mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 04:33:26 +00:00
PodSecurity: baseline capabilities: regenerate files
This commit is contained in:
parent
809abf4f5b
commit
bd4dc42a72
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities4
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities5
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
securityContext: {}
|
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
name: capabilities_baseline1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities2
|
||||
name: capabilities_baseline2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities6
|
||||
name: capabilities_baseline3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
@ -26,5 +26,19 @@ spec:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities4
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities5
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
securityContext: {}
|
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
name: capabilities_baseline1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
@ -1,18 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities3
|
||||
name: capabilities_baseline2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities7
|
||||
name: capabilities_baseline3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,13 +1,27 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities4
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities5
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities6
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities7
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline0.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline0.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline1.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.10/fail/capabilities_baseline1.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities2
|
||||
name: capabilities_baseline2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities6
|
||||
name: capabilities_baseline3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
securityContext: {}
|
@ -1,7 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
@ -26,5 +26,19 @@ spec:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities4
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities5
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities6
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities7
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline0.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline0.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline1.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.11/fail/capabilities_baseline1.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
@ -1,18 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities3
|
||||
name: capabilities_baseline2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities7
|
||||
name: capabilities_baseline3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
securityContext: {}
|
@ -1,13 +1,27 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities4
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities5
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities6
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities7
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline0.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline0.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline1.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline1.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline2.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline2.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline3.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/fail/capabilities_baseline3.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
securityContext: {}
|
44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/capabilities_baseline0.yaml
vendored
Executable file
44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.12/pass/capabilities_baseline0.yaml
vendored
Executable file
@ -0,0 +1,44 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities4
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities5
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities6
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities7
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline0.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline0.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline1.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline1.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline2.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline2.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline3.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/fail/capabilities_baseline3.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
securityContext: {}
|
44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/capabilities_baseline0.yaml
vendored
Executable file
44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.13/pass/capabilities_baseline0.yaml
vendored
Executable file
@ -0,0 +1,44 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities4
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities5
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities6
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities7
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline0.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline0.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline1.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline1.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline2.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline2.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline3.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/fail/capabilities_baseline3.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,30 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
securityContext: {}
|
44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/capabilities_baseline0.yaml
vendored
Executable file
44
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.14/pass/capabilities_baseline0.yaml
vendored
Executable file
@ -0,0 +1,44 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- AUDIT_WRITE
|
||||
- CHOWN
|
||||
- DAC_OVERRIDE
|
||||
- FOWNER
|
||||
- FSETID
|
||||
- KILL
|
||||
- MKNOD
|
||||
- NET_BIND_SERVICE
|
||||
- SETFCAP
|
||||
- SETGID
|
||||
- SETPCAP
|
||||
- SETUID
|
||||
- SYS_CHROOT
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities3
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities4
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities5
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- bogus
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities6
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: addcapabilities7
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- CAP_CHOWN
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline0.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline0.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline0
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline1.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline1.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline1
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_RAW
|
||||
securityContext: {}
|
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline2.yaml
vendored
Executable file
18
staging/src/k8s.io/pod-security-admission/test/testdata/baseline/v1.15/fail/capabilities_baseline2.yaml
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: capabilities_baseline2
|
||||
spec:
|
||||
containers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: container1
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- chown
|
||||
initContainers:
|
||||
- image: k8s.gcr.io/pause
|
||||
name: initcontainer1
|
||||
securityContext:
|
||||
capabilities: {}
|
||||
securityContext: {}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user