x40, 0xcb, 0xf7, 0xa7, 0x56, 0x34, 0xf2, 0x43, 0x6c, 0xd9, 0xce, 0x63, 0xe6, 0xef,
0x2b, 0x66, 0xd3, 0xf7, 0xa7, 0x43, 0x0a, 0xeb, 0x3b, 0x8f, 0x0d, 0x1b, 0x5a, 0x89, 0x42, 0x87,
0x26, 0xee, 0xac, 0xa2, 0x11, 0x89, 0x3b, 0xfd, 0xa6, 0xb0, 0xd0, 0x9f, 0x48, 0x39, 0xb0, 0x6f,
0x0a, 0x23, 0x87, 0x81, 0xcc, 0xda, 0xd9, 0x37, 0x15, 0xd8, 0x04, 0x3f, 0x15, 0x75, 0x64, 0xc3,
0xe4, 0x03, 0xc3, 0x01, 0xd8, 0xb6, 0x03, 0xfb, 0xa1, 0x3b, 0x71, 0xc9, 0x21, 0xba, 0x0c, 0x1d,
0xdb, 0x71, 0xac, 0x91, 0x84, 0xb8, 0x58, 0x16, 0xf5, 0x4b, 0xb6, 0xe3, 0x6c, 0x6b, 0x60, 0xf4,
0x06, 0x2c, 0x3b, 0xa1, 0x1f, 0x24, 0x71, 0x79, 0x95, 0xdf, 0xa1, 0x13, 0x3a, 0xb2, 0xf1, 0x9f,
0x32, 0x9c, 0x49, 0xaa, 0x25, 0x5d, 0x3a, 0x5e, 0x87, 0xc5, 0xd4, 0xae, 0xa5, 0x84, 0x05, 0xc5,
0x4c, 0x9a, 0x09, 0x44, 0x74, 0x16, 0x20, 0x08, 0xdd, 0xa7, 0xee, 0x04, 0x8f, 0xb1, 0xac, 0x65,
0x35, 0x48, 0x7e, 0x4d, 0x5a, 0xf9, 0x3e, 0x6a, 0xd2, 0xf9, 0xef, 0x52, 0x93, 0x56, 0x8f, 0x51,
0x93, 0xd6, 0x4e, 0x52, 0x93, 0x2e, 0x14, 0xd6, 0xa4, 0x7f, 0x2a, 0xc1, 0x6a, 0x52, 0xf8, 0xa2,
0xcc, 0xb9, 0x05, 0x8d, 0x50, 0xde, 0x0e, 0x21, 0xf0, 0xcd, 0x64, 0xd2, 0x90, 0xbd, 0x45, 0x66,
0xbc, 0x04, 0x7d, 0x56, 0x58, 0xad, 0xbe, 0x56, 0x40, 0xe6, 0xb9, 0xf5, 0x6a, 0x1f, 0x96, 0x15,
0xf2, 0x91, 0xe5, 0xaa, 0x56, 0x7e, 0x96, 0x93, 0xe5, 0xa7, 0x07, 0xb5, 0x1d, 0xfc, 0xd4, 0x1d,
0xe1, 0xef, 0xa5, 0x47, 0xb3, 0x09, 0xcd, 0x00, 0x87, 0x53, 0x37, 0x8a, 0x94, 0xe1, 0x34, 0x4c,
0x1d, 0x64, 0xfc, 0xab, 0x0a, 0x4b, 0x69, 0xc9, 0xbe, 0x93, 0xa9, 0x76, 0x7b, 0xb1, 0x25, 0xa7,
0xcf, 0xa7, 0x45, 0xa9, 0x4b, 0xd2, 0x11, 0x96, 0x53, 0xa9, 0xad, 0xf2, 0x95, 0xc2, 0x39, 0xd2,
0xf3, 0x8f, 0xfc, 0xe9, 0xd4, 0xf6, 0x1c, 0xd9, 0x3f, 0x13, 0x43, 0x2a, 0x2d, 0x3b, 0x1c, 0x53,
0xf3, 0xa4, 0x60, 0xf6, 0x8d, 0xce, 0x41, 0x93, 0xa6, 0x88, 0xae, 0xc7, 0x8a, 0x65, 0x61, 0x7c,
0x20, 0x40, 0x3b, 0x6e, 0x88, 0x2e, 0xc2, 0x3c, 0xf6, 0x9e, 0xca, 0x78, 0x14, 0x37, 0xd8, 0xa4,
0x03, 0x36, 0xd9, 0x34, 0x7a, 0x0d, 0x6a, 0x53, 0x7f, 0xe6, 0x11, 0x99, 0x2c, 0xb6, 0x15, 0x22,
0xeb, 0x8a, 0x99, 0x62, 0x16, 0x5d, 0x86, 0x05, 0x87, 0xe9, 0x40, 0x66, 0x84, 0x4b, 0x71, 0xc1,
0xcd, 0xe0, 0xa6, 0x9c, 0x47, 0xef, 0xab, 0x48, 0xda, 0x48, 0xc5, 0xc2, 0x94, 0x50, 0x73, 0xc3,
0xe9, 0xed, 0x64, 0x38, 0x05, 0x46, 0xe2, 0x72, 0x21, 0x89, 0xa3, 0xcb, 0xe5, 0xd3, 0x50, 0x9f,
0xf8, 0x63, 0x6e, 0x07, 0x4d, 0x5e, 0xc5, 0x4c, 0xfc, 0x31, 0x33, 0x83, 0x55, 0x9a, 0x3e, 0x38,
0xae, 0xd7, 0x5d, 0x64, 0x77, 0x92, 0x0f, 0x68, 0x54, 0x60, 0x1f, 0x96, 0xef, 0x8d, 0x70, 0xb7,
0xc5, 0xa6, 0x1a, 0x0c, 0x72, 0xcf, 0x1b, 0xb1, 0xa0, 0x45, 0xc8, 0x61, 0xb7, 0xcd, 0xe0, 0xf4,
0x13, 0xfd, 0xbf, 0x4c, 0xd1, 0x97, 0x98, 0x7e, 0xcf, 0x14, 0x5c, 0x93, 0x97, 0xa6, 0x1e, 0xff,
0x6b, 0x09, 0xd6, 0xb6, 0x59, 0xd2, 0xa3, 0x79, 0x82, 0x13, 0xd4, 0x93, 0xe8, 0x6d, 0x55, 0xb8,
0xa7, 0x8b, 0xbf, 0xf4, 0x61, 0x05, 0x1e, 0xfa, 0x10, 0xda, 0x92, 0xa6, 0x58, 0x59, 0x79, 0x5e,
0xc9, 0xdf, 0x8a, 0xf4, 0xa1, 0xf1, 0x3e, 0xac, 0x67, 0x78, 0x16, 0x09, 0xca, 0x79, 0x58, 0x8c,
0x3d, 0x82, 0x62, 0xb9, 0xa9, 0x60, 0x7b, 0x8e, 0x71, 0x83, 0x16, 0xfe, 0x76, 0x48, 0x32, 0x07,
0x3e, 0xc6, 0x5a, 0x56, 0xf5, 0x27, 0xd7, 0x8a, 0xc2, 0x7c, 0x08, 0xab, 0x43, 0xe2, 0x07, 0x2f,
0x40, 0x94, 0xde, 0x74, 0x7a, 0x6c, 0x7f, 0x46, 0x44, 0x56, 0x22, 0x87, 0xc6, 0x3a, 0xef, 0x51,
0x64, 0x77, 0x7b, 0x0f, 0xd6, 0x78, 0x8b, 0xe0, 0x45, 0x0e, 0x71, 0x5a, 0x36, 0x28, 0xb2, 0x74,
0x7f, 0x5d, 0xd6, 0x5c, 0x5d, 0x41, 0x4d, 0xf3, 0x56, 0xb2, 0xa6, 0x59, 0xcf, 0x2a, 0x3c, 0x91,
0x67, 0x67, 0xcd, 0xa8, 0x92, 0x63, 0x46, 0x66, 0xa6, 0xf0, 0x99, 0x67, 0x37, 0xfd, 0x8d, 0x2c,
0xf5, 0xff, 0x61, 0xdd, 0xb3, 0xc7, 0xeb, 0x1e, 0xb5, 0xb5, 0xea, 0xb5, 0xbc, 0x9d, 0xaa, 0x7b,
0xba, 0x45, 0x6c, 0xaa, 0xb2, 0xe7, 0x57, 0xf3, 0xd0, 0x50, 0x73, 0x19, 0x99, 0x66, 0x85, 0x54,
0xce, 0x11, 0x92, 0x1e, 0x74, 0x2a, 0x2f, 0x12, 0x74, 0xe6, 0x9f, 0x17, 0x74, 0x36, 0xa0, 0xc1,
0x3e, 0xac, 0x10, 0x3f, 0x12, 0x41, 0xa4, 0xce, 0x00, 0x26, 0x7e, 0x14, 0x2b, 0xbe, 0x76, 0x2c,
0xc5, 0x27, 0x0b, 0xac, 0x85, 0x74, 0x81, 0xf5, 0x8e, 0x0a, 0x0b, 0x3c, 0x80, 0x9c, 0xcd, 0x92,
0xcb, 0x0d, 0x08, 0xbb, 0xc9, 0x80, 0xc0, 0x63, 0xca, 0xab, 0x39, 0x8b, 0x5f, 0xda, 0xf2, 0xea,
0x0e, 0x2f, 0xaf, 0x74, 0xab, 0x12, 0xde, 0x6b, 0x0b, 0x40, 0x5d, 0x54, 0x59, 0x63, 0xa1, 0xec,
0xd1, 0x4c, 0x0d, 0x8b, 0xba, 0x82, 0x84, 0xfc, 0xe3, 0x86, 0xe0, 0x31, 0x5c, 0xc1, 0x5f, 0xf4,
0xd4, 0xa6, 0xa0, 0x73, 0xf6, 0x4e, 0xa6, 0x22, 0x3f, 0x9e, 0xd5, 0xbd, 0x95, 0x2c, 0xc8, 0x4f,
0x66, 0x2e, 0x99, 0x7a, 0x9c, 0x45, 0x62, 0x3b, 0x14, 0xd3, 0xbc, 0x94, 0x6a, 0x08, 0x48, 0x9f,
0xd0, 0xfc, 0xe7, 0x91, 0xeb, 0xb9, 0xd1, 0x01, 0x9f, 0xaf, 0xb1, 0x79, 0x90, 0xa0, 0x3e, 0xfb,
0x1d, 0x88, 0x9f, 0xb9, 0xc4, 0x1a, 0xf9, 0x0e, 0x66, 0xc6, 0x58, 0x35, 0xeb, 0x14, 0xb0, 0xed,
0x3b, 0x38, 0xbe, 0x20, 0xf5, 0x13, 0x5d, 0x90, 0x46, 0xea, 0x82, 0xac, 0x41, 0x2d, 0xc4, 0x76,
0xe4, 0x7b, 0x5d, 0xe0, 0x3f, 0x15, 0xf9, 0x88, 0x3a, 0xf8, 0x29, 0x8e, 0x22, 0xba, 0x81, 0xc8,
0x3a, 0xc4, 0x50, 0xcb, 0x8d, 0x16, 0x8b, 0x72, 0xa3, 0x23, 0x5a, 0x73, 0xa9, 0xdc, 0xa8, 0x55,
0x94, 0x1b, 0x1d, 0xa7, 0x33, 0xa7, 0x65, 0x7e, 0xed, 0xa3, 0x32, 0xbf, 0x1f, 0xf2, 0xe2, 0xdc,
0x86, 0xf5, 0x8c, 0xa9, 0x8b, 0x9b, 0xf3, 0x76, 0xaa, 0x81, 0xd7, 0x2d, 0x92, 0x82, 0xea, 0xdf,
0xfd, 0x1c, 0x96, 0x76, 0x9f, 0xe1, 0xd1, 0xf0, 0xd0, 0x1b, 0x9d, 0x20, 0x56, 0x77, 0xa0, 0x32,
0x9a, 0x3a, 0xa2, 0x0c, 0xa6, 0x9f, 0x7a, 0xf4, 0xae, 0x24, 0xa3, 0xb7, 0x05, 0x9d, 0x78, 0x07,
0xc1, 0xe7, 0x1a, 0xe5, 0xd3, 0xa1, 0xc8, 0x94, 0xf8, 0xa2, 0x29, 0x46, 0x02, 0x8e, 0xc3, 0x90,
0x9d, 0x9a, 0xc3, 0x71, 0x18, 0x26, 0xcd, 0xb6, 0x92, 0x34, 0x5b, 0xe3, 0x31, 0x34, 0xe9, 0x06,
0xdf, 0x89, 0x7d, 0x91, 0xc2, 0x56, 0xe2, 0x14, 0x56, 0x65, 0xc2, 0xf3, 0x5a, 0x26, 0x6c, 0x6c,
0xc2, 0x22, 0xdf, 0x4b, 0x1c, 0xa4, 0x03, 0x95, 0x59, 0x38, 0x91, 0x7a, 0x9b, 0x85, 0x13, 0xe3,
0xa7, 0xd0, 0xea, 0x13, 0x62, 0x8f, 0x0e, 0x4e, 0xc0, 0x8f, 0xda, 0xab, 0xac, 0xef, 0x65, 0x40,
0x5b, 0x52, 0x2a, 0xdc, 0x6d, 0x00, 0x68, 0xdf, 0x0f, 0xc9, 0xc7, 0x7e, 0xf8, 0x8d, 0x1d, 0x3a,
0x27, 0xcb, 0x59, 0x11, 0xcc, 0x8b, 0x77, 0x03, 0x95, 0x4b, 0x55, 0x93, 0x7d, 0x1b, 0xaf, 0xc3,
0x4a, 0x82, 0x5e, 0xe1, 0xc6, 0xd7, 0xa1, 0xc9, 0xbc, 0x82, 0xc8, 0x8e, 0x2e, 0xe9, 0x9d, 0xad,
0xa3, 0x5c, 0x07, 0xad, 0x7c, 0xa9, 0xdb, 0x67, 0x70, 0xe5, 0xa3, 0xdf, 0x4c, 0x25, 0x12, 0xab,
0xc9, 0xf5, 0xa9, 0x24, 0xe2, 0x97, 0x50, 0x65, 0xe0, 0x8c, 0x8f, 0xde, 0xa0, 0x85, 0x7e, 0xe0,
0x5b, 0xc4, 0x1e, 0xab, 0x97, 0x18, 0x14, 0x70, 0xdf, 0x1e, 0x47, 0xec, 0x21, 0x09, 0x9d, 0x74,
0xdc, 0x31, 0x8e, 0x88, 0x7c, 0x8e, 0xd1, 0xa4, 0xb0, 0x1d, 0x0e, 0xa2, 0x12, 0x89, 0xdc, 0x5f,
0xf0, 0x04, 0x61, 0xde, 0x64, 0xdf, 0xaa, 0x15, 0x55, 0x8d, 0x5b, 0x51, 0xc6, 0xfb, 0x80, 0xf4,
0x33, 0x08, 0x21, 0xbd, 0x06, 0x35, 0x76, 0x44, 0x19, 0xb2, 0xda, 0xc9, 0x43, 0x98, 0x62, 0xd6,
0xb8, 0x05, 0x88, 0x4b, 0x25, 0x11, 0xa6, 0x8e, 0x2f, 0xc1, 0xf7, 0x60, 0x25, 0xb1, 0x5e, 0xfd,
0xef, 0x4b, 0x10, 0x48, 0xef, 0x2e, 0x16, 0xff, 0xb3, 0x04, 0xd0, 0x9f, 0x91, 0x03, 0x51, 0xc0,
0xf7, 0xa0, 0x4e, 0x4f, 0xa4, 0xb5, 0x1d, 0xd4, 0x98, 0xce, 0x05, 0x76, 0x14, 0x7d, 0xe3, 0x87,
0x32, 0x0f, 0x53, 0x63, 0x56, 0x7c, 0xcf, 0xc8, 0x81, 0x6c, 0xbc, 0xd1, 0x6f, 0x74, 0x11, 0xda,
0xfc, 0x45, 0x8c, 0x65, 0x3b, 0x4e, 0x88, 0xa3, 0x48, 0x74, 0xe0, 0x5a, 0x1c, 0xda, 0xe7, 0x40,
0x8a, 0xe6, 0x3a, 0xd8, 0x23, 0x2e, 0x39, 0xb4, 0x88, 0xff, 0x04, 0x7b, 0x42, 0xb4, 0x2d, 0x09,
0xbd, 0x4f, 0x81, 0x14, 0x2d, 0xc4, 0x63, 0x37, 0x22, 0xa1, 0x44, 0xab, 0x71, 0x34, 0x09, 0x65,
0x68, 0xc6, 0xb7, 0x25, 0xe8, 0xec, 0xcf, 0x26, 0x13, 0x7e, 0xc8, 0x93, 0xca, 0x12, 0xbd, 0x2e,
0xce, 0x51, 0x4e, 0xb5, 0xe1, 0x62, 0x11, 0x89, 0xc3, 0x7d, 0xf7, 0x72, 0x6d, 0x05, 0x96, 0x35,
0x46, 0x45, 0xa5, 0x71, 0x0b, 0x10, 0x2f, 0x42, 0x5e, 0x8c, 0x7f, 0xe3, 0x14, 0xac, 0x24, 0xd6,
0x0b, 0xb2, 0x57, 0xa0, 0x25, 0x7e, 0x9e, 0x09, 0x3d, 0x9f, 0x86, 0x3a, 0xf5, 0x08, 0x23, 0xd7,
0x91, 0x4d, 0xd5, 0x85, 0xc0, 0x77, 0xb6, 0x5d, 0x27, 0x34, 0x06, 0xd0, 0x32, 0x39, 0x79, 0x81,
0x7b, 0x13, 0xda, 0xe2, 0x57, 0x9b, 0x95, 0xf8, 0x19, 0x1d, 0x77, 0x00, 0x13, 0xb4, 0xcd, 0x96,
0xa7, 0x0f, 0x8d, 0xaf, 0xa0, 0xf7, 0x20, 0x70, 0x68, 0x4a, 0xa3, 0x53, 0x95, 0x47, 0xbb, 0x09,
0xf2, 0x51, 0x56, 0x11, 0xf1, 0xe4, 0xb2, 0x56, 0xa8, 0x0f, 0x8d, 0x33, 0xb0, 0x91, 0x4b, 0x5c,
0x9c, 0x3b, 0x80, 0x4e, 0x3c, 0xe1, 0xb8, 0xb2, 0x97, 0xcc, 0x7a, 0xc4, 0x25, 0xad, 0x47, 0xbc,
0xa6, 0xe2, 0x24, 0xf7, 0xb8, 0x62, 0xa4, 0xa5, 0x2e, 0x95, 0xa2, 0xd4, 0x65, 0x3e, 0x91, 0xba,
0x18, 0x9f, 0x2a, 0xe9, 0x89, 0xbc, 0xf1, 0x5d, 0x96, 0xbc, 0xf2, 0xbd, 0xa5, 0x27, 0x38, 0x9d,
0x73, 0x38, 0x8e, 0x61, 0x6a, 0xc8, 0xc6, 0x12, 0xb4, 0x12, 0x3e, 0xc1, 0xf8, 0x10, 0xda, 0xa9,
0x4b, 0x7e, 0x35, 0x15, 0xe0, 0x33, 0x62, 0x4b, 0x86, 0xf7, 0x2b, 0xaf, 0x40, 0x5d, 0xbe, 0x1d,
0x43, 0x0b, 0x50, 0xb9, 0xbf, 0xbd, 0xdf, 0x99, 0xa3, 0x1f, 0x0f, 0x76, 0xf6, 0x3b, 0xa5, 0x2b,
0x37, 0x60, 0x29, 0xf5, 0x5b, 0x08, 0x2d, 0x43, 0x6b, 0xd8, 0x1f, 0xec, 0x7c, 0x74, 0xef, 0x0b,
0xcb, 0xdc, 0xed, 0xef, 0x7c, 0xd9, 0x99, 0x43, 0xab, 0xd0, 0x91, 0xa0, 0xc1, 0xbd, 0xfb, 0x1c,
0x5a, 0xba, 0xf2, 0x04, 0xda, 0xc9, 0x0c, 0x16, 0x9d, 0x82, 0xe5, 0xed, 0x7b, 0x83, 0xfb, 0xfd,
0xbd, 0xc1, 0xae, 0x69, 0x6d, 0x9b, 0xbb, 0xfd, 0xfb, 0xbb, 0x3b, 0x9d, 0xb9, 0x24, 0xd8, 0x7c,
0x30, 0x18, 0xec, 0x0d, 0x3e, 0xe9, 0x94, 0x28, 0xd5, 0x18, 0xbc, 0xfb, 0xc5, 0x1e, 0x45, 0x2e,
0x27, 0x91, 0x1f, 0x0c, 0x6e, 0x0f, 0xee, 0xfd, 0x6c, 0xd0, 0xa9, 0x6c, 0xfd, 0xb9, 0x09, 0x6d,
0x79, 0x40, 0x1c, 0xb2, 0xa6, 0xe7, 0x2d, 0x58, 0x90, 0xcf, 0xfa, 0xe2, 0x9c, 0x3a, 0xf9, 0x06,
0xb1, 0xd7, 0xcd, 0x4e, 0x08, 0x43, 0x99, 0x43, 0xfb, 0x4c, 0x71, 0xda, 0x2f, 0xb8, 0x33, 0xba,
0x28, 0x33, 0xff, 0xf8, 0x7a, 0x67, 0x8b, 0xa6, 0x15, 0xc5, 0x21, 0xd5, 0x96, 0xfe, 0x16, 0x02,
0xc5, 0x6b, 0x72, 0xdf, 0x58, 0xf4, 0xce, 0x15, 0xce, 0x2b, 0xa2, 0x5f, 0x42, 0x27, 0xfd, 0x0a,
0x02, 0xc5, 0xcd, 0xeb, 0x82, 0x17, 0x16, 0xbd, 0xf3, 0x47, 0x60, 0xe8, 0xa4, 0x33, 0xef, 0x05,
0x36, 0x8b, 0xff, 0xf8, 0x66, 0x48, 0x17, 0xfd, 0x46, 0xe6, 0xa2, 0x48, 0xfe, 0x3a, 0x43, 0xfa,
0x5f, 0xfa, 0x9c, 0x5f, 0xa8, 0x9a, 0x28, 0xf2, 0xff, 0xb9, 0x19, 0x73, 0xe8, 0x73, 0x58, 0x4a,
0xf5, 0xbb, 0x50, 0xbc, 0x2a, 0xbf, 0x7b, 0xd7, 0xdb, 0x2c, 0x46, 0x48, 0xea, 0x4d, 0xef, 0x66,
0x25, 0xf4, 0x96, 0xd3, 0x22, 0x4b, 0xe8, 0x2d, 0xb7, 0x0d, 0xc6, 0xcc, 0x2b, 0xd1, 0xb3, 0xd2,
0xcc, 0x2b, 0xaf, 0x41, 0xd6, 0x3b, 0x5b, 0x34, 0xad, 0x1f, 0x3f, 0xd5, 0xaf, 0xd2, 0x8e, 0x9f,
0xdf, 0x06, 0xeb, 0x6d, 0x16, 0x23, 0xa4, 0x75, 0x15, 0xd7, 0xe1, 0x29, 0x5d, 0x65, 0xda, 0x3e,
0x29, 0x5d, 0x65, 0x0b, 0x78, 0xa1, 0xab, 0x54, 0x41, 0x7d, 0xae, 0xb0, 0x16, 0xc9, 0xea, 0x2a,
0xbf, 0xbc, 0x31, 0xe6, 0x50, 0x1f, 0xea, 0xb2, 0x98, 0x40, 0xf1, 0xed, 0x4e, 0x55, 0x30, 0xbd,
0xd3, 0x39, 0x33, 0x8a, 0xc4, 0x8f, 0x61, 0x9e, 0x42, 0xd1, 0x6a, 0x02, 0x49, 0x2e, 0x3d, 0x95,
0x82, 0xaa, 0x65, 0xef, 0x41, 0x8d, 0x67, 0xe3, 0x28, 0xf6, 0xb9, 0x89, 0x44, 0xbf, 0xb7, 0x9e,
0x81, 0xab, 0xc5, 0x9f, 0xf2, 0xa7, 0xbe, 0x22, 0xad, 0x46, 0x1b, 0x89, 0x07, 0x76, 0xc9, 0xe4,
0xbd, 0xf7, 0x4a, 0xfe, 0xa4, 0xa2, 0xf5, 0x10, 0x56, 0x72, 0x42, 0x20, 0x8a, 0x7b, 0x3f, 0xc5,
0xd1, 0xb7, 0x77, 0xe1, 0x68, 0x24, 0xfd, 0xb0, 0x42, 0x6b, 0x6b, 0xba, 0xa9, 0x6b, 0xca, 0x5a,
0xcf, 0xc0, 0xe5, 0xe2, 0xad, 0xbf, 0x95, 0x61, 0x91, 0x27, 0x2a, 0xc2, 0x55, 0x7f, 0x02, 0x10,
0xa7, 0xcb, 0xa8, 0x97, 0xb0, 0x9e, 0x44, 0x1d, 0xd0, 0xdb, 0xc8, 0x9d, 0xd3, 0xc5, 0xa8, 0x65,
0xbe, 0x9a, 0x18, 0xb3, 0xf9, 0xb4, 0x26, 0xc6, 0x9c, 0x64, 0xd9, 0x98, 0x43, 0x3b, 0xd0, 0x50,
0xe9, 0x18, 0xd2, 0xb2, 0xb8, 0x54, 0x2e, 0xd9, 0xeb, 0xe5, 0x4d, 0xe9, 0x1c, 0x69, 0xf9, 0x97,
0xc6, 0x51, 0x36, 0xab, 0xd3, 0x38, 0xca, 0x4b, 0xd9, 0xe6, 0xfe, 0x1b, 0x00, 0x00, 0xff, 0xff,
0xce, 0x7b, 0x46, 0x5c, 0x58, 0x2f, 0x00, 0x00,
}

14
pkg/kubelet/api/v1alpha1/runtime/api.proto
View File

@ -159,8 +159,9 @@ message LinuxSandboxSecurityContext {
optional NamespaceOption namespace_options = 1;
// Optional SELinux context to be applied.
optional SELinuxOption selinux_options = 2;
// The UID to run the entrypoint of the sandbox process.
optional int64 run_as_user = 3;
// The user to run the entrypoint of the sandbox process, it could be uid or
// user name.
optional string run_as_user = 3;
// If set, the root filesystem of the sandbox is read-only.
optional bool readonly_rootfs = 4;
// A list of groups applied to the first process run in the sandbox, in addition
@ -439,9 +440,10 @@ message LinuxContainerSecurityContext {
optional NamespaceOption namespace_options = 3;
// Optional SELinux context to be applied.
optional SELinuxOption selinux_options = 4;
// The UID to run the the container process as.
// The user to run the the container process as, it could be uid or user
// name.
// Defaults to user specified in image metadata if unspecified.
optional int64 run_as_user = 5;
optional string run_as_user = 5;
// If set, the root filesystem of the container is read-only.
optional bool readonly_rootfs = 6;
// A list of groups applied to the first process run in the container, in addition
@ -758,8 +760,8 @@ message Image {
repeated string repo_digests = 3;
// The size of the image in bytes.
optional uint64 size = 4;
// The uid that will run the command(s).
optional int64 uid = 5;
// The user that will run the command(s).
optional string user = 5;
}
message ListImagesResponse {

15
pkg/kubelet/dockershim/convert.go
View File

@ -18,7 +18,6 @@ package dockershim
import (
"fmt"
"strconv"
"strings"
"time"
@ -57,24 +56,14 @@ func imageInspectToRuntimeAPIImage(image *dockertypes.ImageInspect) (*runtimeApi
return nil, fmt.Errorf("unable to convert a nil pointer to a runtime API image")
}
var err error
var uid int64
size := uint64(image.VirtualSize)
imageUid := dockertools.GetUidFromUser(image.Config.User)
// Convert image UID to int64 format. Not that it assumes the process in
// the image is running as root if image.Config.User is not set.
if imageUid != "" {
uid, err = strconv.ParseInt(imageUid, 10, 64)
if err != nil {
return nil, fmt.Errorf("non-numeric user (%q)", imageUid)
}
}
user := dockertools.GetUserFromImageUser(image.Config.User)
return &runtimeApi.Image{
Id: &image.ID,
RepoTags: image.RepoTags,
RepoDigests: image.RepoDigests,
Size_: &size,
Uid: &uid,
User: &user,
}, nil
}

4
pkg/kubelet/dockershim/security_context.go
View File

@ -61,9 +61,7 @@ func applyContainerSecurityContext(lc *runtimeapi.LinuxContainerConfig, sandboxI
// modifyContainerConfig applies container security context config to dockercontainer.Config.
func modifyContainerConfig(sc *runtimeapi.LinuxContainerSecurityContext, config *dockercontainer.Config) {
if sc != nil && sc.RunAsUser != nil {
config.User = strconv.FormatInt(sc.GetRunAsUser(), 10)
}
config.User = sc.GetRunAsUser()
}
// modifyHostConfig applies security context config to dockercontainer.HostConfig.

5
pkg/kubelet/dockershim/security_context_test.go
View File

@ -18,7 +18,6 @@ package dockershim
import (
"fmt"
"strconv"
"testing"
dockercontainer "github.com/docker/engine-api/types/container"
@ -29,7 +28,7 @@ import (
)
func TestModifyContainerConfig(t *testing.T) {
var uid int64 = 123
var uid string = "123"
cases := []struct {
name string
@ -42,7 +41,7 @@ func TestModifyContainerConfig(t *testing.T) {
RunAsUser: &uid,
},
expected: &dockercontainer.Config{
User: strconv.FormatInt(uid, 10),
User: uid,
},
},
{

10
pkg/kubelet/dockertools/docker_manager.go
View File

@ -2474,7 +2474,7 @@ func (dm *DockerManager) isImageRoot(image string) (bool, error) {
return false, fmt.Errorf("unable to inspect image %s, nil Config", image)
}
user := GetUidFromUser(img.Config.User)
user := GetUserFromImageUser(img.Config.User)
// if no user is defined container will run as root
if user == "" {
return true, nil
@ -2488,16 +2488,16 @@ func (dm *DockerManager) isImageRoot(image string) (bool, error) {
return uid == 0, nil
}
// GetUidFromUser splits the uid out of an uid:gid string.
func GetUidFromUser(id string) string {
// GetUserFromImageUser splits the user out of an user:group string.
func GetUserFromImageUser(id string) string {
if id == "" {
return id
}
// split instances where the id may contain uid:gid
// split instances where the id may contain user:group
if strings.Contains(id, ":") {
return strings.Split(id, ":")[0]
}
// no gid, just return the id
// no group, just return the id
return id
}

12
pkg/kubelet/dockertools/docker_manager_test.go
View File

@ -1431,7 +1431,7 @@ func TestVerifyNonRoot(t *testing.T) {
}
}
func TestGetUidFromUser(t *testing.T) {
func TestGetUserFromImageUser(t *testing.T) {
tests := map[string]struct {
input string
expect string
@ -1452,9 +1452,17 @@ func TestGetUidFromUser(t *testing.T) {
input: "1:2:3",
expect: "1",
},
"root username": {
input: "root:root",
expect: "root",
},
"username": {
input: "test:test",
expect: "test",
},
}
for k, v := range tests {
actual := GetUidFromUser(v.input)
actual := GetUserFromImageUser(v.input)
if actual != v.expect {
t.Errorf("%s failed. Expected %s but got %s", k, v.expect, actual)
}

1
pkg/kubelet/kuberuntime/BUILD
View File

@ -60,6 +60,7 @@ go_library(
"//vendor:github.com/coreos/go-semver/semver",
"//vendor:github.com/docker/docker/pkg/jsonlog",
"//vendor:github.com/fsnotify/fsnotify",
"//vendor:github.com/gogo/protobuf/proto",
"//vendor:github.com/golang/glog",
"//vendor:github.com/google/cadvisor/info/v1",
],

11
pkg/kubelet/kuberuntime/helpers.go
View File

@ -147,13 +147,18 @@ func getContainerSpec(pod *api.Pod, containerName string) *api.Container {
}
// getImageUID gets uid that will run the command(s) from image.
func (m *kubeGenericRuntimeManager) getImageUser(image string) (int64, error) {
func (m *kubeGenericRuntimeManager) getImageUser(image string) (string, error) {
imageStatus, err := m.imageService.ImageStatus(&runtimeApi.ImageSpec{Image: &image})
if err != nil {
return 0, err
return "", err
}
return imageStatus.GetUid(), nil
user := imageStatus.GetUser()
// kuberuntime treats empty user as root.
if user == "" {
return "0", nil
}
return user, nil
}
// isContainerFailed returns true if container has exited and exitcode is not zero.

2
pkg/kubelet/kuberuntime/kuberuntime_container.go
View File

@ -184,7 +184,7 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *api.Conta
}
// generateLinuxContainerConfig generates linux container config for kubelet runtime api.
func (m *kubeGenericRuntimeManager) generateLinuxContainerConfig(container *api.Container, pod *api.Pod, imageUser int64) *runtimeApi.LinuxContainerConfig {
func (m *kubeGenericRuntimeManager) generateLinuxContainerConfig(container *api.Container, pod *api.Pod, imageUser string) *runtimeApi.LinuxContainerConfig {
lc := &runtimeApi.LinuxContainerConfig{
Resources: &runtimeApi.LinuxContainerResources{},
SecurityContext: m.determineEffectiveSecurityContext(pod, container, imageUser),

2
pkg/kubelet/kuberuntime/kuberuntime_sandbox.go
View File

@ -146,7 +146,7 @@ func (m *kubeGenericRuntimeManager) generatePodSandboxLinuxConfig(pod *api.Pod,
HostIpc: &sc.HostIPC,
HostPid: &sc.HostPID,
},
RunAsUser: sc.RunAsUser,
RunAsUser: convertToRuntimeRunAsUser(sc.RunAsUser),
}
if sc.FSGroup != nil {

36
pkg/kubelet/kuberuntime/security_context.go
View File

@ -18,6 +18,10 @@ package kuberuntime
import (
"fmt"
"strconv"
"github.com/gogo/protobuf/proto"
"github.com/golang/glog"
"k8s.io/kubernetes/pkg/api"
runtimeapi "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
@ -25,7 +29,7 @@ import (
)
// determineEffectiveSecurityContext gets container's security context from api.Pod and api.Container.
func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.Pod, container *api.Container, imageUser int64) *runtimeapi.LinuxContainerSecurityContext {
func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.Pod, container *api.Container, imageUser string) *runtimeapi.LinuxContainerSecurityContext {
effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container)
synthesized := convertToRuntimeSecurityContext(effectiveSc)
if synthesized == nil {
@ -61,17 +65,29 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.P
}
// verifyRunAsNonRoot verifies RunAsNonRoot.
func verifyRunAsNonRoot(pod *api.Pod, container *api.Container, imageUser int64) error {
func verifyRunAsNonRoot(pod *api.Pod, container *api.Container, imageUser string) error {
effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container)
if effectiveSc == nil || effectiveSc.RunAsNonRoot == nil {
return nil
}
if effectiveSc.RunAsUser != nil && *effectiveSc.RunAsUser == 0 {
return fmt.Errorf("container's runAsUser breaks non-root policy")
if effectiveSc.RunAsUser != nil {
if *effectiveSc.RunAsUser == 0 {
return fmt.Errorf("container's runAsUser breaks non-root policy")
}
return nil
}
if imageUser == 0 {
// Non-root verification only supports numeric user now. For non-numeric user,
// just return nil to by-pass the verfication.
// TODO: Support non-numeric user.
uid, err := strconv.ParseInt(imageUser, 10, 64)
if err != nil {
glog.Warningf("Non-root verification doesn't support non-numeric user (%s)", imageUser)
return nil
}
if uid == 0 {
return fmt.Errorf("container has runAsNonRoot and image will run as root")
}
@ -85,7 +101,7 @@ func convertToRuntimeSecurityContext(securityContext *api.SecurityContext) *runt
}
return &runtimeapi.LinuxContainerSecurityContext{
RunAsUser: securityContext.RunAsUser,
RunAsUser: convertToRuntimeRunAsUser(securityContext.RunAsUser),
Privileged: securityContext.Privileged,
ReadonlyRootfs: securityContext.ReadOnlyRootFilesystem,
Capabilities: convertToRuntimeCapabilities(securityContext.Capabilities),
@ -93,6 +109,14 @@ func convertToRuntimeSecurityContext(securityContext *api.SecurityContext) *runt
}
}
// convertToRuntimeRunAsUser converts RunAsUser from *int64 to *string.
func convertToRuntimeRunAsUser(runAsUser *int64) *string {
if runAsUser == nil {
return nil
}
return proto.String(strconv.FormatInt(*runAsUser, 10))
}
// convertToRuntimeSELinuxOption converts api.SELinuxOptions to runtimeapi.SELinuxOption.
func convertToRuntimeSELinuxOption(opts *api.SELinuxOptions) *runtimeapi.SELinuxOption {
if opts == nil {