github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-14 12:00:15 +00:00
Code Issues Projects Releases Wiki Activity
Files
b5eadb5d6b9ce34a673caeafe4fa0971c4b91139
kubernetes/pkg
History
Kubernetes Submit Queue b5eadb5d6b Merge pull request #43946 from jhorwit2/jah/host-path-psp 
Automatic merge from submit-queue (batch tested with PRs 46489, 46281, 46463, 46114, 43946)

Allow PSP's to specify a whitelist of allowed paths for host volume

**What this PR does / why we need it**:

This PR adds the ability to whitelist paths for the host volume to ensure pods cannot access directories they aren't supposed to. E.g. `/var/lib/kubelet`, `/etc/kubernetes/*`, etc. 

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #29326


**Special notes for your reviewer**:

**Release note**:

```release-note
Allow PSP's to specify a whitelist of allowed paths for host volume based on path prefixes
```
2017-05-30 11:59:10 -07:00
..
api
Merge pull request #46217 from zjj2wry/validate
2017-05-30 01:56:00 -07:00
apimachinery/tests
apis
generated swagger go
2017-05-29 13:03:25 -04:00
auth
bootstrap/api
capabilities
client
Regenerate files
2017-05-28 10:11:02 -04:00
cloudprovider
Merge pull request #46463 from wongma7/getinstances
2017-05-30 11:59:04 -07:00
controller
Merge pull request #46488 from ailusazh/FixTypoInTaintContainer
2017-05-30 07:49:07 -07:00
conversion
credentialprovider
features
Merge pull request #45436 from verb/nit-kubelet-featuregate-template
2017-05-26 15:59:01 -07:00
fieldpath
fields
generated
Regenerate files
2017-05-28 10:11:02 -04:00
hyperkube
kubeapiserver
generated
2017-05-26 16:06:12 -07:00
kubectl
Merge pull request #46114 from arthur0/rename_context
2017-05-30 11:59:07 -07:00
kubelet
Merge pull request #45014 from CaoShuFeng/unit_for_freed_image_size
2017-05-30 07:49:03 -07:00
kubemark
Let kubemark exit if it fails to start
2017-05-27 17:04:47 +08:00
labels
master
Regenerate files
2017-05-28 10:11:02 -04:00
metrics
printers
Merge pull request #45909 from zhangxiaoyu-zidif/add-unittest-for-configmap
2017-05-30 03:46:59 -07:00
probe
proxy
Store chain names to avoid recomputing them multiple times
2017-05-30 10:50:10 +02:00
quota
registry
Merge pull request #46377 from noah8713/master
2017-05-30 01:56:03 -07:00
routes
runtime
security
Added host path whitelist to psp
2017-05-29 13:03:25 -04:00
securitycontext
serviceaccount
ssh
types
util
Merge pull request #43275 from lvjiangzhao/fix-typo-170317
2017-05-30 07:49:00 -07:00
version
volume
Merge pull request #46367 from bobveznat/master
2017-05-26 18:49:04 -07:00
watch
BUILD
Regenerate files
2017-05-28 10:11:02 -04:00
OWNERS