github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

AppArmor no reevaluation of host is needed

Browse Source
This commit is contained in:
Sergey Kanzhelev 2023-03-14 18:35:01 +00:00
parent 1cb334960c
commit 44159dfc32
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/security/apparmor/validate.go
View File

@ -81,11 +81,14 @@ func (v *validator) Validate(pod *v1.Pod) error {
return retErr return retErr
} }
// ValidateHost verifies that the host and runtime is capable of enforcing AppArmor profiles.
// Note, this is intentionally only check the host at kubelet startup and never re-evaluates the host
// as the expectation is that the kubelet restart will be needed to enable or disable AppArmor support.
func (v *validator) ValidateHost() error { func (v *validator) ValidateHost() error {
return v.validateHostErr return v.validateHostErr
} }
// Verify that the host and runtime is capable of enforcing AppArmor profiles. // validateHost verifies that the host and runtime is capable of enforcing AppArmor profiles.
func validateHost() error { func validateHost() error {
// Check feature-gates // Check feature-gates
if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) { if !utilfeature.DefaultFeatureGate.Enabled(features.AppArmor) {