github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #72419 from liggitt/allowed-proc-mount-validation

Browse Source 
Validate PSP allowedProcMountTypes
This commit is contained in:
Kubernetes Prow Robot
2018-12-29 13:41:11 -08:00
committed by GitHub
parent a65ba5f5a3 cb76da9fd7
commit 43f0423de6
3 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/apis/core/validation/validation.go
View File

@@ -5221,8 +5221,8 @@ func ValidateSecurityContext(sc *core.SecurityContext, fldPath *field.Path) fiel
}
if sc.ProcMount != nil {
if err := IsValidProcMount(*sc.ProcMount); err != nil {
allErrs = append(allErrs, field.NotSupported(fldPath.Child("procMount"), *sc.ProcMount, []string{string(core.DefaultProcMount), string(core.UnmaskedProcMount)}))
if err := ValidateProcMountType(fldPath.Child("procMount"), *sc.ProcMount); err != nil {
allErrs = append(allErrs, err)
}
}
@@ -5323,13 +5323,12 @@ func IsDecremented(update, old *int32) bool {
return *update < *old
}
// IsValidProcMount tests that the argument is a valid ProcMountType.
func IsValidProcMount(procMountType core.ProcMountType) error {
// ValidateProcMountType tests that the argument is a valid ProcMountType.
func ValidateProcMountType(fldPath *field.Path, procMountType core.ProcMountType) *field.Error {
switch procMountType {
case core.DefaultProcMount:
case core.UnmaskedProcMount:
case core.DefaultProcMount, core.UnmaskedProcMount:
return nil
default:
return fmt.Errorf("unsupported ProcMount type %s", procMountType)
return field.NotSupported(fldPath, procMountType, []string{string(core.DefaultProcMount), string(core.UnmaskedProcMount)})
}
return nil
}