Update cri to 0165d516161e25e52b4ab52a404a00823f8f0ef6
Signed-off-by: Nishchay Kumar <mrawesomenix@gmail.com>
This commit is contained in:
Nishchay Kumar
19
vendor/github.com/containerd/cri/pkg/server/container_create.go
generated
vendored
19
vendor/github.com/containerd/cri/pkg/server/container_create.go
generated
vendored
@@ -374,11 +374,11 @@ func (c *criService) generateContainerSpec(id string, sandboxID string, sandboxP
|
||||
|
||||
if !c.config.DisableProcMount {
|
||||
// Apply masked paths if specified.
|
||||
// Note: If the container is privileged, then we clear any masked paths later on in the call to setOCIPrivileged()
|
||||
// If the container is privileged, this will be cleared later on.
|
||||
specOpts = append(specOpts, oci.WithMaskedPaths(securityContext.GetMaskedPaths()))
|
||||
|
||||
// Apply readonly paths if specified.
|
||||
// Note: If the container is privileged, then we clear any readonly paths later on in the call to setOCIPrivileged()
|
||||
// If the container is privileged, this will be cleared later on.
|
||||
specOpts = append(specOpts, oci.WithReadonlyPaths(securityContext.GetReadonlyPaths()))
|
||||
}
|
||||
|
||||
@@ -577,18 +577,17 @@ func generateApparmorSpecOpts(apparmorProf string, privileged, apparmorEnabled b
|
||||
return nil, nil
|
||||
}
|
||||
switch apparmorProf {
|
||||
case runtimeDefault:
|
||||
// Based on kubernetes#51746, default apparmor profile should be applied
|
||||
// for when apparmor is not specified.
|
||||
case runtimeDefault, "":
|
||||
if privileged {
|
||||
// Do not set apparmor profile when container is privileged
|
||||
return nil, nil
|
||||
}
|
||||
// TODO (mikebrow): delete created apparmor default profile
|
||||
return apparmor.WithDefaultProfile(appArmorDefaultProfileName), nil
|
||||
case unconfinedProfile:
|
||||
return nil, nil
|
||||
case "":
|
||||
// Based on kubernetes#51746, default apparmor profile should be applied
|
||||
// for non-privileged container when apparmor is not specified.
|
||||
if privileged {
|
||||
return nil, nil
|
||||
}
|
||||
return apparmor.WithDefaultProfile(appArmorDefaultProfileName), nil
|
||||
default:
|
||||
// Require and Trim default profile name prefix
|
||||
if !strings.HasPrefix(apparmorProf, profileNamePrefix) {
|
||||
|
||||
3
vendor/github.com/containerd/cri/pkg/server/image_pull.go
generated
vendored
3
vendor/github.com/containerd/cri/pkg/server/image_pull.go
generated
vendored
@@ -187,7 +187,8 @@ func ParseAuth(auth *runtime.AuthConfig, host string) (string, string, error) {
|
||||
return user, strings.Trim(passwd, "\x00"), nil
|
||||
}
|
||||
// TODO(random-liu): Support RegistryToken.
|
||||
return "", "", errors.New("invalid auth config")
|
||||
// An empty auth config is valid for anonymous registry
|
||||
return "", "", nil
|
||||
}
|
||||
|
||||
// createImageReference creates image reference inside containerd image store.
|
||||
|
||||
Reference in New Issue
Block a user