github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-02-22 07:03:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
ec1b8a89295f8d07b98eb5570bfd1895d2a3f77a
kubernetes/pkg
History
Sascha Grunert 194b144756 Mask Linux thermal interrupt info in /proc and /sys. 
On Linux, mask "/proc/interrupts" and "/sys/devices/system/cpu/cpu<x>/thermal_throttle"
inside containers by default. Privileged containers or containers started
with --security-opt="systempaths=unconfined" are not affected.

Mitigates potential Thermal Side-Channel Vulnerability Exploit
(https://github.com/moby/moby/security/advisories/GHSA-6fw5-f8r9-fgfm).

Also: improve integration test TestCreateWithCustomMaskedPaths() to ensure
default masked paths don't apply to privileged containers.

Refers to https://github.com/moby/moby/pull/49560

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
2025-07-16 11:07:17 +02:00
..
api
fix(pod/util): typos in getting pod validation options
2025-02-28 22:19:00 +05:30
apis
DRA node: reject static pods which reference ResourceClaims
2025-05-21 08:40:28 +02:00
auth
wire in ctx to rbac plugins
2024-09-17 20:04:02 +03:00
capabilities
Add ut coverage for capabilities.Setup (#125395)
2024-10-17 18:23:03 +01:00
client
Add test to confirm default content type used by core client
2024-10-23 11:35:32 -04:00
cluster/ports
controller
Clean backoff record earlier
2025-06-06 20:51:06 +00:00
controlplane
test: Add emulated-version flag verification in flagz test
2025-02-20 18:54:51 -08:00
credentialprovider
credential provider config: detect typos
2024-10-14 12:23:43 -07:00
features
Add the feature gate OrderedNamespaceDeletion for apiserver.
2025-03-03 13:40:33 -08:00
fieldpath
generated
kubelet: use env vars in node log query PS command
2025-01-13 14:25:35 -08:00
kubeapiserver
v1alpha2 LeaseCandidate API
2024-11-08 02:27:19 +00:00
kubectl
kubelet
Merge pull request #131578 from ndbaker1/automated-cherry-pick-of-#131251-origin-release-1.32
2025-07-11 17:45:28 -07:00
kubemark
remove runonce mode
2024-11-07 19:54:11 +08:00
printers
v1alpha2 LeaseCandidate API
2024-11-08 02:27:19 +00:00
probe
fix: enable nil-compare and error-nil rules from testifylint in module k8s.io/kubernetes
2024-09-25 06:02:47 +02:00
proxy
Manually adding fix for failing pull-kubernetes-typecheck tests which had dependency with this commit: 6186303580
2025-04-27 21:52:32 -07:00
quota/v1
Merge pull request #128407 from ndixita/pod-level-resources
2024-11-08 07:10:50 +00:00
registry
Review remarks
2025-07-04 11:28:24 +02:00
routes
scheduler
Merge pull request #128691 from sanposhiho/flaky-candidate
2024-11-09 19:38:44 +00:00
security
Copy limited pieces of code we use from runc's apparmor and utils packages
2024-10-22 09:56:22 -04:00
securitycontext
Mask Linux thermal interrupt info in /proc and /sys.
2025-07-16 11:07:17 +02:00
serviceaccount
Isolate mock signer for externaljwt tests
2024-12-12 09:32:11 -05:00
util
Revert "Enforce the Minimum Kernel Version 6.3 for UserNamespacesSupport feature"
2025-05-15 12:26:08 +02:00
volume
Merge pull request #132099 from gnufied/automated-cherry-pick-of-#131408-upstream-release-1.32
2025-06-05 17:40:39 -07:00
windows/service
Windows node graceful shutdown
2024-11-05 17:46:22 +00:00
.import-restrictions
OWNERS