github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1330 from brendandburns/privilege

Browse Source 
Only allow privileged containers if API server flag set.  Adds capabilities package.
This commit is contained in:
erictune
2014-09-16 15:12:26 -07:00
parent 0b75f7b543 5b9e2a55b5
commit 506f51b186
7 changed files with 111 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/api/validation/validation.go
View File

@@ -21,6 +21,7 @@ import (
"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
errs "github.com/GoogleCloudPlatform/kubernetes/pkg/api/errors"
"github.com/GoogleCloudPlatform/kubernetes/pkg/capabilities"
"github.com/GoogleCloudPlatform/kubernetes/pkg/labels"
"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
)
@@ -226,12 +227,15 @@ func validateContainers(containers []api.Container, volumes util.StringSet) errs
for i := range containers {
cErrs := errs.ErrorList{}
ctr := &containers[i] // so we can set default values
capabilities := capabilities.GetCapabilities()
if len(ctr.Name) == 0 {
cErrs = append(cErrs, errs.NewFieldRequired("name", ctr.Name))
} else if !util.IsDNSLabel(ctr.Name) {
cErrs = append(cErrs, errs.NewFieldInvalid("name", ctr.Name))
} else if allNames.Has(ctr.Name) {
cErrs = append(cErrs, errs.NewFieldDuplicate("name", ctr.Name))
} else if ctr.Privileged && !capabilities.AllowPrivileged {
cErrs = append(cErrs, errs.NewFieldInvalid("privileged", ctr.Privileged))
} else {
allNames.Insert(ctr.Name)
}