github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 19:31:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #36542 from Random-Liu/clarify-cri-user

Browse Source 
Automatic merge from submit-queue

CRI: Clarify User in CRI.

Addressed https://github.com/kubernetes/kubernetes/pull/36423#issuecomment-259343135.

This PR clarifies the user related fields in CRI.

One question is that:
What is the meaning of the `run_as_user` field in `LinuxSandboxSecurityContext`?
* **Is it user on the host?** Then it doesn't make sense, user shouldn't care about what users are on the host.
* **Is it user inside the infra container image?** This is how the field is currently used. However, Infra container is docker specific, I'm not sure whether we should expose this in CRI.
* **Is it the default user inside the pod?** It tells runtime that if there is a container (infra container, or some other helper containers like streaming container etc.), if their `user` is not specified, use the default "sandbox user". Then how can we guarantee that infra or helper container image have the `user`?
* **It doesn't make sense?** If we remove it, we are relying on the shim to set right user (maybe always root) for infra or helper containers (if there will be any in the future), I'm not sure whether this is what we expect.

@yujuhong @feiskyer @jonboulle @yifan-gu 
/cc @kubernetes/sig-node
This commit is contained in:
Kubernetes Submit Queue 2016-11-16 01:45:37 -08:00 committed by GitHub
commit f4a7b64bf1
12 changed files with 383 additions and 288 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

477
pkg/kubelet/api/v1alpha1/runtime/api.pb.go
View File

@ -475,9 +475,8 @@ type LinuxSandboxSecurityContext struct {
NamespaceOptions *NamespaceOption `protobuf:"bytes,1,opt,name=namespace_options,json=namespaceOptions" json:"namespace_options,omitempty"`
// Optional SELinux context to be applied.
SelinuxOptions *SELinuxOption `protobuf:"bytes,2,opt,name=selinux_options,json=selinuxOptions" json:"selinux_options,omitempty"`
// User to run the entrypoint of the sandbox process. Can be either UID or
// user name.
RunAsUser *string `protobuf:"bytes,3,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"`
// UID to run sandbox processes as, when applicable.
RunAsUser *int64 `protobuf:"varint,3,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"`
// If set, the root filesystem of the sandbox is read-only.
ReadonlyRootfs *bool `protobuf:"varint,4,opt,name=readonly_rootfs,json=readonlyRootfs" json:"readonly_rootfs,omitempty"`
// List of groups applied to the first process run in the sandbox, in
@ -505,11 +504,11 @@ func (m *LinuxSandboxSecurityContext) GetSelinuxOptions() *SELinuxOption {
return nil
}
func (m *LinuxSandboxSecurityContext) GetRunAsUser() string {
func (m *LinuxSandboxSecurityContext) GetRunAsUser() int64 {
if m != nil && m.RunAsUser != nil {
return *m.RunAsUser
}
return ""
return 0
}
func (m *LinuxSandboxSecurityContext) GetReadonlyRootfs() bool {
@ -1336,15 +1335,18 @@ type LinuxContainerSecurityContext struct {
NamespaceOptions *NamespaceOption `protobuf:"bytes,3,opt,name=namespace_options,json=namespaceOptions" json:"namespace_options,omitempty"`
// SELinux context to be optionally applied.
SelinuxOptions *SELinuxOption `protobuf:"bytes,4,opt,name=selinux_options,json=selinuxOptions" json:"selinux_options,omitempty"`
// The user to run the the container process as. Can be either UID or user
// name.
// Defaults to user specified in image metadata if unspecified.
RunAsUser *string `protobuf:"bytes,5,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"`
// UID to run the container process as. Only one of run_as_user and
// run_as_username can be specified at a time.
RunAsUser *int64 `protobuf:"varint,5,opt,name=run_as_user,json=runAsUser" json:"run_as_user,omitempty"`
// User name to run the container process as. If specified, the user MUST
// exist in the container image (i.e. in the /etc/passwd inside the image),
// and be resolved there by the runtime; otherwise, the runtime MUST error.
RunAsUsername *string `protobuf:"bytes,6,opt,name=run_as_username,json=runAsUsername" json:"run_as_username,omitempty"`
// If set, the root filesystem of the container is read-only.
ReadonlyRootfs *bool `protobuf:"varint,6,opt,name=readonly_rootfs,json=readonlyRootfs" json:"readonly_rootfs,omitempty"`
ReadonlyRootfs *bool `protobuf:"varint,7,opt,name=readonly_rootfs,json=readonlyRootfs" json:"readonly_rootfs,omitempty"`
// List of groups applied to the first process run in the container, in
// addition to the container's primary GID.
SupplementalGroups []int64 `protobuf:"varint,7,rep,name=supplemental_groups,json=supplementalGroups" json:"supplemental_groups,omitempty"`
SupplementalGroups []int64 `protobuf:"varint,8,rep,name=supplemental_groups,json=supplementalGroups" json:"supplemental_groups,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
@ -1383,10 +1385,17 @@ func (m *LinuxContainerSecurityContext) GetSelinuxOptions() *SELinuxOption {
return nil
}
func (m *LinuxContainerSecurityContext) GetRunAsUser() string {
func (m *LinuxContainerSecurityContext) GetRunAsUser() int64 {
if m != nil && m.RunAsUser != nil {
return *m.RunAsUser
}
return 0
}
func (m *LinuxContainerSecurityContext) GetRunAsUsername() string {
if m != nil && m.RunAsUsername != nil {
return *m.RunAsUsername
}
return ""
}
@ -2441,8 +2450,13 @@ type Image struct {
RepoDigests []string `protobuf:"bytes,3,rep,name=repo_digests,json=repoDigests" json:"repo_digests,omitempty"`
// Size of the image in bytes.
Size_ *uint64 `protobuf:"varint,4,opt,name=size" json:"size,omitempty"`
// User that will run the command(s).
User *string `protobuf:"bytes,5,opt,name=user" json:"user,omitempty"`
// UID that will run the command(s). This is used as a default if no user is
// specified when creating the container. UID and the following user name
// are mutually exclusive.
Uid *int64 `protobuf:"varint,5,opt,name=uid" json:"uid,omitempty"`
// User name that will run the command(s). This is used if UID is not set
// and no user is specified when creating container.
Username *string `protobuf:"bytes,6,opt,name=username" json:"username,omitempty"`
XXX_unrecognized []byte `json:"-"`
}
@ -2479,9 +2493,16 @@ func (m *Image) GetSize_() uint64 {
return 0
}
func (m *Image) GetUser() string {
if m != nil && m.User != nil {
return *m.User
func (m *Image) GetUid() int64 {
if m != nil && m.Uid != nil {
return *m.Uid
}
return 0
}
func (m *Image) GetUsername() string {
if m != nil && m.Username != nil {
return *m.Username
}
return ""
}
@ -3805,214 +3826,216 @@ var _ImageService_serviceDesc = grpc.ServiceDesc{
}
var fileDescriptorApi = []byte{
// 3336 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xcc, 0x3a, 0xcd, 0x72, 0x1b, 0xc7,
0xd1, 0x04, 0x40, 0x80, 0x40, 0x83, 0x00, 0xc1, 0x21, 0x45, 0x42, 0xa0, 0x25, 0x51, 0x6b, 0xc9,
0x96, 0x64, 0x5b, 0x9f, 0xc5, 0x2f, 0xb1, 0x62, 0xd9, 0x92, 0x0d, 0x93, 0xb4, 0x43, 0x4b, 0x82,
0xe8, 0x85, 0xe4, 0xd8, 0xe5, 0xc3, 0x66, 0x85, 0x1d, 0x81, 0x2b, 0x01, 0xbb, 0xeb, 0xdd, 0x81,
0x2c, 0xe6, 0x92, 0x6b, 0x0e, 0x49, 0x55, 0xae, 0x39, 0x25, 0x87, 0x54, 0xb9, 0x92, 0xdc, 0x52,
0x95, 0xaa, 0xbc, 0x43, 0x2a, 0x0f, 0x90, 0x47, 0xc8, 0x2b, 0xe4, 0x94, 0x9a, 0xdf, 0x9d, 0xfd,
0xa3, 0x48, 0xd9, 0x15, 0xeb, 0xb6, 0xd3, 0xd3, 0xd3, 0xd3, 0xd3, 0xdd, 0xd3, 0x7f, 0x3b, 0xd0,
0xb0, 0x03, 0xf7, 0x6a, 0x10, 0xfa, 0xc4, 0x47, 0x0b, 0xe1, 0xcc, 0x23, 0xee, 0x14, 0x1b, 0x57,
0xa0, 0xfd, 0x39, 0x0e, 0x23, 0xd7, 0xf7, 0x4c, 0xfc, 0xf5, 0x0c, 0x47, 0x04, 0x75, 0x61, 0xe1,
0x29, 0x87, 0x74, 0x4b, 0x9b, 0xa5, 0x4b, 0x0d, 0x53, 0x0e, 0x8d, 0x6f, 0x4b, 0xb0, 0xa4, 0x90,
0xa3, 0xc0, 0xf7, 0x22, 0x5c, 0x8c, 0x8d, 0xce, 0xc3, 0xa2, 0xd8, 0xc4, 0xf2, 0xec, 0x29, 0xee,
0x96, 0xd9, 0x74, 0x53, 0xc0, 0x06, 0xf6, 0x14, 0xa3, 0xd7, 0x61, 0x49, 0xa2, 0x48, 0x22, 0x15,
0x86, 0xd5, 0x16, 0x60, 0xb1, 0x1b, 0xba, 0x0a, 0x2b, 0x12, 0xd1, 0x0e, 0x5c, 0x85, 0x3c, 0xcf,
0x90, 0x97, 0xc5, 0x54, 0x3f, 0x70, 0x05, 0xbe, 0xf1, 0x15, 0x34, 0x76, 0x06, 0xc3, 0x6d, 0xdf,
0x7b, 0xe4, 0x8e, 0x29, 0x8b, 0x11, 0x0e, 0xe9, 0x9a, 0x6e, 0x69, 0xb3, 0x42, 0x59, 0x14, 0x43,
0xd4, 0x83, 0x7a, 0x84, 0xed, 0x70, 0x74, 0x80, 0xa3, 0x6e, 0x99, 0x4d, 0xa9, 0x31, 0x5d, 0xe5,
0x07, 0xc4, 0xf5, 0xbd, 0xa8, 0x5b, 0xe1, 0xab, 0xc4, 0xd0, 0xf8, 0x5d, 0x09, 0x9a, 0xfb, 0x7e,
0x48, 0xee, 0xda, 0x41, 0xe0, 0x7a, 0x63, 0xf4, 0x16, 0xd4, 0x99, 0x50, 0x47, 0xfe, 0x84, 0xc9,
0xa0, 0xbd, 0xb5, 0x7c, 0x55, 0xb0, 0x74, 0x75, 0x5f, 0x4c, 0x98, 0x0a, 0x05, 0x5d, 0x84, 0xf6,
0xc8, 0xf7, 0x88, 0xed, 0x7a, 0x38, 0xb4, 0x02, 0x3f, 0x24, 0x4c, 0x32, 0x55, 0xb3, 0xa5, 0xa0,
0x94, 0x38, 0xda, 0x80, 0xc6, 0x81, 0x1f, 0x11, 0x8e, 0x51, 0x61, 0x18, 0x75, 0x0a, 0x60, 0x93,
0xeb, 0xb0, 0xc0, 0x26, 0xdd, 0x40, 0xc8, 0xa0, 0x46, 0x87, 0x7b, 0x81, 0xf1, 0xdb, 0x12, 0x54,
0xef, 0xfa, 0x33, 0x8f, 0xa4, 0xb6, 0xb1, 0xc9, 0x81, 0xd0, 0x8f, 0xb6, 0x8d, 0x4d, 0x0e, 0xe2,
0x6d, 0x28, 0x06, 0x57, 0x11, 0xdf, 0x86, 0x4e, 0xf6, 0xa0, 0x1e, 0x62, 0xdb, 0xf1, 0xbd, 0xc9,
0x21, 0x63, 0xa1, 0x6e, 0xaa, 0x31, 0xd5, 0x5d, 0x84, 0x27, 0xae, 0x37, 0x7b, 0x66, 0x85, 0x78,
0x62, 0x3f, 0xc4, 0x13, 0xc6, 0x4a, 0xdd, 0x6c, 0x0b, 0xb0, 0xc9, 0xa1, 0xc6, 0x63, 0x58, 0xa2,
0xca, 0x8e, 0x02, 0x7b, 0x84, 0xef, 0x31, 0x11, 0x52, 0xd3, 0x60, 0x9b, 0x7a, 0x98, 0x7c, 0xe3,
0x87, 0x4f, 0x18, 0x67, 0x75, 0xb3, 0x49, 0x61, 0x03, 0x0e, 0x42, 0xa7, 0xa1, 0xce, 0xf9, 0x72,
0x1d, 0xc6, 0x56, 0xdd, 0x64, 0x27, 0xde, 0x77, 0x1d, 0x35, 0xe5, 0x06, 0x23, 0xc1, 0xd5, 0x02,
0x3f, 0xfd, 0xc8, 0xf8, 0x7d, 0x19, 0x36, 0xee, 0xd0, 0xcd, 0x87, 0xb6, 0xe7, 0x3c, 0xf4, 0x9f,
0x0d, 0xf1, 0x68, 0x16, 0xba, 0xe4, 0x70, 0xdb, 0xf7, 0x08, 0x7e, 0x46, 0xd0, 0x2e, 0x2c, 0x7b,
0x92, 0x17, 0x4b, 0xaa, 0x97, 0xee, 0xde, 0xdc, 0xea, 0x2a, 0x9d, 0xa5, 0xb8, 0x35, 0x3b, 0x5e,
0x12, 0x10, 0xa1, 0x0f, 0xe2, 0xb3, 0x4b, 0x22, 0x65, 0x46, 0x64, 0x4d, 0x11, 0x19, 0xee, 0x32,
0x3e, 0x04, 0x09, 0x29, 0x13, 0x49, 0xe0, 0x2c, 0xd0, 0x7b, 0x60, 0xd9, 0x91, 0x35, 0x8b, 0x70,
0x28, 0x8c, 0xbe, 0x11, 0xce, 0xbc, 0x7e, 0xf4, 0x20, 0xc2, 0x21, 0xbb, 0x18, 0x42, 0xd0, 0x56,
0xe8, 0xfb, 0xe4, 0x51, 0x24, 0x85, 0x2b, 0xc1, 0x26, 0x83, 0xa2, 0xff, 0x83, 0x95, 0x68, 0x16,
0x04, 0x13, 0x3c, 0xc5, 0x1e, 0xb1, 0x27, 0xd6, 0x38, 0xf4, 0x67, 0x41, 0xd4, 0xad, 0x6e, 0x56,
0x2e, 0x55, 0x4c, 0xa4, 0x4f, 0x7d, 0xc2, 0x66, 0x8c, 0xdf, 0x94, 0xe0, 0x14, 0xe3, 0x6c, 0xdf,
0x77, 0x84, 0x90, 0xc4, 0x35, 0x79, 0x15, 0x5a, 0x23, 0xb6, 0xdc, 0x0a, 0xec, 0x10, 0x7b, 0x44,
0xd8, 0xcb, 0x22, 0x07, 0xee, 0x33, 0x18, 0xba, 0x07, 0x9d, 0x48, 0xc8, 0xd4, 0x1a, 0x71, 0xa1,
0x8a, 0xa3, 0x5f, 0x50, 0x47, 0x3f, 0x42, 0x01, 0xe6, 0x52, 0x94, 0x04, 0x18, 0x21, 0xa0, 0x98,
0x93, 0xbb, 0x98, 0xd8, 0x8e, 0x4d, 0x6c, 0x84, 0x60, 0x9e, 0xf9, 0x0c, 0xce, 0x02, 0xfb, 0x46,
0x1d, 0xa8, 0xcc, 0x84, 0x31, 0x34, 0x4c, 0xfa, 0x89, 0x5e, 0x81, 0x86, 0x52, 0x8d, 0x94, 0xa1,
0x02, 0xd0, 0x0b, 0x6c, 0x13, 0x82, 0xa7, 0x01, 0x61, 0xb2, 0x6b, 0x99, 0x72, 0x68, 0xfc, 0x7d,
0x1e, 0x3a, 0x99, 0xe3, 0x5f, 0x87, 0xfa, 0x54, 0x6c, 0x2f, 0x2c, 0x62, 0x23, 0xbe, 0xc5, 0x19,
0x0e, 0x4d, 0x85, 0x4c, 0x2f, 0x09, 0x35, 0x3f, 0xcd, 0xc7, 0xa9, 0x31, 0x95, 0xe9, 0xc4, 0x1f,
0x5b, 0x8e, 0x1b, 0xe2, 0x11, 0xf1, 0xc3, 0x43, 0xc1, 0xe5, 0xe2, 0xc4, 0x1f, 0xef, 0x48, 0x18,
0xba, 0x06, 0xe0, 0x78, 0x11, 0x15, 0xe7, 0x23, 0x77, 0xcc, 0x78, 0x6d, 0x6e, 0x21, 0xb5, 0xb7,
0xf2, 0x63, 0x66, 0xc3, 0xf1, 0x22, 0xc1, 0xec, 0xbb, 0xd0, 0xa2, 0x7e, 0xc1, 0x9a, 0x72, 0x17,
0xc4, 0x15, 0xde, 0xdc, 0x5a, 0xd5, 0x38, 0x56, 0xfe, 0xc9, 0x5c, 0x0c, 0xe2, 0x41, 0x84, 0x6e,
0x42, 0x8d, 0xdd, 0xcb, 0xa8, 0x5b, 0x63, 0x6b, 0x2e, 0xe6, 0x9c, 0x92, 0xef, 0x72, 0xf5, 0x0e,
0xc3, 0xdb, 0xf5, 0x48, 0x78, 0x68, 0x8a, 0x45, 0xe8, 0x0e, 0x34, 0x6d, 0xcf, 0xf3, 0x89, 0xcd,
0xcd, 0x7e, 0x81, 0xd1, 0xb8, 0x52, 0x4c, 0xa3, 0x1f, 0x23, 0x73, 0x42, 0xfa, 0x72, 0xf4, 0x23,
0xa8, 0xb2, 0x7b, 0xd1, 0xad, 0xb3, 0x53, 0x9f, 0x4d, 0xda, 0x50, 0x9a, 0x98, 0xc9, 0x91, 0x7b,
0xef, 0x42, 0x53, 0x63, 0x8d, 0x1a, 0xc6, 0x13, 0x7c, 0x28, 0x6c, 0x85, 0x7e, 0xa2, 0x55, 0xa8,
0x3e, 0xb5, 0x27, 0x33, 0xa9, 0x0f, 0x3e, 0xb8, 0x51, 0xfe, 0x49, 0xa9, 0x77, 0x0b, 0x3a, 0x69,
0x8e, 0x4e, 0xb2, 0xde, 0xd8, 0x83, 0x55, 0x73, 0xe6, 0xc5, 0x8c, 0xc9, 0xa0, 0x79, 0x0d, 0x6a,
0x42, 0x7f, 0xdc, 0x76, 0x4e, 0x17, 0x4a, 0xc4, 0x14, 0x88, 0xc6, 0x4d, 0x38, 0x95, 0x22, 0x25,
0x42, 0xea, 0x05, 0x68, 0x07, 0xbe, 0x63, 0x45, 0x1c, 0x6c, 0xb9, 0x8e, 0xbc, 0x89, 0x81, 0xc2,
0xdd, 0x73, 0xe8, 0xf2, 0x21, 0xf1, 0x83, 0x2c, 0x2b, 0xc7, 0x5b, 0xde, 0x85, 0xb5, 0xf4, 0x72,
0xbe, 0xbd, 0xf1, 0x01, 0xac, 0x9b, 0x78, 0xea, 0x3f, 0xc5, 0x2f, 0x4a, 0xba, 0x07, 0xdd, 0x2c,
0x81, 0x98, 0x78, 0x0c, 0x1d, 0x12, 0x9b, 0xcc, 0xa2, 0x93, 0x11, 0xbf, 0xac, 0x13, 0x10, 0xc1,
0x82, 0xd3, 0x41, 0x6d, 0x28, 0xbb, 0x81, 0x58, 0x54, 0x76, 0x03, 0xe3, 0x4b, 0x68, 0x0c, 0x74,
0x6f, 0xa0, 0x47, 0x9b, 0x86, 0x29, 0x87, 0x68, 0x2b, 0x0e, 0xf4, 0xe5, 0xe7, 0x44, 0x02, 0x95,
0x02, 0xdc, 0xce, 0x38, 0x51, 0xc1, 0xc3, 0x16, 0x80, 0xf2, 0x40, 0x32, 0xb2, 0xa0, 0x2c, 0x3d,
0x53, 0xc3, 0x32, 0xfe, 0x98, 0x70, 0x47, 0xda, 0x61, 0x1c, 0x75, 0x18, 0x27, 0xe1, 0x9e, 0xca,
0x27, 0x71, 0x4f, 0x57, 0xa1, 0x1a, 0x11, 0x9b, 0x70, 0x07, 0xd9, 0xd6, 0x0e, 0x97, 0xdc, 0x12,
0x9b, 0x1c, 0x0d, 0x9d, 0x01, 0x18, 0x85, 0xd8, 0x26, 0xd8, 0xb1, 0x6c, 0xee, 0x39, 0x2b, 0x66,
0x43, 0x40, 0xfa, 0x04, 0xdd, 0x88, 0xe5, 0x58, 0x65, 0x6c, 0x6c, 0xe6, 0x10, 0x4c, 0xe8, 0x25,
0x96, 0xb4, 0xba, 0xed, 0xb5, 0xa3, 0x6f, 0xbb, 0x58, 0xc7, 0x91, 0x35, 0x87, 0xb5, 0x50, 0xe8,
0xb0, 0xf8, 0x8a, 0xe3, 0x38, 0xac, 0x7a, 0xa1, 0xc3, 0x12, 0x34, 0x8e, 0x74, 0x58, 0x3f, 0xa4,
0xeb, 0xb9, 0x0b, 0xdd, 0xec, 0xd5, 0x11, 0x2e, 0xe3, 0x1a, 0xd4, 0x22, 0x06, 0x39, 0xc2, 0xfd,
0x88, 0x25, 0x02, 0xd1, 0xf8, 0x77, 0x49, 0xb7, 0xba, 0x8f, 0xdd, 0x09, 0xc1, 0x61, 0xc6, 0xea,
0x94, 0xf1, 0x94, 0x8f, 0x67, 0x3c, 0x43, 0x68, 0x33, 0xb1, 0x5b, 0x11, 0x9e, 0xb0, 0xe8, 0xc6,
0x72, 0xe7, 0xe6, 0xd6, 0x9b, 0x39, 0x0b, 0xf9, 0x96, 0x5c, 0x67, 0x43, 0x81, 0xce, 0x25, 0xde,
0x9a, 0xe8, 0xb0, 0xde, 0x87, 0x80, 0xb2, 0x48, 0x27, 0x12, 0xdd, 0xa7, 0xf4, 0xba, 0xd2, 0xd4,
0x39, 0xc7, 0x6d, 0x3f, 0x62, 0x6c, 0x1c, 0x21, 0x37, 0xce, 0xa7, 0x29, 0x10, 0x8d, 0x3f, 0x54,
0x00, 0xe2, 0xc9, 0x97, 0xf6, 0x9e, 0x5e, 0x57, 0xb7, 0x86, 0xa7, 0x06, 0xe7, 0x72, 0xe8, 0xe5,
0xde, 0x97, 0x8f, 0x93, 0xf7, 0x85, 0x27, 0x09, 0x17, 0xf2, 0x56, 0xbf, 0xb4, 0x37, 0x65, 0x1b,
0xd6, 0xd2, 0xea, 0x16, 0xf7, 0xe4, 0x32, 0x54, 0x5d, 0x82, 0xa7, 0xbc, 0x10, 0x6c, 0x6e, 0xad,
0xe4, 0x1c, 0xcb, 0xe4, 0x18, 0xc6, 0x79, 0x68, 0xec, 0x4d, 0xed, 0x31, 0x1e, 0x06, 0x78, 0x44,
0xf7, 0x72, 0xe9, 0x40, 0xec, 0xcf, 0x07, 0xc6, 0x16, 0xd4, 0x6f, 0xe3, 0xc3, 0xcf, 0xe9, 0xbe,
0xc7, 0xe5, 0xcf, 0xf8, 0x47, 0x09, 0xd6, 0x99, 0xbb, 0xdb, 0x96, 0x65, 0x98, 0x89, 0x23, 0x7f,
0x16, 0x8e, 0x70, 0xc4, 0x54, 0x1a, 0xcc, 0xac, 0x00, 0x87, 0xae, 0xcf, 0x6d, 0x8a, 0xaa, 0x34,
0x98, 0xed, 0x33, 0x00, 0x2d, 0xd5, 0xe8, 0xf4, 0xd7, 0x33, 0x5f, 0xd8, 0x56, 0xc5, 0xac, 0x8f,
0x82, 0xd9, 0x67, 0x74, 0x2c, 0xd7, 0x46, 0x07, 0x76, 0x88, 0x23, 0x66, 0x43, 0x7c, 0xed, 0x90,
0x01, 0xd0, 0x35, 0x38, 0x35, 0xc5, 0x53, 0x3f, 0x3c, 0xb4, 0x26, 0xee, 0xd4, 0x25, 0x96, 0xeb,
0x59, 0x0f, 0x0f, 0x09, 0x8e, 0x84, 0xe1, 0x20, 0x3e, 0x79, 0x87, 0xce, 0xed, 0x79, 0x1f, 0xd1,
0x19, 0x64, 0x40, 0xcb, 0xf7, 0xa7, 0x56, 0x34, 0xf2, 0x43, 0x6c, 0xd9, 0xce, 0x63, 0xe6, 0xef,
0x2b, 0x66, 0xd3, 0xf7, 0xa7, 0x43, 0x0a, 0xeb, 0x3b, 0x8f, 0x0d, 0x1b, 0x5a, 0x89, 0x42, 0x87,
0x26, 0xee, 0xac, 0xa2, 0x11, 0x89, 0x3b, 0xfd, 0xa6, 0xb0, 0xd0, 0x9f, 0x48, 0x39, 0xb0, 0x6f,
0x0a, 0x23, 0x87, 0x81, 0xcc, 0xda, 0xd9, 0x37, 0x15, 0xd8, 0x04, 0x3f, 0x15, 0x75, 0x64, 0xc3,
0xe4, 0x03, 0xc3, 0x01, 0xd8, 0xb6, 0x03, 0xfb, 0xa1, 0x3b, 0x71, 0xc9, 0x21, 0xba, 0x0c, 0x1d,
0xdb, 0x71, 0xac, 0x91, 0x84, 0xb8, 0x58, 0x16, 0xf5, 0x4b, 0xb6, 0xe3, 0x6c, 0x6b, 0x60, 0xf4,
0x06, 0x2c, 0x3b, 0xa1, 0x1f, 0x24, 0x71, 0x79, 0x95, 0xdf, 0xa1, 0x13, 0x3a, 0xb2, 0xf1, 0x9f,
0x32, 0x9c, 0x49, 0xaa, 0x25, 0x5d, 0x3a, 0x5e, 0x87, 0xc5, 0xd4, 0xae, 0xa5, 0x84, 0x05, 0xc5,
0x4c, 0x9a, 0x09, 0x44, 0x74, 0x16, 0x20, 0x08, 0xdd, 0xa7, 0xee, 0x04, 0x8f, 0xb1, 0xac, 0x65,
0x35, 0x48, 0x7e, 0x4d, 0x5a, 0xf9, 0x3e, 0x6a, 0xd2, 0xf9, 0xef, 0x52, 0x93, 0x56, 0x8f, 0x51,
0x93, 0xd6, 0x4e, 0x52, 0x93, 0x2e, 0x14, 0xd6, 0xa4, 0x7f, 0x2a, 0xc1, 0x6a, 0x52, 0xf8, 0xa2,
0xcc, 0xb9, 0x05, 0x8d, 0x50, 0xde, 0x0e, 0x21, 0xf0, 0xcd, 0x64, 0xd2, 0x90, 0xbd, 0x45, 0x66,
0xbc, 0x04, 0x7d, 0x56, 0x58, 0xad, 0xbe, 0x56, 0x40, 0xe6, 0xb9, 0xf5, 0x6a, 0x1f, 0x96, 0x15,
0xf2, 0x91, 0xe5, 0xaa, 0x56, 0x7e, 0x96, 0x93, 0xe5, 0xa7, 0x07, 0xb5, 0x1d, 0xfc, 0xd4, 0x1d,
0xe1, 0xef, 0xa5, 0x47, 0xb3, 0x09, 0xcd, 0x00, 0x87, 0x53, 0x37, 0x8a, 0x94, 0xe1, 0x34, 0x4c,
0x1d, 0x64, 0xfc, 0xab, 0x0a, 0x4b, 0x69, 0xc9, 0xbe, 0x93, 0xa9, 0x76, 0x7b, 0xb1, 0x25, 0xa7,
0xcf, 0xa7, 0x45, 0xa9, 0x4b, 0xd2, 0x11, 0x96, 0x53, 0xa9, 0xad, 0xf2, 0x95, 0xc2, 0x39, 0xd2,
0xf3, 0x8f, 0xfc, 0xe9, 0xd4, 0xf6, 0x1c, 0xd9, 0x3f, 0x13, 0x43, 0x2a, 0x2d, 0x3b, 0x1c, 0x53,
0xf3, 0xa4, 0x60, 0xf6, 0x8d, 0xce, 0x41, 0x93, 0xa6, 0x88, 0xae, 0xc7, 0x8a, 0x65, 0x61, 0x7c,
0x20, 0x40, 0x3b, 0x6e, 0x88, 0x2e, 0xc2, 0x3c, 0xf6, 0x9e, 0xca, 0x78, 0x14, 0x37, 0xd8, 0xa4,
0x03, 0x36, 0xd9, 0x34, 0x7a, 0x0d, 0x6a, 0x53, 0x7f, 0xe6, 0x11, 0x99, 0x2c, 0xb6, 0x15, 0x22,
0xeb, 0x8a, 0x99, 0x62, 0x16, 0x5d, 0x86, 0x05, 0x87, 0xe9, 0x40, 0x66, 0x84, 0x4b, 0x71, 0xc1,
0xcd, 0xe0, 0xa6, 0x9c, 0x47, 0xef, 0xab, 0x48, 0xda, 0x48, 0xc5, 0xc2, 0x94, 0x50, 0x73, 0xc3,
0xe9, 0xed, 0x64, 0x38, 0x05, 0x46, 0xe2, 0x72, 0x21, 0x89, 0xa3, 0xcb, 0xe5, 0xd3, 0x50, 0x9f,
0xf8, 0x63, 0x6e, 0x07, 0x4d, 0x5e, 0xc5, 0x4c, 0xfc, 0x31, 0x33, 0x83, 0x55, 0x9a, 0x3e, 0x38,
0xae, 0xd7, 0x5d, 0x64, 0x77, 0x92, 0x0f, 0x68, 0x54, 0x60, 0x1f, 0x96, 0xef, 0x8d, 0x70, 0xb7,
0xc5, 0xa6, 0x1a, 0x0c, 0x72, 0xcf, 0x1b, 0xb1, 0xa0, 0x45, 0xc8, 0x61, 0xb7, 0xcd, 0xe0, 0xf4,
0x13, 0xfd, 0xbf, 0x4c, 0xd1, 0x97, 0x98, 0x7e, 0xcf, 0x14, 0x5c, 0x93, 0x97, 0xa6, 0x1e, 0xff,
0x6b, 0x09, 0xd6, 0xb6, 0x59, 0xd2, 0xa3, 0x79, 0x82, 0x13, 0xd4, 0x93, 0xe8, 0x6d, 0x55, 0xb8,
0xa7, 0x8b, 0xbf, 0xf4, 0x61, 0x05, 0x1e, 0xfa, 0x10, 0xda, 0x92, 0xa6, 0x58, 0x59, 0x79, 0x5e,
0xc9, 0xdf, 0x8a, 0xf4, 0xa1, 0xf1, 0x3e, 0xac, 0x67, 0x78, 0x16, 0x09, 0xca, 0x79, 0x58, 0x8c,
0x3d, 0x82, 0x62, 0xb9, 0xa9, 0x60, 0x7b, 0x8e, 0x71, 0x83, 0x16, 0xfe, 0x76, 0x48, 0x32, 0x07,
0x3e, 0xc6, 0x5a, 0x56, 0xf5, 0x27, 0xd7, 0x8a, 0xc2, 0x7c, 0x08, 0xab, 0x43, 0xe2, 0x07, 0x2f,
0x40, 0x94, 0xde, 0x74, 0x7a, 0x6c, 0x7f, 0x46, 0x44, 0x56, 0x22, 0x87, 0xc6, 0x3a, 0xef, 0x51,
0x64, 0x77, 0x7b, 0x0f, 0xd6, 0x78, 0x8b, 0xe0, 0x45, 0x0e, 0x71, 0x5a, 0x36, 0x28, 0xb2, 0x74,
0x7f, 0x5d, 0xd6, 0x5c, 0x5d, 0x41, 0x4d, 0xf3, 0x56, 0xb2, 0xa6, 0x59, 0xcf, 0x2a, 0x3c, 0x91,
0x67, 0x67, 0xcd, 0xa8, 0x92, 0x63, 0x46, 0x66, 0xa6, 0xf0, 0x99, 0x67, 0x37, 0xfd, 0x8d, 0x2c,
0xf5, 0xff, 0x61, 0xdd, 0xb3, 0xc7, 0xeb, 0x1e, 0xb5, 0xb5, 0xea, 0xb5, 0xbc, 0x9d, 0xaa, 0x7b,
0xba, 0x45, 0x6c, 0xaa, 0xb2, 0xe7, 0x57, 0xf3, 0xd0, 0x50, 0x73, 0x19, 0x99, 0x66, 0x85, 0x54,
0xce, 0x11, 0x92, 0x1e, 0x74, 0x2a, 0x2f, 0x12, 0x74, 0xe6, 0x9f, 0x17, 0x74, 0x36, 0xa0, 0xc1,
0x3e, 0xac, 0x10, 0x3f, 0x12, 0x41, 0xa4, 0xce, 0x00, 0x26, 0x7e, 0x14, 0x2b, 0xbe, 0x76, 0x2c,
0xc5, 0x27, 0x0b, 0xac, 0x85, 0x74, 0x81, 0xf5, 0x8e, 0x0a, 0x0b, 0x3c, 0x80, 0x9c, 0xcd, 0x92,
0xcb, 0x0d, 0x08, 0xbb, 0xc9, 0x80, 0xc0, 0x63, 0xca, 0xab, 0x39, 0x8b, 0x5f, 0xda, 0xf2, 0xea,
0x0e, 0x2f, 0xaf, 0x74, 0xab, 0x12, 0xde, 0x6b, 0x0b, 0x40, 0x5d, 0x54, 0x59, 0x63, 0xa1, 0xec,
0xd1, 0x4c, 0x0d, 0x8b, 0xba, 0x82, 0x84, 0xfc, 0xe3, 0x86, 0xe0, 0x31, 0x5c, 0xc1, 0x5f, 0xf4,
0xd4, 0xa6, 0xa0, 0x73, 0xf6, 0x4e, 0xa6, 0x22, 0x3f, 0x9e, 0xd5, 0xbd, 0x95, 0x2c, 0xc8, 0x4f,
0x66, 0x2e, 0x99, 0x7a, 0x9c, 0x45, 0x62, 0x3b, 0x14, 0xd3, 0xbc, 0x94, 0x6a, 0x08, 0x48, 0x9f,
0xd0, 0xfc, 0xe7, 0x91, 0xeb, 0xb9, 0xd1, 0x01, 0x9f, 0xaf, 0xb1, 0x79, 0x90, 0xa0, 0x3e, 0xfb,
0x1d, 0x88, 0x9f, 0xb9, 0xc4, 0x1a, 0xf9, 0x0e, 0x66, 0xc6, 0x58, 0x35, 0xeb, 0x14, 0xb0, 0xed,
0x3b, 0x38, 0xbe, 0x20, 0xf5, 0x13, 0x5d, 0x90, 0x46, 0xea, 0x82, 0xac, 0x41, 0x2d, 0xc4, 0x76,
0xe4, 0x7b, 0x5d, 0xe0, 0x3f, 0x15, 0xf9, 0x88, 0x3a, 0xf8, 0x29, 0x8e, 0x22, 0xba, 0x81, 0xc8,
0x3a, 0xc4, 0x50, 0xcb, 0x8d, 0x16, 0x8b, 0x72, 0xa3, 0x23, 0x5a, 0x73, 0xa9, 0xdc, 0xa8, 0x55,
0x94, 0x1b, 0x1d, 0xa7, 0x33, 0xa7, 0x65, 0x7e, 0xed, 0xa3, 0x32, 0xbf, 0x1f, 0xf2, 0xe2, 0xdc,
0x86, 0xf5, 0x8c, 0xa9, 0x8b, 0x9b, 0xf3, 0x76, 0xaa, 0x81, 0xd7, 0x2d, 0x92, 0x82, 0xea, 0xdf,
0xfd, 0x1c, 0x96, 0x76, 0x9f, 0xe1, 0xd1, 0xf0, 0xd0, 0x1b, 0x9d, 0x20, 0x56, 0x77, 0xa0, 0x32,
0x9a, 0x3a, 0xa2, 0x0c, 0xa6, 0x9f, 0x7a, 0xf4, 0xae, 0x24, 0xa3, 0xb7, 0x05, 0x9d, 0x78, 0x07,
0xc1, 0xe7, 0x1a, 0xe5, 0xd3, 0xa1, 0xc8, 0x94, 0xf8, 0xa2, 0x29, 0x46, 0x02, 0x8e, 0xc3, 0x90,
0x9d, 0x9a, 0xc3, 0x71, 0x18, 0x26, 0xcd, 0xb6, 0x92, 0x34, 0x5b, 0xe3, 0x31, 0x34, 0xe9, 0x06,
0xdf, 0x89, 0x7d, 0x91, 0xc2, 0x56, 0xe2, 0x14, 0x56, 0x65, 0xc2, 0xf3, 0x5a, 0x26, 0x6c, 0x6c,
0xc2, 0x22, 0xdf, 0x4b, 0x1c, 0xa4, 0x03, 0x95, 0x59, 0x38, 0x91, 0x7a, 0x9b, 0x85, 0x13, 0xe3,
0xa7, 0xd0, 0xea, 0x13, 0x62, 0x8f, 0x0e, 0x4e, 0xc0, 0x8f, 0xda, 0xab, 0xac, 0xef, 0x65, 0x40,
0x5b, 0x52, 0x2a, 0xdc, 0x6d, 0x00, 0x68, 0xdf, 0x0f, 0xc9, 0xc7, 0x7e, 0xf8, 0x8d, 0x1d, 0x3a,
0x27, 0xcb, 0x59, 0x11, 0xcc, 0x8b, 0x77, 0x03, 0x95, 0x4b, 0x55, 0x93, 0x7d, 0x1b, 0xaf, 0xc3,
0x4a, 0x82, 0x5e, 0xe1, 0xc6, 0xd7, 0xa1, 0xc9, 0xbc, 0x82, 0xc8, 0x8e, 0x2e, 0xe9, 0x9d, 0xad,
0xa3, 0x5c, 0x07, 0xad, 0x7c, 0xa9, 0xdb, 0x67, 0x70, 0xe5, 0xa3, 0xdf, 0x4c, 0x25, 0x12, 0xab,
0xc9, 0xf5, 0xa9, 0x24, 0xe2, 0x97, 0x50, 0x65, 0xe0, 0x8c, 0x8f, 0xde, 0xa0, 0x85, 0x7e, 0xe0,
0x5b, 0xc4, 0x1e, 0xab, 0x97, 0x18, 0x14, 0x70, 0xdf, 0x1e, 0x47, 0xec, 0x21, 0x09, 0x9d, 0x74,
0xdc, 0x31, 0x8e, 0x88, 0x7c, 0x8e, 0xd1, 0xa4, 0xb0, 0x1d, 0x0e, 0xa2, 0x12, 0x89, 0xdc, 0x5f,
0xf0, 0x04, 0x61, 0xde, 0x64, 0xdf, 0xaa, 0x15, 0x55, 0x8d, 0x5b, 0x51, 0xc6, 0xfb, 0x80, 0xf4,
0x33, 0x08, 0x21, 0xbd, 0x06, 0x35, 0x76, 0x44, 0x19, 0xb2, 0xda, 0xc9, 0x43, 0x98, 0x62, 0xd6,
0xb8, 0x05, 0x88, 0x4b, 0x25, 0x11, 0xa6, 0x8e, 0x2f, 0xc1, 0xf7, 0x60, 0x25, 0xb1, 0x5e, 0xfd,
0xef, 0x4b, 0x10, 0x48, 0xef, 0x2e, 0x16, 0xff, 0xb3, 0x04, 0xd0, 0x9f, 0x91, 0x03, 0x51, 0xc0,
0xf7, 0xa0, 0x4e, 0x4f, 0xa4, 0xb5, 0x1d, 0xd4, 0x98, 0xce, 0x05, 0x76, 0x14, 0x7d, 0xe3, 0x87,
0x32, 0x0f, 0x53, 0x63, 0x56, 0x7c, 0xcf, 0xc8, 0x81, 0x6c, 0xbc, 0xd1, 0x6f, 0x74, 0x11, 0xda,
0xfc, 0x45, 0x8c, 0x65, 0x3b, 0x4e, 0x88, 0xa3, 0x48, 0x74, 0xe0, 0x5a, 0x1c, 0xda, 0xe7, 0x40,
0x8a, 0xe6, 0x3a, 0xd8, 0x23, 0x2e, 0x39, 0xb4, 0x88, 0xff, 0x04, 0x7b, 0x42, 0xb4, 0x2d, 0x09,
0xbd, 0x4f, 0x81, 0x14, 0x2d, 0xc4, 0x63, 0x37, 0x22, 0xa1, 0x44, 0xab, 0x71, 0x34, 0x09, 0x65,
0x68, 0xc6, 0xb7, 0x25, 0xe8, 0xec, 0xcf, 0x26, 0x13, 0x7e, 0xc8, 0x93, 0xca, 0x12, 0xbd, 0x2e,
0xce, 0x51, 0x4e, 0xb5, 0xe1, 0x62, 0x11, 0x89, 0xc3, 0x7d, 0xf7, 0x72, 0x6d, 0x05, 0x96, 0x35,
0x46, 0x45, 0xa5, 0x71, 0x0b, 0x10, 0x2f, 0x42, 0x5e, 0x8c, 0x7f, 0xe3, 0x14, 0xac, 0x24, 0xd6,
0x0b, 0xb2, 0x57, 0xa0, 0x25, 0x7e, 0x9e, 0x09, 0x3d, 0x9f, 0x86, 0x3a, 0xf5, 0x08, 0x23, 0xd7,
0x91, 0x4d, 0xd5, 0x85, 0xc0, 0x77, 0xb6, 0x5d, 0x27, 0x34, 0x06, 0xd0, 0x32, 0x39, 0x79, 0x81,
0x7b, 0x13, 0xda, 0xe2, 0x57, 0x9b, 0x95, 0xf8, 0x19, 0x1d, 0x77, 0x00, 0x13, 0xb4, 0xcd, 0x96,
0xa7, 0x0f, 0x8d, 0xaf, 0xa0, 0xf7, 0x20, 0x70, 0x68, 0x4a, 0xa3, 0x53, 0x95, 0x47, 0xbb, 0x09,
0xf2, 0x51, 0x56, 0x11, 0xf1, 0xe4, 0xb2, 0x56, 0xa8, 0x0f, 0x8d, 0x33, 0xb0, 0x91, 0x4b, 0x5c,
0x9c, 0x3b, 0x80, 0x4e, 0x3c, 0xe1, 0xb8, 0xb2, 0x97, 0xcc, 0x7a, 0xc4, 0x25, 0xad, 0x47, 0xbc,
0xa6, 0xe2, 0x24, 0xf7, 0xb8, 0x62, 0xa4, 0xa5, 0x2e, 0x95, 0xa2, 0xd4, 0x65, 0x3e, 0x91, 0xba,
0x18, 0x9f, 0x2a, 0xe9, 0x89, 0xbc, 0xf1, 0x5d, 0x96, 0xbc, 0xf2, 0xbd, 0xa5, 0x27, 0x38, 0x9d,
0x73, 0x38, 0x8e, 0x61, 0x6a, 0xc8, 0xc6, 0x12, 0xb4, 0x12, 0x3e, 0xc1, 0xf8, 0x10, 0xda, 0xa9,
0x4b, 0x7e, 0x35, 0x15, 0xe0, 0x33, 0x62, 0x4b, 0x86, 0xf7, 0x2b, 0xaf, 0x40, 0x5d, 0xbe, 0x1d,
0x43, 0x0b, 0x50, 0xb9, 0xbf, 0xbd, 0xdf, 0x99, 0xa3, 0x1f, 0x0f, 0x76, 0xf6, 0x3b, 0xa5, 0x2b,
0x37, 0x60, 0x29, 0xf5, 0x5b, 0x08, 0x2d, 0x43, 0x6b, 0xd8, 0x1f, 0xec, 0x7c, 0x74, 0xef, 0x0b,
0xcb, 0xdc, 0xed, 0xef, 0x7c, 0xd9, 0x99, 0x43, 0xab, 0xd0, 0x91, 0xa0, 0xc1, 0xbd, 0xfb, 0x1c,
0x5a, 0xba, 0xf2, 0x04, 0xda, 0xc9, 0x0c, 0x16, 0x9d, 0x82, 0xe5, 0xed, 0x7b, 0x83, 0xfb, 0xfd,
0xbd, 0xc1, 0xae, 0x69, 0x6d, 0x9b, 0xbb, 0xfd, 0xfb, 0xbb, 0x3b, 0x9d, 0xb9, 0x24, 0xd8, 0x7c,
0x30, 0x18, 0xec, 0x0d, 0x3e, 0xe9, 0x94, 0x28, 0xd5, 0x18, 0xbc, 0xfb, 0xc5, 0x1e, 0x45, 0x2e,
0x27, 0x91, 0x1f, 0x0c, 0x6e, 0x0f, 0xee, 0xfd, 0x6c, 0xd0, 0xa9, 0x6c, 0xfd, 0xb9, 0x09, 0x6d,
0x79, 0x40, 0x1c, 0xb2, 0xa6, 0xe7, 0x2d, 0x58, 0x90, 0xcf, 0xfa, 0xe2, 0x9c, 0x3a, 0xf9, 0x06,
0xb1, 0xd7, 0xcd, 0x4e, 0x08, 0x43, 0x99, 0x43, 0xfb, 0x4c, 0x71, 0xda, 0x2f, 0xb8, 0x33, 0xba,
0x28, 0x33, 0xff, 0xf8, 0x7a, 0x67, 0x8b, 0xa6, 0x15, 0xc5, 0x21, 0xd5, 0x96, 0xfe, 0x16, 0x02,
0xc5, 0x6b, 0x72, 0xdf, 0x58, 0xf4, 0xce, 0x15, 0xce, 0x2b, 0xa2, 0x5f, 0x42, 0x27, 0xfd, 0x0a,
0x02, 0xc5, 0xcd, 0xeb, 0x82, 0x17, 0x16, 0xbd, 0xf3, 0x47, 0x60, 0xe8, 0xa4, 0x33, 0xef, 0x05,
0x36, 0x8b, 0xff, 0xf8, 0x66, 0x48, 0x17, 0xfd, 0x46, 0xe6, 0xa2, 0x48, 0xfe, 0x3a, 0x43, 0xfa,
0x5f, 0xfa, 0x9c, 0x5f, 0xa8, 0x9a, 0x28, 0xf2, 0xff, 0xb9, 0x19, 0x73, 0xe8, 0x73, 0x58, 0x4a,
0xf5, 0xbb, 0x50, 0xbc, 0x2a, 0xbf, 0x7b, 0xd7, 0xdb, 0x2c, 0x46, 0x48, 0xea, 0x4d, 0xef, 0x66,
0x25, 0xf4, 0x96, 0xd3, 0x22, 0x4b, 0xe8, 0x2d, 0xb7, 0x0d, 0xc6, 0xcc, 0x2b, 0xd1, 0xb3, 0xd2,
0xcc, 0x2b, 0xaf, 0x41, 0xd6, 0x3b, 0x5b, 0x34, 0xad, 0x1f, 0x3f, 0xd5, 0xaf, 0xd2, 0x8e, 0x9f,
0xdf, 0x06, 0xeb, 0x6d, 0x16, 0x23, 0xa4, 0x75, 0x15, 0xd7, 0xe1, 0x29, 0x5d, 0x65, 0xda, 0x3e,
0x29, 0x5d, 0x65, 0x0b, 0x78, 0xa1, 0xab, 0x54, 0x41, 0x7d, 0xae, 0xb0, 0x16, 0xc9, 0xea, 0x2a,
0xbf, 0xbc, 0x31, 0xe6, 0x50, 0x1f, 0xea, 0xb2, 0x98, 0x40, 0xf1, 0xed, 0x4e, 0x55, 0x30, 0xbd,
0xd3, 0x39, 0x33, 0x8a, 0xc4, 0x8f, 0x61, 0x9e, 0x42, 0xd1, 0x6a, 0x02, 0x49, 0x2e, 0x3d, 0x95,
0x82, 0xaa, 0x65, 0xef, 0x41, 0x8d, 0x67, 0xe3, 0x28, 0xf6, 0xb9, 0x89, 0x44, 0xbf, 0xb7, 0x9e,
0x81, 0xab, 0xc5, 0x9f, 0xf2, 0xa7, 0xbe, 0x22, 0xad, 0x46, 0x1b, 0x89, 0x07, 0x76, 0xc9, 0xe4,
0xbd, 0xf7, 0x4a, 0xfe, 0xa4, 0xa2, 0xf5, 0x10, 0x56, 0x72, 0x42, 0x20, 0x8a, 0x7b, 0x3f, 0xc5,
0xd1, 0xb7, 0x77, 0xe1, 0x68, 0x24, 0xfd, 0xb0, 0x42, 0x6b, 0x6b, 0xba, 0xa9, 0x6b, 0xca, 0x5a,
0xcf, 0xc0, 0xe5, 0xe2, 0xad, 0xbf, 0x95, 0x61, 0x91, 0x27, 0x2a, 0xc2, 0x55, 0x7f, 0x02, 0x10,
0xa7, 0xcb, 0xa8, 0x97, 0xb0, 0x9e, 0x44, 0x1d, 0xd0, 0xdb, 0xc8, 0x9d, 0xd3, 0xc5, 0xa8, 0x65,
0xbe, 0x9a, 0x18, 0xb3, 0xf9, 0xb4, 0x26, 0xc6, 0x9c, 0x64, 0xd9, 0x98, 0x43, 0x3b, 0xd0, 0x50,
0xe9, 0x18, 0xd2, 0xb2, 0xb8, 0x54, 0x2e, 0xd9, 0xeb, 0xe5, 0x4d, 0xe9, 0x1c, 0x69, 0xf9, 0x97,
0xc6, 0x51, 0x36, 0xab, 0xd3, 0x38, 0xca, 0x4b, 0xd9, 0xe6, 0xfe, 0x1b, 0x00, 0x00, 0xff, 0xff,
0xce, 0x7b, 0x46, 0x5c, 0x58, 0x2f, 0x00, 0x00,
// 3365 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xcc, 0x3a, 0xdb, 0x72, 0x1b, 0xc7,
0xb1, 0x04, 0x40, 0x82, 0x40, 0x83, 0x00, 0xc1, 0x21, 0x45, 0x42, 0xa0, 0x25, 0x51, 0x6b, 0x49,
0x96, 0x64, 0x5b, 0xc7, 0xe2, 0x39, 0xc7, 0x3a, 0x96, 0x2d, 0xd9, 0x30, 0x49, 0xfb, 0xd0, 0x92,
0x20, 0x7a, 0x21, 0x39, 0x76, 0xf9, 0x61, 0xb3, 0xc2, 0x0e, 0xc1, 0x95, 0x80, 0xdd, 0xf5, 0xee,
0x80, 0x16, 0xf3, 0x05, 0x79, 0x48, 0xaa, 0xf2, 0xea, 0xa7, 0xa4, 0x52, 0xa9, 0x72, 0x25, 0x79,
0x4b, 0x55, 0xaa, 0xf2, 0x0f, 0xa9, 0x7c, 0x40, 0x3e, 0x21, 0x7f, 0x91, 0x9a, 0xdb, 0xee, 0xcc,
0x5e, 0x28, 0x52, 0x76, 0xc5, 0x7a, 0xdb, 0xe9, 0xe9, 0xe9, 0xe9, 0xdb, 0xf4, 0x74, 0xf7, 0x2c,
0xd4, 0xed, 0xc0, 0xbd, 0x11, 0x84, 0x3e, 0xf1, 0xd1, 0x7c, 0x38, 0xf5, 0x88, 0x3b, 0xc1, 0xc6,
0x75, 0x68, 0x7d, 0x81, 0xc3, 0xc8, 0xf5, 0x3d, 0x13, 0x7f, 0x33, 0xc5, 0x11, 0x41, 0x1d, 0x98,
0x3f, 0xe4, 0x90, 0x4e, 0x69, 0xa3, 0x74, 0xb5, 0x6e, 0xca, 0xa1, 0xf1, 0x7d, 0x09, 0x16, 0x63,
0xe4, 0x28, 0xf0, 0xbd, 0x08, 0x17, 0x63, 0xa3, 0x8b, 0xb0, 0x20, 0x36, 0xb1, 0x3c, 0x7b, 0x82,
0x3b, 0x65, 0x36, 0xdd, 0x10, 0xb0, 0xbe, 0x3d, 0xc1, 0xe8, 0x0d, 0x58, 0x94, 0x28, 0x92, 0x48,
0x85, 0x61, 0xb5, 0x04, 0x58, 0xec, 0x86, 0x6e, 0xc0, 0xb2, 0x44, 0xb4, 0x03, 0x37, 0x46, 0x9e,
0x65, 0xc8, 0x4b, 0x62, 0xaa, 0x17, 0xb8, 0x02, 0xdf, 0xf8, 0x1a, 0xea, 0xdb, 0xfd, 0xc1, 0x96,
0xef, 0xed, 0xbb, 0x23, 0xca, 0x62, 0x84, 0x43, 0xba, 0xa6, 0x53, 0xda, 0xa8, 0x50, 0x16, 0xc5,
0x10, 0x75, 0xa1, 0x16, 0x61, 0x3b, 0x1c, 0x1e, 0xe0, 0xa8, 0x53, 0x66, 0x53, 0xf1, 0x98, 0xae,
0xf2, 0x03, 0xe2, 0xfa, 0x5e, 0xd4, 0xa9, 0xf0, 0x55, 0x62, 0x68, 0x7c, 0x57, 0x82, 0xc6, 0x9e,
0x1f, 0x92, 0x07, 0x76, 0x10, 0xb8, 0xde, 0x08, 0xbd, 0x0d, 0x35, 0xa6, 0xd4, 0xa1, 0x3f, 0x66,
0x3a, 0x68, 0x6d, 0x2e, 0xdd, 0x10, 0x2c, 0xdd, 0xd8, 0x13, 0x13, 0x66, 0x8c, 0x82, 0x2e, 0x43,
0x6b, 0xe8, 0x7b, 0xc4, 0x76, 0x3d, 0x1c, 0x5a, 0x81, 0x1f, 0x12, 0xa6, 0x99, 0x39, 0xb3, 0x19,
0x43, 0x29, 0x71, 0xb4, 0x0e, 0xf5, 0x03, 0x3f, 0x22, 0x1c, 0xa3, 0xc2, 0x30, 0x6a, 0x14, 0xc0,
0x26, 0xd7, 0x60, 0x9e, 0x4d, 0xba, 0x81, 0xd0, 0x41, 0x95, 0x0e, 0x77, 0x03, 0xe3, 0x37, 0x25,
0x98, 0x7b, 0xe0, 0x4f, 0x3d, 0x92, 0xda, 0xc6, 0x26, 0x07, 0xc2, 0x3e, 0xca, 0x36, 0x36, 0x39,
0x48, 0xb6, 0xa1, 0x18, 0xdc, 0x44, 0x7c, 0x1b, 0x3a, 0xd9, 0x85, 0x5a, 0x88, 0x6d, 0xc7, 0xf7,
0xc6, 0x47, 0x8c, 0x85, 0x9a, 0x19, 0x8f, 0xa9, 0xed, 0x22, 0x3c, 0x76, 0xbd, 0xe9, 0x73, 0x2b,
0xc4, 0x63, 0xfb, 0x09, 0x1e, 0x33, 0x56, 0x6a, 0x66, 0x4b, 0x80, 0x4d, 0x0e, 0x35, 0x9e, 0xc2,
0x22, 0x35, 0x76, 0x14, 0xd8, 0x43, 0xfc, 0x90, 0xa9, 0x90, 0xba, 0x06, 0xdb, 0xd4, 0xc3, 0xe4,
0x5b, 0x3f, 0x7c, 0xc6, 0x38, 0xab, 0x99, 0x0d, 0x0a, 0xeb, 0x73, 0x10, 0x3a, 0x0b, 0x35, 0xce,
0x97, 0xeb, 0x30, 0xb6, 0x6a, 0x26, 0x93, 0x78, 0xcf, 0x75, 0xe2, 0x29, 0x37, 0x18, 0x0a, 0xae,
0xe6, 0xb9, 0xf4, 0x43, 0xe3, 0xb7, 0x65, 0x58, 0xbf, 0x4f, 0x37, 0x1f, 0xd8, 0x9e, 0xf3, 0xc4,
0x7f, 0x3e, 0xc0, 0xc3, 0x69, 0xe8, 0x92, 0xa3, 0x2d, 0xdf, 0x23, 0xf8, 0x39, 0x41, 0x3b, 0xb0,
0xe4, 0x49, 0x5e, 0x2c, 0x69, 0x5e, 0xba, 0x7b, 0x63, 0xb3, 0x13, 0xdb, 0x2c, 0xc5, 0xad, 0xd9,
0xf6, 0x74, 0x40, 0x84, 0x3e, 0x4c, 0x64, 0x97, 0x44, 0xca, 0x8c, 0xc8, 0x6a, 0x4c, 0x64, 0xb0,
0xc3, 0xf8, 0x10, 0x24, 0xa4, 0x4e, 0x24, 0x81, 0xf3, 0x40, 0xcf, 0x81, 0x65, 0x47, 0xd6, 0x34,
0xc2, 0x21, 0x93, 0xa2, 0x62, 0xd6, 0xc3, 0xa9, 0xd7, 0x8b, 0x1e, 0x47, 0x38, 0x64, 0x07, 0x43,
0x28, 0xda, 0x0a, 0x7d, 0x9f, 0xec, 0x47, 0x52, 0xb9, 0x12, 0x6c, 0x32, 0x28, 0xfa, 0x2f, 0x58,
0x8e, 0xa6, 0x41, 0x30, 0xc6, 0x13, 0xec, 0x11, 0x7b, 0x6c, 0x8d, 0x42, 0x7f, 0x1a, 0x44, 0x9d,
0xb9, 0x8d, 0xca, 0xd5, 0x8a, 0x89, 0xd4, 0xa9, 0x4f, 0xd9, 0x8c, 0xf1, 0xeb, 0x12, 0x9c, 0x61,
0x9c, 0xed, 0xf9, 0x8e, 0x50, 0x92, 0x38, 0x26, 0xaf, 0x43, 0x73, 0xc8, 0x96, 0x5b, 0x81, 0x1d,
0x62, 0x8f, 0x08, 0x7f, 0x59, 0xe0, 0xc0, 0x3d, 0x06, 0x43, 0x0f, 0xa1, 0x1d, 0x09, 0x9d, 0x5a,
0x43, 0xae, 0x54, 0x21, 0xfa, 0xa5, 0x58, 0xf4, 0x63, 0x0c, 0x60, 0x2e, 0x46, 0x3a, 0xc0, 0x08,
0x01, 0x25, 0x9c, 0x3c, 0xc0, 0xc4, 0x76, 0x6c, 0x62, 0x23, 0x04, 0xb3, 0x2c, 0x66, 0x70, 0x16,
0xd8, 0x37, 0x6a, 0x43, 0x65, 0x2a, 0x9c, 0xa1, 0x6e, 0xd2, 0x4f, 0xf4, 0x1a, 0xd4, 0x63, 0xd3,
0x88, 0xc0, 0x91, 0x00, 0xe8, 0x01, 0xb6, 0x09, 0xc1, 0x93, 0x80, 0x30, 0xdd, 0x35, 0x4d, 0x39,
0x34, 0xfe, 0x36, 0x0b, 0xed, 0x8c, 0xf8, 0xb7, 0xa0, 0x36, 0x11, 0xdb, 0x0b, 0x8f, 0x58, 0x4f,
0x4e, 0x71, 0x86, 0x43, 0x33, 0x46, 0xa6, 0x87, 0x84, 0xba, 0x9f, 0x12, 0xe3, 0xe2, 0x31, 0xd5,
0xe9, 0xd8, 0x1f, 0x59, 0x8e, 0x1b, 0xe2, 0x21, 0xf1, 0xc3, 0x23, 0xc1, 0xe5, 0xc2, 0xd8, 0x1f,
0x6d, 0x4b, 0x18, 0xba, 0x09, 0xe0, 0x78, 0x11, 0x55, 0xe7, 0xbe, 0x3b, 0x62, 0xbc, 0x36, 0x36,
0x51, 0xbc, 0x77, 0x1c, 0xc7, 0xcc, 0xba, 0xe3, 0x45, 0x82, 0xd9, 0xf7, 0xa0, 0x49, 0xe3, 0x82,
0x35, 0xe1, 0x21, 0x88, 0x1b, 0xbc, 0xb1, 0xb9, 0xa2, 0x70, 0x1c, 0xc7, 0x27, 0x73, 0x21, 0x48,
0x06, 0x11, 0xba, 0x03, 0x55, 0x76, 0x2e, 0xa3, 0x4e, 0x95, 0xad, 0xb9, 0x9c, 0x23, 0x25, 0xdf,
0xe5, 0xc6, 0x7d, 0x86, 0xb7, 0xe3, 0x91, 0xf0, 0xc8, 0x14, 0x8b, 0xd0, 0x7d, 0x68, 0xd8, 0x9e,
0xe7, 0x13, 0x9b, 0xbb, 0xfd, 0x3c, 0xa3, 0x71, 0xbd, 0x98, 0x46, 0x2f, 0x41, 0xe6, 0x84, 0xd4,
0xe5, 0xe8, 0x7f, 0x60, 0x8e, 0x9d, 0x8b, 0x4e, 0x8d, 0x49, 0x7d, 0x5e, 0xf7, 0xa1, 0x34, 0x31,
0x93, 0x23, 0x77, 0xdf, 0x83, 0x86, 0xc2, 0x1a, 0x75, 0x8c, 0x67, 0xf8, 0x48, 0xf8, 0x0a, 0xfd,
0x44, 0x2b, 0x30, 0x77, 0x68, 0x8f, 0xa7, 0xd2, 0x1e, 0x7c, 0x70, 0xbb, 0xfc, 0x7f, 0xa5, 0xee,
0x5d, 0x68, 0xa7, 0x39, 0x3a, 0xcd, 0x7a, 0x63, 0x17, 0x56, 0xcc, 0xa9, 0x97, 0x30, 0x26, 0x2f,
0xcd, 0x9b, 0x50, 0x15, 0xf6, 0xe3, 0xbe, 0x73, 0xb6, 0x50, 0x23, 0xa6, 0x40, 0x34, 0xee, 0xc0,
0x99, 0x14, 0x29, 0x71, 0xa5, 0x5e, 0x82, 0x56, 0xe0, 0x3b, 0x56, 0xc4, 0xc1, 0x96, 0xeb, 0xc8,
0x93, 0x18, 0xc4, 0xb8, 0xbb, 0x0e, 0x5d, 0x3e, 0x20, 0x7e, 0x90, 0x65, 0xe5, 0x64, 0xcb, 0x3b,
0xb0, 0x9a, 0x5e, 0xce, 0xb7, 0x37, 0x3e, 0x84, 0x35, 0x13, 0x4f, 0xfc, 0x43, 0xfc, 0xb2, 0xa4,
0xbb, 0xd0, 0xc9, 0x12, 0x48, 0x88, 0x27, 0xd0, 0x01, 0xb1, 0xc9, 0x34, 0x3a, 0x1d, 0xf1, 0x6b,
0x2a, 0x01, 0x71, 0x59, 0x70, 0x3a, 0xa8, 0x05, 0x65, 0x37, 0x10, 0x8b, 0xca, 0x6e, 0x60, 0x7c,
0x05, 0xf5, 0xbe, 0x1a, 0x0d, 0xd4, 0xdb, 0xa6, 0x6e, 0xca, 0x21, 0xda, 0x4c, 0x2e, 0xfa, 0xf2,
0x0b, 0x6e, 0x82, 0x38, 0x05, 0xb8, 0x97, 0x09, 0xa2, 0x82, 0x87, 0x4d, 0x80, 0x38, 0x02, 0xc9,
0x9b, 0x05, 0x65, 0xe9, 0x99, 0x0a, 0x96, 0xf1, 0x07, 0x2d, 0x1c, 0x29, 0xc2, 0x38, 0xb1, 0x30,
0x8e, 0x16, 0x9e, 0xca, 0xa7, 0x09, 0x4f, 0x37, 0x60, 0x2e, 0x22, 0x36, 0xe1, 0x01, 0xb2, 0xa5,
0x08, 0xa7, 0x6f, 0x89, 0x4d, 0x8e, 0x86, 0xce, 0x01, 0x0c, 0x43, 0x6c, 0x13, 0xec, 0x58, 0x36,
0x8f, 0x9c, 0x15, 0xb3, 0x2e, 0x20, 0x3d, 0x82, 0x6e, 0x27, 0x7a, 0x9c, 0x63, 0x6c, 0x6c, 0xe4,
0x10, 0xd4, 0xec, 0x92, 0x68, 0x3a, 0x3e, 0xed, 0xd5, 0xe3, 0x4f, 0xbb, 0x58, 0xc7, 0x91, 0x95,
0x80, 0x35, 0x5f, 0x18, 0xb0, 0xf8, 0x8a, 0x93, 0x04, 0xac, 0x5a, 0x61, 0xc0, 0x12, 0x34, 0x8e,
0x0d, 0x58, 0x3f, 0x65, 0xe8, 0x79, 0x00, 0x9d, 0xec, 0xd1, 0x11, 0x21, 0xe3, 0x26, 0x54, 0x23,
0x06, 0x39, 0x26, 0xfc, 0x88, 0x25, 0x02, 0xd1, 0xf8, 0x57, 0x49, 0xf5, 0xba, 0x4f, 0xdc, 0x31,
0xc1, 0x61, 0xc6, 0xeb, 0x62, 0xe7, 0x29, 0x9f, 0xcc, 0x79, 0x06, 0xd0, 0x62, 0x6a, 0xb7, 0x22,
0x3c, 0x66, 0xb7, 0x1b, 0xcb, 0x9d, 0x1b, 0x9b, 0x6f, 0xe5, 0x2c, 0xe4, 0x5b, 0x72, 0x9b, 0x0d,
0x04, 0x3a, 0xd7, 0x78, 0x73, 0xac, 0xc2, 0xba, 0x1f, 0x01, 0xca, 0x22, 0x9d, 0x4a, 0x75, 0x9f,
0xd1, 0xe3, 0x4a, 0x53, 0xe7, 0x9c, 0xb0, 0xbd, 0xcf, 0xd8, 0x38, 0x46, 0x6f, 0x9c, 0x4f, 0x53,
0x20, 0x1a, 0xbf, 0xab, 0x00, 0x24, 0x93, 0xaf, 0xec, 0x39, 0xbd, 0x15, 0x9f, 0x1a, 0x9e, 0x1a,
0x5c, 0xc8, 0xa1, 0x97, 0x7b, 0x5e, 0x3e, 0xd1, 0xcf, 0x0b, 0x4f, 0x12, 0x2e, 0xe5, 0xad, 0x7e,
0x65, 0x4f, 0xca, 0x16, 0xac, 0xa6, 0xcd, 0x2d, 0xce, 0xc9, 0x35, 0x98, 0x73, 0x09, 0x9e, 0xf0,
0x42, 0xb0, 0xb1, 0xb9, 0x9c, 0x23, 0x96, 0xc9, 0x31, 0x8c, 0x8b, 0x50, 0xdf, 0x9d, 0xd8, 0x23,
0x3c, 0x08, 0xf0, 0x90, 0xee, 0xe5, 0xd2, 0x81, 0xd8, 0x9f, 0x0f, 0x8c, 0x4d, 0xa8, 0xdd, 0xc3,
0x47, 0x5f, 0xd0, 0x7d, 0x4f, 0xca, 0x9f, 0xf1, 0xf7, 0x12, 0xac, 0xb1, 0x70, 0xb7, 0x25, 0xcb,
0x30, 0x13, 0x47, 0xfe, 0x34, 0x1c, 0xe2, 0x88, 0x99, 0x34, 0x98, 0x5a, 0x01, 0x0e, 0x5d, 0x9f,
0xfb, 0x14, 0x35, 0x69, 0x30, 0xdd, 0x63, 0x00, 0x5a, 0xaa, 0xd1, 0xe9, 0x6f, 0xa6, 0xbe, 0xf0,
0xad, 0x8a, 0x59, 0x1b, 0x06, 0xd3, 0xcf, 0xe9, 0x58, 0xae, 0x8d, 0x0e, 0xec, 0x10, 0x47, 0xb2,
0xa0, 0x18, 0x06, 0xd3, 0x01, 0x03, 0xa0, 0x9b, 0x70, 0x66, 0x82, 0x27, 0x7e, 0x78, 0x64, 0x8d,
0xdd, 0x89, 0x4b, 0x2c, 0xd7, 0xb3, 0x9e, 0x1c, 0x11, 0x1c, 0x09, 0xc7, 0x41, 0x7c, 0xf2, 0x3e,
0x9d, 0xdb, 0xf5, 0x3e, 0xa6, 0x33, 0xc8, 0x80, 0xa6, 0xef, 0x4f, 0xac, 0x68, 0xe8, 0x87, 0xd8,
0xb2, 0x9d, 0xa7, 0x2c, 0xde, 0x57, 0xcc, 0x86, 0xef, 0x4f, 0x06, 0x14, 0xd6, 0x73, 0x9e, 0x1a,
0x36, 0x34, 0xb5, 0x42, 0x87, 0x26, 0xee, 0xac, 0xa2, 0x11, 0x89, 0x3b, 0xfd, 0xa6, 0xb0, 0xd0,
0x1f, 0x4b, 0x3d, 0xb0, 0x6f, 0x0a, 0x23, 0x47, 0x81, 0xcc, 0xda, 0xd9, 0x37, 0x55, 0xd8, 0x18,
0x1f, 0x8a, 0x3a, 0xb2, 0x6e, 0xf2, 0x81, 0xe1, 0x00, 0x6c, 0xd9, 0x81, 0xfd, 0xc4, 0x1d, 0xbb,
0xe4, 0x08, 0x5d, 0x83, 0xb6, 0xed, 0x38, 0xd6, 0x50, 0x42, 0x5c, 0x2c, 0x8b, 0xfa, 0x45, 0xdb,
0x71, 0xb6, 0x14, 0x30, 0x7a, 0x13, 0x96, 0x9c, 0xd0, 0x0f, 0x74, 0x5c, 0x5e, 0xe5, 0xb7, 0xe9,
0x84, 0x8a, 0x6c, 0xfc, 0xbe, 0x02, 0xe7, 0x74, 0xb3, 0xa4, 0x4b, 0xc7, 0x5b, 0xb0, 0x90, 0xda,
0xb5, 0xa4, 0x79, 0x50, 0xc2, 0xa4, 0xa9, 0x21, 0xa2, 0xf3, 0x00, 0x41, 0xe8, 0x1e, 0xba, 0x63,
0x3c, 0xc2, 0xb2, 0x96, 0x55, 0x20, 0xf9, 0x35, 0x69, 0xe5, 0xc7, 0xa8, 0x49, 0x67, 0x7f, 0x48,
0x4d, 0x3a, 0x97, 0xae, 0x49, 0xaf, 0xb0, 0x66, 0x8d, 0x9c, 0x67, 0xe5, 0x4e, 0x95, 0x77, 0x14,
0x62, 0x1c, 0x4f, 0x36, 0x75, 0x52, 0xb5, 0xeb, 0xfc, 0x69, 0x6a, 0xd7, 0x5a, 0x61, 0xed, 0xfa,
0xc7, 0x12, 0xac, 0xe8, 0x46, 0x12, 0xe5, 0xd0, 0x5d, 0xa8, 0x87, 0xf2, 0x14, 0x09, 0xc3, 0x6c,
0xe8, 0xc9, 0x45, 0xf6, 0xb4, 0x99, 0xc9, 0x12, 0xf4, 0x79, 0x61, 0x55, 0x7b, 0xa5, 0x80, 0xcc,
0x0b, 0xeb, 0xda, 0x1e, 0x2c, 0xc5, 0xc8, 0xc7, 0x96, 0xb5, 0x4a, 0x99, 0x5a, 0xd6, 0xcb, 0x54,
0x0f, 0xaa, 0xdb, 0xf8, 0xd0, 0x1d, 0xe2, 0x1f, 0xa5, 0x97, 0xb3, 0x01, 0x8d, 0x00, 0x87, 0x13,
0x37, 0x8a, 0x62, 0x07, 0xab, 0x9b, 0x2a, 0xc8, 0xf8, 0xe7, 0x1c, 0x2c, 0xa6, 0x35, 0xfb, 0x6e,
0xa6, 0x2a, 0xee, 0x26, 0x1e, 0x9f, 0x96, 0x4f, 0xb9, 0xcd, 0xae, 0xca, 0x80, 0x59, 0x4e, 0xa5,
0xc0, 0x71, 0x4c, 0x15, 0x41, 0x94, 0xca, 0x3f, 0xf4, 0x27, 0x13, 0xdb, 0x73, 0x64, 0x9f, 0x4d,
0x0c, 0xa9, 0xb6, 0xec, 0x70, 0x44, 0xdd, 0x98, 0x82, 0xd9, 0x37, 0xba, 0x00, 0x0d, 0x9a, 0x4a,
0xba, 0x1e, 0x2b, 0xaa, 0x99, 0x93, 0xd6, 0x4d, 0x10, 0xa0, 0x6d, 0x37, 0x44, 0x97, 0x61, 0x16,
0x7b, 0x87, 0xf2, 0xde, 0x4a, 0x1a, 0x71, 0x32, 0x50, 0x9b, 0x6c, 0x1a, 0x5d, 0x81, 0xea, 0xc4,
0x9f, 0x7a, 0x44, 0x26, 0x95, 0xad, 0x18, 0x91, 0x75, 0xcf, 0x4c, 0x31, 0x8b, 0xae, 0xc1, 0xbc,
0xc3, 0x6c, 0x20, 0x33, 0xc7, 0xc5, 0xa4, 0x30, 0x67, 0x70, 0x53, 0xce, 0xa3, 0x0f, 0xe2, 0x1b,
0xb7, 0x9e, 0xba, 0x33, 0x53, 0x4a, 0xcd, 0xbd, 0x76, 0xef, 0xe9, 0xd7, 0x2e, 0x30, 0x12, 0xd7,
0x0a, 0x49, 0x1c, 0x5f, 0x56, 0x9f, 0x85, 0xda, 0xd8, 0x1f, 0x71, 0x3f, 0x68, 0xf0, 0x6a, 0x67,
0xec, 0x8f, 0x98, 0x1b, 0xac, 0xd0, 0x34, 0xc3, 0x71, 0xbd, 0xce, 0x02, 0x3b, 0x93, 0x7c, 0x40,
0x6f, 0x0f, 0xf6, 0x61, 0xf9, 0xde, 0x10, 0x77, 0x9a, 0x6c, 0xaa, 0xce, 0x20, 0x0f, 0xbd, 0x21,
0xbb, 0xdc, 0x08, 0x39, 0xea, 0xb4, 0x18, 0x9c, 0x7e, 0xa2, 0xff, 0x96, 0xa9, 0xfc, 0x22, 0xb3,
0xef, 0xb9, 0x82, 0x63, 0xf2, 0xca, 0xd4, 0xed, 0x7f, 0x29, 0xc1, 0xea, 0x16, 0x4b, 0x8e, 0x94,
0x48, 0x70, 0x8a, 0xba, 0x13, 0xbd, 0x13, 0x17, 0xf8, 0xe9, 0x22, 0x31, 0x2d, 0xac, 0xc0, 0x43,
0x1f, 0x41, 0x4b, 0xd2, 0x14, 0x2b, 0x2b, 0x2f, 0x6a, 0x0d, 0x34, 0x23, 0x75, 0x68, 0x7c, 0x00,
0x6b, 0x19, 0x9e, 0x45, 0x22, 0x73, 0x11, 0x16, 0x92, 0x88, 0x10, 0xb3, 0xdc, 0x88, 0x61, 0xbb,
0x8e, 0x71, 0x1b, 0xce, 0x0c, 0x88, 0x1d, 0x92, 0x8c, 0xc0, 0x27, 0x58, 0xcb, 0xba, 0x03, 0xfa,
0x5a, 0x51, 0xc0, 0x0f, 0x60, 0x65, 0x40, 0xfc, 0xe0, 0x25, 0x88, 0xd2, 0x93, 0x4e, 0xc5, 0xf6,
0xa7, 0x44, 0x64, 0x2f, 0x72, 0x68, 0xac, 0xf1, 0x5e, 0x46, 0x76, 0xb7, 0xf7, 0x61, 0x95, 0xb7,
0x12, 0x5e, 0x46, 0x88, 0xb3, 0xb2, 0x91, 0x91, 0xa5, 0xfb, 0xab, 0xb2, 0x12, 0xea, 0x0a, 0x6a,
0x9f, 0xb7, 0xf5, 0xda, 0x67, 0x2d, 0x6b, 0x70, 0x2d, 0x1f, 0xcf, 0xba, 0x51, 0x25, 0xc7, 0x8d,
0xcc, 0x4c, 0x81, 0x34, 0xcb, 0x4e, 0xfa, 0x9b, 0x59, 0xea, 0xff, 0xc1, 0xfa, 0x68, 0x97, 0xd7,
0x47, 0xf1, 0xd6, 0x71, 0x4f, 0xe6, 0x9d, 0x54, 0x7d, 0xd4, 0x29, 0x62, 0x33, 0x2e, 0x8f, 0x7e,
0x39, 0x0b, 0xf5, 0x78, 0x2e, 0xa3, 0xd3, 0xac, 0x92, 0xca, 0x39, 0x4a, 0x52, 0x2f, 0x9d, 0xca,
0xcb, 0x5c, 0x3a, 0xb3, 0x2f, 0xba, 0x74, 0xd6, 0xa1, 0xce, 0x3e, 0xac, 0x10, 0xef, 0x8b, 0x4b,
0xa4, 0xc6, 0x00, 0x26, 0xde, 0x4f, 0x0c, 0x5f, 0x3d, 0x91, 0xe1, 0xf5, 0x42, 0x6c, 0x3e, 0x5d,
0x88, 0xbd, 0x1b, 0x5f, 0x0b, 0xfc, 0x02, 0x39, 0x9f, 0x25, 0x97, 0x7b, 0x21, 0xec, 0xe8, 0x17,
0x02, 0xbf, 0x53, 0x5e, 0xcf, 0x59, 0xfc, 0xca, 0x96, 0x61, 0xf7, 0x79, 0x19, 0xa6, 0x7a, 0x95,
0x88, 0x5e, 0x9b, 0x00, 0xf1, 0x41, 0x95, 0xb5, 0x18, 0xca, 0x8a, 0x66, 0x2a, 0x58, 0x34, 0x14,
0x68, 0xfa, 0x4f, 0x1a, 0x87, 0x27, 0x08, 0x05, 0x7f, 0x56, 0x53, 0x9b, 0x82, 0x0e, 0xdb, 0xbb,
0x99, 0xca, 0xfd, 0x64, 0x5e, 0xf7, 0xb6, 0x5e, 0xb8, 0x9f, 0xce, 0x5d, 0x32, 0x75, 0x3b, 0xbb,
0x89, 0xed, 0x50, 0x4c, 0x8b, 0x24, 0x5c, 0x40, 0x7a, 0x84, 0xe6, 0x3f, 0xfb, 0xae, 0xe7, 0x46,
0x07, 0x7c, 0xbe, 0xca, 0xe6, 0x41, 0x82, 0x7a, 0xec, 0xd9, 0x10, 0x3f, 0x77, 0x89, 0x35, 0xf4,
0x1d, 0xcc, 0x9c, 0x71, 0xce, 0xac, 0x51, 0xc0, 0x96, 0xef, 0xe0, 0xe4, 0x80, 0xd4, 0x4e, 0x75,
0x40, 0xea, 0xa9, 0x03, 0xb2, 0x0a, 0xd5, 0x10, 0xdb, 0x91, 0xef, 0x75, 0x80, 0x3f, 0x3e, 0xf2,
0x11, 0x0d, 0xf0, 0x13, 0x1c, 0x45, 0x74, 0x03, 0x91, 0x75, 0x88, 0xa1, 0x92, 0x1b, 0x2d, 0x14,
0xe5, 0x46, 0xc7, 0xb4, 0xf0, 0x52, 0xb9, 0x51, 0xb3, 0x28, 0x37, 0x3a, 0x49, 0x07, 0x4f, 0xc9,
0xfc, 0x5a, 0xc7, 0x65, 0x7e, 0x3f, 0xe5, 0xc1, 0xb9, 0x07, 0x6b, 0x19, 0x57, 0x17, 0x27, 0xe7,
0x9d, 0x54, 0xa3, 0xaf, 0x53, 0xa4, 0x85, 0xb8, 0xcf, 0xf7, 0x73, 0x58, 0xdc, 0x79, 0x8e, 0x87,
0x83, 0x23, 0x6f, 0x78, 0x8a, 0xbb, 0xba, 0x0d, 0x95, 0xe1, 0xc4, 0x11, 0xe5, 0x32, 0xfd, 0x54,
0x6f, 0xef, 0x8a, 0x7e, 0x7b, 0x5b, 0xd0, 0x4e, 0x76, 0x10, 0x7c, 0xae, 0x52, 0x3e, 0x1d, 0x8a,
0x4c, 0x89, 0x2f, 0x98, 0x62, 0x24, 0xe0, 0x38, 0x0c, 0x99, 0xd4, 0x1c, 0x8e, 0xc3, 0x50, 0x77,
0xdb, 0x8a, 0xee, 0xb6, 0xc6, 0x53, 0x68, 0xd0, 0x0d, 0x7e, 0x10, 0xfb, 0x22, 0x85, 0xad, 0x24,
0x29, 0x6c, 0x9c, 0x09, 0xcf, 0x2a, 0x99, 0xb0, 0xb1, 0x01, 0x0b, 0x7c, 0x2f, 0x21, 0x48, 0x1b,
0x2a, 0xd3, 0x70, 0x2c, 0xed, 0x36, 0x0d, 0xc7, 0xc6, 0xff, 0x43, 0xb3, 0x47, 0x88, 0x3d, 0x3c,
0x38, 0x05, 0x3f, 0xf1, 0x5e, 0x65, 0x75, 0x2f, 0x03, 0x5a, 0x92, 0x52, 0xe1, 0x6e, 0x7d, 0x40,
0x7b, 0x7e, 0x48, 0x3e, 0xf1, 0xc3, 0x6f, 0xed, 0xd0, 0x39, 0x5d, 0xce, 0x8a, 0x60, 0x56, 0xfc,
0x5f, 0x50, 0xb9, 0x3a, 0x67, 0xb2, 0x6f, 0xe3, 0x0d, 0x58, 0xd6, 0xe8, 0x15, 0x6e, 0x7c, 0x0b,
0x1a, 0x2c, 0x2a, 0x88, 0xec, 0xe8, 0xaa, 0xda, 0x01, 0x3b, 0x2e, 0x74, 0xd0, 0xca, 0x97, 0x86,
0x7d, 0x06, 0x8f, 0x63, 0xf4, 0x5b, 0xa9, 0x44, 0x62, 0x45, 0x5f, 0x9f, 0x4a, 0x22, 0xbe, 0x2b,
0xc1, 0x1c, 0x83, 0x67, 0x82, 0xf4, 0x3a, 0xad, 0xf4, 0x03, 0xdf, 0x22, 0xf6, 0x28, 0xfe, 0x65,
0x83, 0x02, 0x1e, 0xd9, 0xa3, 0x88, 0xfd, 0x71, 0x42, 0x27, 0x1d, 0x77, 0x84, 0x23, 0x22, 0xff,
0xdb, 0x68, 0x50, 0xd8, 0x36, 0x07, 0x51, 0x95, 0x44, 0xee, 0x2f, 0x78, 0x86, 0x30, 0x6b, 0xb2,
0x6f, 0xf9, 0xb0, 0xcc, 0x63, 0x2d, 0x7b, 0x58, 0xee, 0x42, 0x2d, 0xd5, 0xe3, 0x88, 0xc7, 0xc6,
0x07, 0x80, 0x54, 0xf1, 0x84, 0xfe, 0xae, 0x40, 0x95, 0x49, 0x2f, 0x6f, 0xb3, 0x96, 0x2e, 0x9f,
0x29, 0x66, 0x8d, 0xbb, 0x80, 0xb8, 0xc2, 0xb4, 0x1b, 0xec, 0xe4, 0xca, 0x7d, 0x1f, 0x96, 0xb5,
0xf5, 0xf1, 0x93, 0xa1, 0x46, 0x20, 0xbd, 0xbb, 0x58, 0xfc, 0x8f, 0x12, 0x40, 0x6f, 0x4a, 0x0e,
0x44, 0x6d, 0xaf, 0x4a, 0x59, 0xd2, 0xa5, 0xa4, 0x73, 0x81, 0x1d, 0x45, 0xdf, 0xfa, 0xa1, 0x4c,
0xd1, 0xe2, 0x31, 0xab, 0xcb, 0xa7, 0xe4, 0x40, 0xf6, 0xee, 0xe8, 0x37, 0xba, 0x0c, 0x2d, 0xfe,
0x53, 0x8d, 0x65, 0x3b, 0x4e, 0x88, 0xa3, 0x48, 0x34, 0xf1, 0x9a, 0x1c, 0xda, 0xe3, 0x40, 0x8a,
0xe6, 0x3a, 0xd8, 0x23, 0x2e, 0x39, 0xb2, 0x88, 0xff, 0x0c, 0x7b, 0x22, 0xf9, 0x6a, 0x4a, 0xe8,
0x23, 0x0a, 0xa4, 0x68, 0x21, 0x1e, 0xb9, 0x11, 0x09, 0x25, 0x9a, 0xec, 0x34, 0x09, 0x28, 0x43,
0x33, 0xbe, 0x2f, 0x41, 0x7b, 0x6f, 0x3a, 0x1e, 0x73, 0x21, 0x4f, 0xab, 0x4b, 0xf4, 0x86, 0x90,
0xa3, 0x9c, 0xea, 0xe4, 0x25, 0x2a, 0x12, 0xc2, 0xfd, 0xf0, 0x4a, 0x6e, 0x19, 0x96, 0x14, 0x46,
0x45, 0x11, 0x72, 0x17, 0x10, 0xaf, 0x4f, 0x5e, 0x8e, 0x7f, 0xe3, 0x0c, 0x2c, 0x6b, 0xeb, 0x05,
0xd9, 0xeb, 0xd0, 0x14, 0xef, 0x6f, 0xc2, 0xce, 0x67, 0xa1, 0x46, 0x83, 0xc5, 0xd0, 0x75, 0x64,
0x5f, 0x76, 0x3e, 0xf0, 0x9d, 0x2d, 0xd7, 0x09, 0x8d, 0x3e, 0x34, 0x4d, 0x4e, 0x5e, 0xe0, 0xde,
0x81, 0x96, 0x78, 0xad, 0xb3, 0xb4, 0xf7, 0xec, 0xa4, 0x89, 0xa8, 0xd1, 0x36, 0x9b, 0x9e, 0x3a,
0x34, 0xbe, 0x86, 0xee, 0xe3, 0xc0, 0xa1, 0xd9, 0x8e, 0x4a, 0x55, 0x8a, 0x76, 0x07, 0xe4, 0x7f,
0x5d, 0x45, 0xc4, 0xf5, 0x65, 0xcd, 0x50, 0x1d, 0x1a, 0xe7, 0x60, 0x3d, 0x97, 0xb8, 0x90, 0x3b,
0x80, 0x76, 0x32, 0xe1, 0xb8, 0xb2, 0x1d, 0xcd, 0xda, 0xcc, 0x25, 0xa5, 0xcd, 0xbc, 0x1a, 0x5f,
0xa1, 0x3c, 0x18, 0x8b, 0x91, 0x92, 0xd5, 0x54, 0x8a, 0xb2, 0x9a, 0x59, 0x2d, 0xab, 0x31, 0x3e,
0x8b, 0xb5, 0x27, 0x52, 0xca, 0xf7, 0x58, 0x5e, 0xcb, 0xf7, 0x96, 0x91, 0xe0, 0x6c, 0x8e, 0x70,
0x1c, 0xc3, 0x54, 0x90, 0x8d, 0x45, 0x68, 0x6a, 0x31, 0xc1, 0xf8, 0x08, 0x5a, 0xa9, 0x43, 0x7e,
0x23, 0x75, 0xf7, 0x67, 0xd4, 0xa6, 0xdf, 0xfc, 0xd7, 0x5f, 0x83, 0x9a, 0xfc, 0xfd, 0x0c, 0xcd,
0x43, 0xe5, 0xd1, 0xd6, 0x5e, 0x7b, 0x86, 0x7e, 0x3c, 0xde, 0xde, 0x6b, 0x97, 0xae, 0xdf, 0x86,
0xc5, 0xd4, 0xcb, 0x12, 0x5a, 0x82, 0xe6, 0xa0, 0xd7, 0xdf, 0xfe, 0xf8, 0xe1, 0x97, 0x96, 0xb9,
0xd3, 0xdb, 0xfe, 0xaa, 0x3d, 0x83, 0x56, 0xa0, 0x2d, 0x41, 0xfd, 0x87, 0x8f, 0x38, 0xb4, 0x74,
0xfd, 0x19, 0xb4, 0xf4, 0xe4, 0x16, 0x9d, 0x81, 0xa5, 0xad, 0x87, 0xfd, 0x47, 0xbd, 0xdd, 0xfe,
0x8e, 0x69, 0x6d, 0x99, 0x3b, 0xbd, 0x47, 0x3b, 0xdb, 0xed, 0x19, 0x1d, 0x6c, 0x3e, 0xee, 0xf7,
0x77, 0xfb, 0x9f, 0xb6, 0x4b, 0x94, 0x6a, 0x02, 0xde, 0xf9, 0x72, 0x97, 0x22, 0x97, 0x75, 0xe4,
0xc7, 0xfd, 0x7b, 0xfd, 0x87, 0x3f, 0xeb, 0xb7, 0x2b, 0x9b, 0x7f, 0x6a, 0x40, 0x4b, 0x0a, 0x88,
0x43, 0xd6, 0x0f, 0xbd, 0x0b, 0xf3, 0xf2, 0xcf, 0xc0, 0x24, 0xdd, 0xd6, 0x7f, 0x63, 0xec, 0x76,
0xb2, 0x13, 0xc2, 0x51, 0x66, 0xd0, 0x1e, 0x33, 0x9c, 0xf2, 0x8a, 0x77, 0x4e, 0x55, 0x65, 0xe6,
0x99, 0xb0, 0x7b, 0xbe, 0x68, 0x3a, 0xa6, 0x38, 0xa0, 0xd6, 0x52, 0x7f, 0xa7, 0x40, 0xc9, 0x9a,
0xdc, 0xdf, 0x34, 0xba, 0x17, 0x0a, 0xe7, 0x63, 0xa2, 0x5f, 0x41, 0x3b, 0xfd, 0x23, 0x05, 0x4a,
0xfa, 0xda, 0x05, 0x3f, 0x69, 0x74, 0x2f, 0x1e, 0x83, 0xa1, 0x92, 0xce, 0xfc, 0x72, 0xb0, 0x51,
0xfc, 0x68, 0x9c, 0x21, 0x5d, 0xf4, 0x12, 0xcd, 0x55, 0xa1, 0xbf, 0xbe, 0x21, 0xf5, 0xa1, 0x3f,
0xe7, 0x15, 0x56, 0x51, 0x45, 0xfe, 0xb3, 0x9d, 0x31, 0x83, 0xbe, 0x80, 0xc5, 0x54, 0x2b, 0x0c,
0x25, 0xab, 0xf2, 0x1b, 0x7b, 0xdd, 0x8d, 0x62, 0x04, 0xdd, 0x6e, 0x6a, 0xa3, 0x4b, 0xb3, 0x5b,
0x4e, 0xf7, 0x4c, 0xb3, 0x5b, 0x6e, 0x87, 0x8c, 0xb9, 0x97, 0xd6, 0xce, 0x52, 0xdc, 0x2b, 0xaf,
0x77, 0xd6, 0x3d, 0x5f, 0x34, 0xad, 0x8a, 0x9f, 0x6a, 0x65, 0x29, 0xe2, 0xe7, 0x77, 0xc8, 0xba,
0x1b, 0xc5, 0x08, 0x69, 0x5b, 0x25, 0x25, 0x7a, 0xca, 0x56, 0x99, 0x8e, 0x50, 0xca, 0x56, 0xd9,
0xda, 0x5e, 0xd8, 0x2a, 0x55, 0x6b, 0x5f, 0x28, 0x2c, 0x53, 0xb2, 0xb6, 0xca, 0xaf, 0x7c, 0x8c,
0x19, 0xd4, 0x83, 0x9a, 0xac, 0x33, 0x50, 0x72, 0xba, 0x53, 0xc5, 0x4d, 0xf7, 0x6c, 0xce, 0x4c,
0x4c, 0xe2, 0x7f, 0x61, 0x96, 0x42, 0xd1, 0x8a, 0x86, 0x24, 0x97, 0x9e, 0x49, 0x41, 0xe3, 0x65,
0xef, 0x43, 0x95, 0x27, 0xea, 0x28, 0x89, 0xb9, 0x5a, 0x0d, 0xd0, 0x5d, 0xcb, 0xc0, 0xe3, 0xc5,
0x9f, 0xf1, 0xbf, 0x85, 0x45, 0xc6, 0x8d, 0xd6, 0xb5, 0x7f, 0xf4, 0xf4, 0xbc, 0xbe, 0xfb, 0x5a,
0xfe, 0x64, 0x4c, 0xeb, 0x09, 0x2c, 0xe7, 0x5c, 0x81, 0x28, 0x69, 0x0b, 0x15, 0xdf, 0xbe, 0xdd,
0x4b, 0xc7, 0x23, 0xa9, 0xc2, 0x0a, 0xab, 0xad, 0xaa, 0xae, 0xae, 0x18, 0x6b, 0x2d, 0x03, 0x97,
0x8b, 0x37, 0xff, 0x5a, 0x86, 0x05, 0x9e, 0xa8, 0x88, 0x50, 0xfd, 0x29, 0x40, 0x92, 0x2e, 0xa3,
0xae, 0xe6, 0x3d, 0x5a, 0x89, 0xd0, 0x5d, 0xcf, 0x9d, 0x53, 0xd5, 0xa8, 0x64, 0xbe, 0x8a, 0x1a,
0xb3, 0xf9, 0xb4, 0xa2, 0xc6, 0x9c, 0x64, 0xd9, 0x98, 0x41, 0xdb, 0x50, 0x8f, 0xd3, 0x31, 0xa4,
0x64, 0x71, 0xa9, 0x5c, 0xb2, 0xdb, 0xcd, 0x9b, 0x52, 0x39, 0x52, 0xf2, 0x2f, 0x85, 0xa3, 0x6c,
0x56, 0xa7, 0x70, 0x94, 0x97, 0xb2, 0xcd, 0xfc, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x6b, 0xf3, 0x7c,
0x10, 0x9b, 0x2f, 0x00, 0x00,
}

29
pkg/kubelet/api/v1alpha1/runtime/api.proto
View File

@ -160,9 +160,8 @@ message LinuxSandboxSecurityContext {
optional NamespaceOption namespace_options = 1;
// Optional SELinux context to be applied.
optional SELinuxOption selinux_options = 2;
// User to run the entrypoint of the sandbox process. Can be either UID or
// user name.
optional string run_as_user = 3;
// UID to run sandbox processes as, when applicable.
optional int64 run_as_user = 3;
// If set, the root filesystem of the sandbox is read-only.
optional bool readonly_rootfs = 4;
// List of groups applied to the first process run in the sandbox, in
@ -441,15 +440,18 @@ message LinuxContainerSecurityContext {
optional NamespaceOption namespace_options = 3;
// SELinux context to be optionally applied.
optional SELinuxOption selinux_options = 4;
// The user to run the the container process as. Can be either UID or user
// name.
// Defaults to user specified in image metadata if unspecified.
optional string run_as_user = 5;
// UID to run the container process as. Only one of run_as_user and
// run_as_username can be specified at a time.
optional int64 run_as_user = 5;
// User name to run the container process as. If specified, the user MUST
// exist in the container image (i.e. in the /etc/passwd inside the image),
// and be resolved there by the runtime; otherwise, the runtime MUST error.
optional string run_as_username = 6;
// If set, the root filesystem of the container is read-only.
optional bool readonly_rootfs = 6;
optional bool readonly_rootfs = 7;
// List of groups applied to the first process run in the container, in
// addition to the container's primary GID.
repeated int64 supplemental_groups = 7;
repeated int64 supplemental_groups = 8;
}
// LinuxContainerConfig contains platform-specific configuration for
@ -761,8 +763,13 @@ message Image {
repeated string repo_digests = 3;
// Size of the image in bytes.
optional uint64 size = 4;
// User that will run the command(s).
optional string user = 5;
// UID that will run the command(s). This is used as a default if no user is
// specified when creating the container. UID and the following user name
// are mutually exclusive.
optional int64 uid = 5;
// User name that will run the command(s). This is used if UID is not set
// and no user is specified when creating container.
optional string username = 6;
}
message ListImagesResponse {

10
pkg/kubelet/dockershim/convert.go
View File

@ -24,7 +24,6 @@ import (
dockertypes "github.com/docker/engine-api/types"
runtimeApi "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
"k8s.io/kubernetes/pkg/kubelet/dockertools"
)
// This file contains helper functions to convert docker API types to runtime
@ -57,14 +56,15 @@ func imageInspectToRuntimeAPIImage(image *dockertypes.ImageInspect) (*runtimeApi
}
size := uint64(image.VirtualSize)
user := dockertools.GetUserFromImageUser(image.Config.User)
return &runtimeApi.Image{
runtimeImage := &runtimeApi.Image{
Id: &image.ID,
RepoTags: image.RepoTags,
RepoDigests: image.RepoDigests,
Size_: &size,
User: &user,
}, nil
}
runtimeImage.Uid, runtimeImage.Username = getUserFromImageUser(image.Config.User)
return runtimeImage, nil
}
func toPullableImageID(id string, image *dockertypes.ImageInspect) string {

18
pkg/kubelet/dockershim/helpers.go
View File

@ -264,3 +264,21 @@ func (f *dockerFilter) Add(key, value string) {
func (f *dockerFilter) AddLabel(key, value string) {
f.Add("label", fmt.Sprintf("%s=%s", key, value))
}
// getUserFromImageUser gets uid or user name of the image user.
// If user is numeric, it will be treated as uid; or else, it is treated as user name.
func getUserFromImageUser(imageUser string) (*int64, *string) {
user := dockertools.GetUserFromImageUser(imageUser)
// return both nil if user is not specified in the image.
if user == "" {
return nil, nil
}
// user could be either uid or user name. Try to interpret as numeric uid.
uid, err := strconv.ParseInt(user, 10, 64)
if err != nil {
// If user is non numeric, assume it's user name.
return nil, &user
}
// If user is a numeric uid.
return &uid, nil
}

40
pkg/kubelet/dockershim/helpers_test.go
View File

@ -187,3 +187,43 @@ func TestGetSystclsFromAnnotations(t *testing.T) {
assert.Equal(t, test.expectedSysctls, actual, "TestCase[%d]", i)
}
}
// TestGetUserFromImageUser tests the logic of getting image uid or user name of image user.
func TestGetUserFromImageUser(t *testing.T) {
newI64 := func(i int64) *int64 { return &i }
newStr := func(s string) *string { return &s }
for c, test := range map[string]struct {
user string
uid *int64
name *string
}{
"no gid": {
user: "0",
uid: newI64(0),
},
"uid/gid": {
user: "0:1",
uid: newI64(0),
},
"empty user": {
user: "",
},
"multiple spearators": {
user: "1:2:3",
uid: newI64(1),
},
"root username": {
user: "root:root",
name: newStr("root"),
},
"username": {
user: "test:test",
name: newStr("test"),
},
} {
t.Logf("TestCase - %q", c)
actualUID, actualName := getUserFromImageUser(test.user)
assert.Equal(t, test.uid, actualUID)
assert.Equal(t, test.name, actualName)
}
}

10
pkg/kubelet/dockershim/security_context.go
View File

@ -61,7 +61,15 @@ func applyContainerSecurityContext(lc *runtimeapi.LinuxContainerConfig, sandboxI
// modifyContainerConfig applies container security context config to dockercontainer.Config.
func modifyContainerConfig(sc *runtimeapi.LinuxContainerSecurityContext, config *dockercontainer.Config) {
config.User = sc.GetRunAsUser()
if sc == nil {
return
}
if sc.RunAsUser != nil {
config.User = strconv.FormatInt(sc.GetRunAsUser(), 10)
}
if sc.RunAsUsername != nil {
config.User = sc.GetRunAsUsername()
}
}
// modifyHostConfig applies security context config to dockercontainer.HostConfig.

15
pkg/kubelet/dockershim/security_context_test.go
View File

@ -18,6 +18,7 @@ package dockershim
import (
"fmt"
"strconv"
"testing"
dockercontainer "github.com/docker/engine-api/types/container"
@ -28,7 +29,8 @@ import (
)
func TestModifyContainerConfig(t *testing.T) {
var uid string = "123"
var uid int64 = 123
var username string = "testuser"
cases := []struct {
name string
@ -41,7 +43,16 @@ func TestModifyContainerConfig(t *testing.T) {
RunAsUser: &uid,
},
expected: &dockercontainer.Config{
User: uid,
User: strconv.FormatInt(uid, 10),
},
},
{
name: "container.SecurityContext.RunAsUsername set",
sc: &runtimeapi.LinuxContainerSecurityContext{
RunAsUsername: &username,
},
expected: &dockercontainer.Config{
User: username,
},
},
{

1
pkg/kubelet/kuberuntime/BUILD
View File

@ -58,7 +58,6 @@ go_library(
"//vendor:github.com/coreos/go-semver/semver",
"//vendor:github.com/docker/docker/pkg/jsonlog",
"//vendor:github.com/fsnotify/fsnotify",
"//vendor:github.com/gogo/protobuf/proto",
"//vendor:github.com/golang/glog",
"//vendor:github.com/google/cadvisor/info/v1",
],

21
pkg/kubelet/kuberuntime/helpers.go
View File

@ -146,19 +146,24 @@ func getContainerSpec(pod *api.Pod, containerName string) *api.Container {
return nil
}
// getImageUID gets uid that will run the command(s) from image.
func (m *kubeGenericRuntimeManager) getImageUser(image string) (string, error) {
// getImageUser gets uid or user name that will run the command(s) from image. The function
// guarantees that only one of them is set.
func (m *kubeGenericRuntimeManager) getImageUser(image string) (*int64, *string, error) {
imageStatus, err := m.imageService.ImageStatus(&runtimeApi.ImageSpec{Image: &image})
if err != nil {
return "", err
return nil, nil, err
}
user := imageStatus.GetUser()
// kuberuntime treats empty user as root.
if user == "" {
return "0", nil
if imageStatus != nil && imageStatus.Uid != nil {
// If uid is set, return uid.
return imageStatus.Uid, nil, nil
}
return user, nil
if imageStatus != nil && imageStatus.Username != nil {
// If uid is not set, but user name is set, return user name.
return nil, imageStatus.Username, nil
}
// If non of them is set, treat it as root.
return new(int64), nil, nil
}
// isContainerFailed returns true if container has exited and exitcode is not zero.

18
pkg/kubelet/kuberuntime/kuberuntime_container.go
View File

@ -135,13 +135,17 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *api.Conta
return nil, err
}
// Verify RunAsNonRoot.
imageUser, err := m.getImageUser(container.Image)
uid, username, err := m.getImageUser(container.Image)
if err != nil {
return nil, err
}
if err := verifyRunAsNonRoot(pod, container, imageUser); err != nil {
return nil, err
if uid != nil {
// Verify RunAsNonRoot. Non-root verification only supports numeric user.
if err := verifyRunAsNonRoot(pod, container, *uid); err != nil {
return nil, err
}
} else {
glog.Warningf("Non-root verification doesn't support non-numeric user (%s)", *username)
}
command, args := kubecontainer.ExpandContainerCommandAndArgs(container, opts.Envs)
@ -164,7 +168,7 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *api.Conta
Stdin: &container.Stdin,
StdinOnce: &container.StdinOnce,
Tty: &container.TTY,
Linux: m.generateLinuxContainerConfig(container, pod, imageUser),
Linux: m.generateLinuxContainerConfig(container, pod, uid, username),
}
// set environment variables
@ -182,10 +186,10 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *api.Conta
}
// generateLinuxContainerConfig generates linux container config for kubelet runtime api.
func (m *kubeGenericRuntimeManager) generateLinuxContainerConfig(container *api.Container, pod *api.Pod, imageUser string) *runtimeApi.LinuxContainerConfig {
func (m *kubeGenericRuntimeManager) generateLinuxContainerConfig(container *api.Container, pod *api.Pod, uid *int64, username *string) *runtimeApi.LinuxContainerConfig {
lc := &runtimeApi.LinuxContainerConfig{
Resources: &runtimeApi.LinuxContainerResources{},
SecurityContext: m.determineEffectiveSecurityContext(pod, container, imageUser),
SecurityContext: m.determineEffectiveSecurityContext(pod, container, uid, username),
}
// set linux container resources

2
pkg/kubelet/kuberuntime/kuberuntime_sandbox.go
View File

@ -146,7 +146,7 @@ func (m *kubeGenericRuntimeManager) generatePodSandboxLinuxConfig(pod *api.Pod,
HostIpc: &sc.HostIPC,
HostPid: &sc.HostPID,
},
RunAsUser: convertToRuntimeRunAsUser(sc.RunAsUser),
RunAsUser: sc.RunAsUser,
}
if sc.FSGroup != nil {

30
pkg/kubelet/kuberuntime/security_context.go
View File

@ -18,10 +18,6 @@ package kuberuntime
import (
"fmt"
"strconv"
"github.com/gogo/protobuf/proto"
"github.com/golang/glog"
"k8s.io/kubernetes/pkg/api"
runtimeapi "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
@ -29,7 +25,7 @@ import (
)
// determineEffectiveSecurityContext gets container's security context from api.Pod and api.Container.
func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.Pod, container *api.Container, imageUser string) *runtimeapi.LinuxContainerSecurityContext {
func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.Pod, container *api.Container, uid *int64, username *string) *runtimeapi.LinuxContainerSecurityContext {
effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container)
synthesized := convertToRuntimeSecurityContext(effectiveSc)
if synthesized == nil {
@ -38,7 +34,8 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.P
// set RunAsUser.
if synthesized.RunAsUser == nil {
synthesized.RunAsUser = &imageUser
synthesized.RunAsUser = uid
synthesized.RunAsUsername = username
}
// set namespace options and supplemental groups.
@ -65,7 +62,7 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *api.P
}
// verifyRunAsNonRoot verifies RunAsNonRoot.
func verifyRunAsNonRoot(pod *api.Pod, container *api.Container, imageUser string) error {
func verifyRunAsNonRoot(pod *api.Pod, container *api.Container, uid int64) error {
effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container)
if effectiveSc == nil || effectiveSc.RunAsNonRoot == nil {
return nil
@ -78,15 +75,6 @@ func verifyRunAsNonRoot(pod *api.Pod, container *api.Container, imageUser string
return nil
}
// Non-root verification only supports numeric user now. For non-numeric user,
// just return nil to by-pass the verfication.
// TODO: Support non-numeric user.
uid, err := strconv.ParseInt(imageUser, 10, 64)
if err != nil {
glog.Warningf("Non-root verification doesn't support non-numeric user (%s)", imageUser)
return nil
}
if uid == 0 {
return fmt.Errorf("container has runAsNonRoot and image will run as root")
}
@ -101,7 +89,7 @@ func convertToRuntimeSecurityContext(securityContext *api.SecurityContext) *runt
}
return &runtimeapi.LinuxContainerSecurityContext{
RunAsUser: convertToRuntimeRunAsUser(securityContext.RunAsUser),
RunAsUser: securityContext.RunAsUser,
Privileged: securityContext.Privileged,
ReadonlyRootfs: securityContext.ReadOnlyRootFilesystem,
Capabilities: convertToRuntimeCapabilities(securityContext.Capabilities),
@ -109,14 +97,6 @@ func convertToRuntimeSecurityContext(securityContext *api.SecurityContext) *runt
}
}
// convertToRuntimeRunAsUser converts RunAsUser from *int64 to *string.
func convertToRuntimeRunAsUser(runAsUser *int64) *string {
if runAsUser == nil {
return nil
}
return proto.String(strconv.FormatInt(*runAsUser, 10))
}
// convertToRuntimeSELinuxOption converts api.SELinuxOptions to runtimeapi.SELinuxOption.
func convertToRuntimeSELinuxOption(opts *api.SELinuxOptions) *runtimeapi.SELinuxOption {
if opts == nil {