mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Merge pull request #79725 from jaypipes/issue79721
Output boolean for AllowPrivilegeEscalation
This commit is contained in:
commit
f56cfbeb6d
@ -3865,7 +3865,11 @@ func describePodSecurityPolicy(psp *policyv1beta1.PodSecurityPolicy) (string, er
|
|||||||
w.Write(LEVEL_0, "\nSettings:\n")
|
w.Write(LEVEL_0, "\nSettings:\n")
|
||||||
|
|
||||||
w.Write(LEVEL_1, "Allow Privileged:\t%t\n", psp.Spec.Privileged)
|
w.Write(LEVEL_1, "Allow Privileged:\t%t\n", psp.Spec.Privileged)
|
||||||
w.Write(LEVEL_1, "Allow Privilege Escalation:\t%v\n", psp.Spec.AllowPrivilegeEscalation)
|
if psp.Spec.AllowPrivilegeEscalation != nil {
|
||||||
|
w.Write(LEVEL_1, "Allow Privilege Escalation:\t%t\n", *psp.Spec.AllowPrivilegeEscalation)
|
||||||
|
} else {
|
||||||
|
w.Write(LEVEL_1, "Allow Privilege Escalation:\t<unset>\n")
|
||||||
|
}
|
||||||
w.Write(LEVEL_1, "Default Add Capabilities:\t%v\n", capsToString(psp.Spec.DefaultAddCapabilities))
|
w.Write(LEVEL_1, "Default Add Capabilities:\t%v\n", capsToString(psp.Spec.DefaultAddCapabilities))
|
||||||
w.Write(LEVEL_1, "Required Drop Capabilities:\t%s\n", capsToString(psp.Spec.RequiredDropCapabilities))
|
w.Write(LEVEL_1, "Required Drop Capabilities:\t%s\n", capsToString(psp.Spec.RequiredDropCapabilities))
|
||||||
w.Write(LEVEL_1, "Allowed Capabilities:\t%s\n", capsToString(psp.Spec.AllowedCapabilities))
|
w.Write(LEVEL_1, "Allowed Capabilities:\t%s\n", capsToString(psp.Spec.AllowedCapabilities))
|
||||||
|
@ -2683,6 +2683,7 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
|
|||||||
expected := []string{
|
expected := []string{
|
||||||
"Name:\\s*mypsp",
|
"Name:\\s*mypsp",
|
||||||
"Allow Privileged:\\s*false",
|
"Allow Privileged:\\s*false",
|
||||||
|
"Allow Privilege Escalation:\\s*false",
|
||||||
"Default Add Capabilities:\\s*<none>",
|
"Default Add Capabilities:\\s*<none>",
|
||||||
"Required Drop Capabilities:\\s*<none>",
|
"Required Drop Capabilities:\\s*<none>",
|
||||||
"Allowed Capabilities:\\s*<none>",
|
"Allowed Capabilities:\\s*<none>",
|
||||||
@ -2704,13 +2705,15 @@ func TestDescribePodSecurityPolicy(t *testing.T) {
|
|||||||
"Supplemental Groups Strategy: RunAsAny",
|
"Supplemental Groups Strategy: RunAsAny",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
falseVal := false
|
||||||
fake := fake.NewSimpleClientset(&policyv1beta1.PodSecurityPolicy{
|
fake := fake.NewSimpleClientset(&policyv1beta1.PodSecurityPolicy{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: "mypsp",
|
Name: "mypsp",
|
||||||
},
|
},
|
||||||
Spec: policyv1beta1.PodSecurityPolicySpec{
|
Spec: policyv1beta1.PodSecurityPolicySpec{
|
||||||
AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
|
AllowPrivilegeEscalation: &falseVal,
|
||||||
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"},
|
AllowedUnsafeSysctls: []string{"kernel.*", "net.ipv4.ip_local_port_range"},
|
||||||
|
ForbiddenSysctls: []string{"net.ipv4.ip_default_ttl"},
|
||||||
SELinux: policyv1beta1.SELinuxStrategyOptions{
|
SELinux: policyv1beta1.SELinuxStrategyOptions{
|
||||||
Rule: policyv1beta1.SELinuxStrategyRunAsAny,
|
Rule: policyv1beta1.SELinuxStrategyRunAsAny,
|
||||||
},
|
},
|
||||||
|
Loading…
Reference in New Issue
Block a user