github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 10:51:29 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #116606 from SergeyKanzhelev/appaArmorNoReevaluation

Browse Source 
AppArmor no reevaluation of host is needed
This commit is contained in:
Kubernetes Prow Robot 2023-03-14 15:14:49 -07:00 committed by GitHub
commit fae6f642a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/security/apparmor/validate.go
View File

@ -81,11 +81,14 @@ func (v *validator) Validate(pod *v1.Pod) error {
return retErr return retErr
} }
// ValidateHost verifies that the host and runtime is capable of enforcing AppArmor profiles.
// Note, this is intentionally only check the host at kubelet startup and never re-evaluates the host
// as the expectation is that the kubelet restart will be needed to enable or disable AppArmor support.
func (v *validator) ValidateHost() error { func (v *validator) ValidateHost() error {
return v.validateHostErr return v.validateHostErr
} }
// Verify that the host and runtime is capable of enforcing AppArmor profiles. // validateHost verifies that the host and runtime is capable of enforcing AppArmor profiles.
func validateHost() error { func validateHost() error {
// Check feature-gates // Check feature-gates
if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) { if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) {