Merge pull request #47019 from jessfraz/allowPrivilegeEscalation
Automatic merge from submit-queue (batch tested with PRs 49651, 49707, 49662, 47019, 49747) Add support for `no_new_privs` via AllowPrivilegeEscalation **What this PR does / why we need it**: Implements kubernetes/community#639 Fixes #38417 Adds `AllowPrivilegeEscalation` and `DefaultAllowPrivilegeEscalation` to `PodSecurityPolicy`. Adds `AllowPrivilegeEscalation` to container `SecurityContext`. Adds the proposed behavior to `kuberuntime`, `dockershim`, and `rkt`. Adds a bunch of unit tests to ensure the desired default behavior and that when `DefaultAllowPrivilegeEscalation` is explicitly set. Tests pass locally with docker and rkt runtimes. There are also a few integration tests with a `setuid` binary for sanity. **Release note**: ```release-note Adds AllowPrivilegeEscalation to control whether a process can gain more privileges than it's parent process ```
This commit is contained in:
@@ -57500,6 +57500,10 @@
|
|||||||
"io.k8s.api.core.v1.SecurityContext": {
|
"io.k8s.api.core.v1.SecurityContext": {
|
||||||
"description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.",
|
"description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN",
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
"capabilities": {
|
"capabilities": {
|
||||||
"description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.",
|
"description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.",
|
||||||
"$ref": "#/definitions/io.k8s.api.core.v1.Capabilities"
|
"$ref": "#/definitions/io.k8s.api.core.v1.Capabilities"
|
||||||
@@ -58938,6 +58942,10 @@
|
|||||||
"fsGroup"
|
"fsGroup"
|
||||||
],
|
],
|
||||||
"properties": {
|
"properties": {
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"description": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation.",
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
"allowedCapabilities": {
|
"allowedCapabilities": {
|
||||||
"description": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.",
|
"description": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities.",
|
||||||
"type": "array",
|
"type": "array",
|
||||||
@@ -58952,6 +58960,10 @@
|
|||||||
"type": "string"
|
"type": "string"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"defaultAllowPrivilegeEscalation": {
|
||||||
|
"description": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than it's parent process.",
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
"fsGroup": {
|
"fsGroup": {
|
||||||
"description": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
|
"description": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
|
||||||
"$ref": "#/definitions/io.k8s.api.extensions.v1beta1.FSGroupStrategyOptions"
|
"$ref": "#/definitions/io.k8s.api.extensions.v1beta1.FSGroupStrategyOptions"
|
||||||
|
@@ -5340,6 +5340,10 @@
|
|||||||
"readOnlyRootFilesystem": {
|
"readOnlyRootFilesystem": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"description": "Whether this container has a read-only root filesystem. Default is false."
|
"description": "Whether this container has a read-only root filesystem. Default is false."
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"type": "boolean",
|
||||||
|
"description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@@ -6556,6 +6556,10 @@
|
|||||||
"readOnlyRootFilesystem": {
|
"readOnlyRootFilesystem": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"description": "Whether this container has a read-only root filesystem. Default is false."
|
"description": "Whether this container has a read-only root filesystem. Default is false."
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"type": "boolean",
|
||||||
|
"description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@@ -3087,6 +3087,10 @@
|
|||||||
"readOnlyRootFilesystem": {
|
"readOnlyRootFilesystem": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"description": "Whether this container has a read-only root filesystem. Default is false."
|
"description": "Whether this container has a read-only root filesystem. Default is false."
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"type": "boolean",
|
||||||
|
"description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@@ -4168,6 +4168,10 @@
|
|||||||
"readOnlyRootFilesystem": {
|
"readOnlyRootFilesystem": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"description": "Whether this container has a read-only root filesystem. Default is false."
|
"description": "Whether this container has a read-only root filesystem. Default is false."
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"type": "boolean",
|
||||||
|
"description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@@ -8197,6 +8197,10 @@
|
|||||||
"readOnlyRootFilesystem": {
|
"readOnlyRootFilesystem": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"description": "Whether this container has a read-only root filesystem. Default is false."
|
"description": "Whether this container has a read-only root filesystem. Default is false."
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"type": "boolean",
|
||||||
|
"description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
@@ -9418,6 +9422,14 @@
|
|||||||
"readOnlyRootFilesystem": {
|
"readOnlyRootFilesystem": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"description": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to."
|
"description": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to."
|
||||||
|
},
|
||||||
|
"defaultAllowPrivilegeEscalation": {
|
||||||
|
"type": "boolean",
|
||||||
|
"description": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than it's parent process."
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"type": "boolean",
|
||||||
|
"description": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@@ -20643,6 +20643,10 @@
|
|||||||
"readOnlyRootFilesystem": {
|
"readOnlyRootFilesystem": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"description": "Whether this container has a read-only root filesystem. Default is false."
|
"description": "Whether this container has a read-only root filesystem. Default is false."
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"type": "boolean",
|
||||||
|
"description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@@ -6023,6 +6023,13 @@ Examples:<br>
|
|||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">allowPrivilegeEscalation</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">AllowPrivilegeEscalation controls whether a process can gain more privileges than it’s parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
@@ -6219,6 +6219,13 @@ Examples:<br>
|
|||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">allowPrivilegeEscalation</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">AllowPrivilegeEscalation controls whether a process can gain more privileges than it’s parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
@@ -5001,6 +5001,13 @@ Examples:<br>
|
|||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">allowPrivilegeEscalation</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">AllowPrivilegeEscalation controls whether a process can gain more privileges than it’s parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
@@ -4939,6 +4939,13 @@ Examples:<br>
|
|||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">allowPrivilegeEscalation</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">AllowPrivilegeEscalation controls whether a process can gain more privileges than it’s parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
@@ -6969,6 +6969,13 @@ Both these may change in the future. Incoming requests are matched against the h
|
|||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">allowPrivilegeEscalation</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">AllowPrivilegeEscalation controls whether a process can gain more privileges than it’s parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
@@ -7594,6 +7601,20 @@ Both these may change in the future. Incoming requests are matched against the h
|
|||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">defaultAllowPrivilegeEscalation</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than it’s parent process.</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">allowPrivilegeEscalation</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation.</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
@@ -8366,6 +8366,13 @@ Examples:<br>
|
|||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">allowPrivilegeEscalation</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">AllowPrivilegeEscalation controls whether a process can gain more privileges than it’s parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
@@ -11676,6 +11676,10 @@
|
|||||||
"io.k8s.api.core.v1.SecurityContext": {
|
"io.k8s.api.core.v1.SecurityContext": {
|
||||||
"description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.",
|
"description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN",
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
"capabilities": {
|
"capabilities": {
|
||||||
"description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.",
|
"description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.",
|
||||||
"$ref": "#/definitions/io.k8s.api.core.v1.Capabilities"
|
"$ref": "#/definitions/io.k8s.api.core.v1.Capabilities"
|
||||||
|
@@ -6556,6 +6556,10 @@
|
|||||||
"readOnlyRootFilesystem": {
|
"readOnlyRootFilesystem": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"description": "Whether this container has a read-only root filesystem. Default is false."
|
"description": "Whether this container has a read-only root filesystem. Default is false."
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation": {
|
||||||
|
"type": "boolean",
|
||||||
|
"description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@@ -6452,6 +6452,13 @@ Both these may change in the future. Incoming requests are matched against the h
|
|||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">allowPrivilegeEscalation</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">AllowPrivilegeEscalation controls whether a process can gain more privileges than it’s parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
@@ -4030,6 +4030,11 @@ type SecurityContext struct {
|
|||||||
// files to, ensuring the persistent data can only be written to mounts.
|
// files to, ensuring the persistent data can only be written to mounts.
|
||||||
// +optional
|
// +optional
|
||||||
ReadOnlyRootFilesystem *bool
|
ReadOnlyRootFilesystem *bool
|
||||||
|
// AllowPrivilegeEscalation controls whether a process can gain more
|
||||||
|
// privileges than it's parent process. This bool directly controls if
|
||||||
|
// the no_new_privs flag will be set on the container process.
|
||||||
|
// +optional
|
||||||
|
AllowPrivilegeEscalation *bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// SELinuxOptions are the labels to be applied to the container.
|
// SELinuxOptions are the labels to be applied to the container.
|
||||||
|
@@ -675,6 +675,30 @@ func Convert_v1_Secret_To_api_Secret(in *v1.Secret, out *api.Secret, s conversio
|
|||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
func Convert_api_SecurityContext_To_v1_SecurityContext(in *api.SecurityContext, out *v1.SecurityContext, s conversion.Scope) error {
|
||||||
|
if in.Capabilities != nil {
|
||||||
|
out.Capabilities = new(v1.Capabilities)
|
||||||
|
if err := Convert_api_Capabilities_To_v1_Capabilities(in.Capabilities, out.Capabilities, s); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out.Capabilities = nil
|
||||||
|
}
|
||||||
|
out.Privileged = in.Privileged
|
||||||
|
if in.SELinuxOptions != nil {
|
||||||
|
out.SELinuxOptions = new(v1.SELinuxOptions)
|
||||||
|
if err := Convert_api_SELinuxOptions_To_v1_SELinuxOptions(in.SELinuxOptions, out.SELinuxOptions, s); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out.SELinuxOptions = nil
|
||||||
|
}
|
||||||
|
out.RunAsUser = in.RunAsUser
|
||||||
|
out.RunAsNonRoot = in.RunAsNonRoot
|
||||||
|
out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
|
||||||
|
out.AllowPrivilegeEscalation = in.AllowPrivilegeEscalation
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func Convert_api_PodSecurityContext_To_v1_PodSecurityContext(in *api.PodSecurityContext, out *v1.PodSecurityContext, s conversion.Scope) error {
|
func Convert_api_PodSecurityContext_To_v1_PodSecurityContext(in *api.PodSecurityContext, out *v1.PodSecurityContext, s conversion.Scope) error {
|
||||||
out.SupplementalGroups = in.SupplementalGroups
|
out.SupplementalGroups = in.SupplementalGroups
|
||||||
|
@@ -888,7 +888,15 @@ func autoConvert_v1_Container_To_api_Container(in *v1.Container, out *api.Contai
|
|||||||
out.TerminationMessagePath = in.TerminationMessagePath
|
out.TerminationMessagePath = in.TerminationMessagePath
|
||||||
out.TerminationMessagePolicy = api.TerminationMessagePolicy(in.TerminationMessagePolicy)
|
out.TerminationMessagePolicy = api.TerminationMessagePolicy(in.TerminationMessagePolicy)
|
||||||
out.ImagePullPolicy = api.PullPolicy(in.ImagePullPolicy)
|
out.ImagePullPolicy = api.PullPolicy(in.ImagePullPolicy)
|
||||||
out.SecurityContext = (*api.SecurityContext)(unsafe.Pointer(in.SecurityContext))
|
if in.SecurityContext != nil {
|
||||||
|
in, out := &in.SecurityContext, &out.SecurityContext
|
||||||
|
*out = new(api.SecurityContext)
|
||||||
|
if err := Convert_v1_SecurityContext_To_api_SecurityContext(*in, *out, s); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out.SecurityContext = nil
|
||||||
|
}
|
||||||
out.Stdin = in.Stdin
|
out.Stdin = in.Stdin
|
||||||
out.StdinOnce = in.StdinOnce
|
out.StdinOnce = in.StdinOnce
|
||||||
out.TTY = in.TTY
|
out.TTY = in.TTY
|
||||||
@@ -919,7 +927,15 @@ func autoConvert_api_Container_To_v1_Container(in *api.Container, out *v1.Contai
|
|||||||
out.TerminationMessagePath = in.TerminationMessagePath
|
out.TerminationMessagePath = in.TerminationMessagePath
|
||||||
out.TerminationMessagePolicy = v1.TerminationMessagePolicy(in.TerminationMessagePolicy)
|
out.TerminationMessagePolicy = v1.TerminationMessagePolicy(in.TerminationMessagePolicy)
|
||||||
out.ImagePullPolicy = v1.PullPolicy(in.ImagePullPolicy)
|
out.ImagePullPolicy = v1.PullPolicy(in.ImagePullPolicy)
|
||||||
out.SecurityContext = (*v1.SecurityContext)(unsafe.Pointer(in.SecurityContext))
|
if in.SecurityContext != nil {
|
||||||
|
in, out := &in.SecurityContext, &out.SecurityContext
|
||||||
|
*out = new(v1.SecurityContext)
|
||||||
|
if err := Convert_api_SecurityContext_To_v1_SecurityContext(*in, *out, s); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out.SecurityContext = nil
|
||||||
|
}
|
||||||
out.Stdin = in.Stdin
|
out.Stdin = in.Stdin
|
||||||
out.StdinOnce = in.StdinOnce
|
out.StdinOnce = in.StdinOnce
|
||||||
out.TTY = in.TTY
|
out.TTY = in.TTY
|
||||||
@@ -3502,8 +3518,28 @@ func autoConvert_v1_PodSpec_To_api_PodSpec(in *v1.PodSpec, out *api.PodSpec, s c
|
|||||||
} else {
|
} else {
|
||||||
out.Volumes = nil
|
out.Volumes = nil
|
||||||
}
|
}
|
||||||
out.InitContainers = *(*[]api.Container)(unsafe.Pointer(&in.InitContainers))
|
if in.InitContainers != nil {
|
||||||
out.Containers = *(*[]api.Container)(unsafe.Pointer(&in.Containers))
|
in, out := &in.InitContainers, &out.InitContainers
|
||||||
|
*out = make([]api.Container, len(*in))
|
||||||
|
for i := range *in {
|
||||||
|
if err := Convert_v1_Container_To_api_Container(&(*in)[i], &(*out)[i], s); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out.InitContainers = nil
|
||||||
|
}
|
||||||
|
if in.Containers != nil {
|
||||||
|
in, out := &in.Containers, &out.Containers
|
||||||
|
*out = make([]api.Container, len(*in))
|
||||||
|
for i := range *in {
|
||||||
|
if err := Convert_v1_Container_To_api_Container(&(*in)[i], &(*out)[i], s); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out.Containers = nil
|
||||||
|
}
|
||||||
out.RestartPolicy = api.RestartPolicy(in.RestartPolicy)
|
out.RestartPolicy = api.RestartPolicy(in.RestartPolicy)
|
||||||
out.TerminationGracePeriodSeconds = (*int64)(unsafe.Pointer(in.TerminationGracePeriodSeconds))
|
out.TerminationGracePeriodSeconds = (*int64)(unsafe.Pointer(in.TerminationGracePeriodSeconds))
|
||||||
out.ActiveDeadlineSeconds = (*int64)(unsafe.Pointer(in.ActiveDeadlineSeconds))
|
out.ActiveDeadlineSeconds = (*int64)(unsafe.Pointer(in.ActiveDeadlineSeconds))
|
||||||
@@ -3549,11 +3585,27 @@ func autoConvert_api_PodSpec_To_v1_PodSpec(in *api.PodSpec, out *v1.PodSpec, s c
|
|||||||
} else {
|
} else {
|
||||||
out.Volumes = nil
|
out.Volumes = nil
|
||||||
}
|
}
|
||||||
out.InitContainers = *(*[]v1.Container)(unsafe.Pointer(&in.InitContainers))
|
if in.InitContainers != nil {
|
||||||
if in.Containers == nil {
|
in, out := &in.InitContainers, &out.InitContainers
|
||||||
out.Containers = make([]v1.Container, 0)
|
*out = make([]v1.Container, len(*in))
|
||||||
|
for i := range *in {
|
||||||
|
if err := Convert_api_Container_To_v1_Container(&(*in)[i], &(*out)[i], s); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
out.Containers = *(*[]v1.Container)(unsafe.Pointer(&in.Containers))
|
out.InitContainers = nil
|
||||||
|
}
|
||||||
|
if in.Containers != nil {
|
||||||
|
in, out := &in.Containers, &out.Containers
|
||||||
|
*out = make([]v1.Container, len(*in))
|
||||||
|
for i := range *in {
|
||||||
|
if err := Convert_api_Container_To_v1_Container(&(*in)[i], &(*out)[i], s); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out.Containers = make([]v1.Container, 0)
|
||||||
}
|
}
|
||||||
out.RestartPolicy = v1.RestartPolicy(in.RestartPolicy)
|
out.RestartPolicy = v1.RestartPolicy(in.RestartPolicy)
|
||||||
out.TerminationGracePeriodSeconds = (*int64)(unsafe.Pointer(in.TerminationGracePeriodSeconds))
|
out.TerminationGracePeriodSeconds = (*int64)(unsafe.Pointer(in.TerminationGracePeriodSeconds))
|
||||||
@@ -4533,6 +4585,7 @@ func autoConvert_v1_SecurityContext_To_api_SecurityContext(in *v1.SecurityContex
|
|||||||
out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser))
|
out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser))
|
||||||
out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot))
|
out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot))
|
||||||
out.ReadOnlyRootFilesystem = (*bool)(unsafe.Pointer(in.ReadOnlyRootFilesystem))
|
out.ReadOnlyRootFilesystem = (*bool)(unsafe.Pointer(in.ReadOnlyRootFilesystem))
|
||||||
|
out.AllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.AllowPrivilegeEscalation))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4548,14 +4601,10 @@ func autoConvert_api_SecurityContext_To_v1_SecurityContext(in *api.SecurityConte
|
|||||||
out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser))
|
out.RunAsUser = (*int64)(unsafe.Pointer(in.RunAsUser))
|
||||||
out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot))
|
out.RunAsNonRoot = (*bool)(unsafe.Pointer(in.RunAsNonRoot))
|
||||||
out.ReadOnlyRootFilesystem = (*bool)(unsafe.Pointer(in.ReadOnlyRootFilesystem))
|
out.ReadOnlyRootFilesystem = (*bool)(unsafe.Pointer(in.ReadOnlyRootFilesystem))
|
||||||
|
out.AllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.AllowPrivilegeEscalation))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Convert_api_SecurityContext_To_v1_SecurityContext is an autogenerated conversion function.
|
|
||||||
func Convert_api_SecurityContext_To_v1_SecurityContext(in *api.SecurityContext, out *v1.SecurityContext, s conversion.Scope) error {
|
|
||||||
return autoConvert_api_SecurityContext_To_v1_SecurityContext(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1_SerializedReference_To_api_SerializedReference(in *v1.SerializedReference, out *api.SerializedReference, s conversion.Scope) error {
|
func autoConvert_v1_SerializedReference_To_api_SerializedReference(in *v1.SerializedReference, out *api.SerializedReference, s conversion.Scope) error {
|
||||||
if err := Convert_v1_ObjectReference_To_api_ObjectReference(&in.Reference, &out.Reference, s); err != nil {
|
if err := Convert_v1_ObjectReference_To_api_ObjectReference(&in.Reference, &out.Reference, s); err != nil {
|
||||||
return err
|
return err
|
||||||
|
@@ -5260,6 +5260,15 @@ func (in *SecurityContext) DeepCopyInto(out *SecurityContext) {
|
|||||||
**out = **in
|
**out = **in
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if in.AllowPrivilegeEscalation != nil {
|
||||||
|
in, out := &in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation
|
||||||
|
if *in == nil {
|
||||||
|
*out = nil
|
||||||
|
} else {
|
||||||
|
*out = new(bool)
|
||||||
|
**out = **in
|
||||||
|
}
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -922,6 +922,14 @@ type PodSecurityPolicySpec struct {
|
|||||||
// will not be forced to.
|
// will not be forced to.
|
||||||
// +optional
|
// +optional
|
||||||
ReadOnlyRootFilesystem bool
|
ReadOnlyRootFilesystem bool
|
||||||
|
// DefaultAllowPrivilegeEscalation controls the default setting for whether a
|
||||||
|
// process can gain more privileges than its parent process.
|
||||||
|
// +optional
|
||||||
|
DefaultAllowPrivilegeEscalation *bool
|
||||||
|
// AllowPrivilegeEscalation determines if a pod can request to allow
|
||||||
|
// privilege escalation.
|
||||||
|
// +optional
|
||||||
|
AllowPrivilegeEscalation bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// HostPortRange defines a range of host ports that will be enabled by a policy
|
// HostPortRange defines a range of host ports that will be enabled by a policy
|
||||||
|
@@ -59,6 +59,7 @@ func addConversionFuncs(scheme *runtime.Scheme) error {
|
|||||||
Convert_networking_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort,
|
Convert_networking_NetworkPolicyPort_To_v1beta1_NetworkPolicyPort,
|
||||||
Convert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec,
|
Convert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec,
|
||||||
Convert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec,
|
Convert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec,
|
||||||
|
Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -429,3 +430,7 @@ func Convert_networking_NetworkPolicyList_To_v1beta1_NetworkPolicyList(in *netwo
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *extensions.PodSecurityPolicySpec, out *extensionsv1beta1.PodSecurityPolicySpec, s conversion.Scope) error {
|
||||||
|
return autoConvert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in, out, s)
|
||||||
|
}
|
||||||
|
@@ -1221,6 +1221,8 @@ func autoConvert_v1beta1_PodSecurityPolicySpec_To_extensions_PodSecurityPolicySp
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
|
out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
|
||||||
|
out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation))
|
||||||
|
out.AllowPrivilegeEscalation = in.AllowPrivilegeEscalation
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1262,14 +1264,11 @@ func autoConvert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySp
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
|
out.ReadOnlyRootFilesystem = in.ReadOnlyRootFilesystem
|
||||||
|
out.DefaultAllowPrivilegeEscalation = (*bool)(unsafe.Pointer(in.DefaultAllowPrivilegeEscalation))
|
||||||
|
out.AllowPrivilegeEscalation = in.AllowPrivilegeEscalation
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec is an autogenerated conversion function.
|
|
||||||
func Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in *extensions.PodSecurityPolicySpec, out *v1beta1.PodSecurityPolicySpec, s conversion.Scope) error {
|
|
||||||
return autoConvert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec(in, out, s)
|
|
||||||
}
|
|
||||||
|
|
||||||
func autoConvert_v1beta1_ReplicaSet_To_extensions_ReplicaSet(in *v1beta1.ReplicaSet, out *extensions.ReplicaSet, s conversion.Scope) error {
|
func autoConvert_v1beta1_ReplicaSet_To_extensions_ReplicaSet(in *v1beta1.ReplicaSet, out *extensions.ReplicaSet, s conversion.Scope) error {
|
||||||
out.ObjectMeta = in.ObjectMeta
|
out.ObjectMeta = in.ObjectMeta
|
||||||
if err := Convert_v1beta1_ReplicaSetSpec_To_extensions_ReplicaSetSpec(&in.Spec, &out.Spec, s); err != nil {
|
if err := Convert_v1beta1_ReplicaSetSpec_To_extensions_ReplicaSetSpec(&in.Spec, &out.Spec, s); err != nil {
|
||||||
|
@@ -661,6 +661,7 @@ func ValidatePodSecurityPolicySpec(spec *extensions.PodSecurityPolicySpec, fldPa
|
|||||||
allErrs = append(allErrs, validatePodSecurityPolicyVolumes(fldPath, spec.Volumes)...)
|
allErrs = append(allErrs, validatePodSecurityPolicyVolumes(fldPath, spec.Volumes)...)
|
||||||
allErrs = append(allErrs, validatePSPCapsAgainstDrops(spec.RequiredDropCapabilities, spec.DefaultAddCapabilities, field.NewPath("defaultAddCapabilities"))...)
|
allErrs = append(allErrs, validatePSPCapsAgainstDrops(spec.RequiredDropCapabilities, spec.DefaultAddCapabilities, field.NewPath("defaultAddCapabilities"))...)
|
||||||
allErrs = append(allErrs, validatePSPCapsAgainstDrops(spec.RequiredDropCapabilities, spec.AllowedCapabilities, field.NewPath("allowedCapabilities"))...)
|
allErrs = append(allErrs, validatePSPCapsAgainstDrops(spec.RequiredDropCapabilities, spec.AllowedCapabilities, field.NewPath("allowedCapabilities"))...)
|
||||||
|
allErrs = append(allErrs, validatePSPDefaultAllowPrivilegeEscalation(fldPath.Child("defaultAllowPrivilegeEscalation"), spec.DefaultAllowPrivilegeEscalation, spec.AllowPrivilegeEscalation)...)
|
||||||
|
|
||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
@@ -786,6 +787,16 @@ func validatePodSecurityPolicyVolumes(fldPath *field.Path, volumes []extensions.
|
|||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// validatePSPDefaultAllowPrivilegeEscalation validates the DefaultAllowPrivilegeEscalation field against the AllowPrivilegeEscalation field of a PodSecurityPolicy.
|
||||||
|
func validatePSPDefaultAllowPrivilegeEscalation(fldPath *field.Path, defaultAllowPrivilegeEscalation *bool, allowPrivilegeEscalation bool) field.ErrorList {
|
||||||
|
allErrs := field.ErrorList{}
|
||||||
|
if defaultAllowPrivilegeEscalation != nil && *defaultAllowPrivilegeEscalation && !allowPrivilegeEscalation {
|
||||||
|
allErrs = append(allErrs, field.Invalid(fldPath, defaultAllowPrivilegeEscalation, "Cannot set DefaultAllowPrivilegeEscalation to true without also setting AllowPrivilegeEscalation to true"))
|
||||||
|
}
|
||||||
|
|
||||||
|
return allErrs
|
||||||
|
}
|
||||||
|
|
||||||
const sysctlPatternSegmentFmt string = "([a-z0-9][-_a-z0-9]*)?[a-z0-9*]"
|
const sysctlPatternSegmentFmt string = "([a-z0-9][-_a-z0-9]*)?[a-z0-9*]"
|
||||||
const SysctlPatternFmt string = "(" + apivalidation.SysctlSegmentFmt + "\\.)*" + sysctlPatternSegmentFmt
|
const SysctlPatternFmt string = "(" + apivalidation.SysctlSegmentFmt + "\\.)*" + sysctlPatternSegmentFmt
|
||||||
|
|
||||||
|
@@ -2494,6 +2494,10 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
|
|||||||
seccomp.AllowedProfilesAnnotationKey: "docker/default,not-good",
|
seccomp.AllowedProfilesAnnotationKey: "docker/default,not-good",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
invalidDefaultAllowPrivilegeEscalation := validPSP()
|
||||||
|
pe := true
|
||||||
|
invalidDefaultAllowPrivilegeEscalation.Spec.DefaultAllowPrivilegeEscalation = &pe
|
||||||
|
|
||||||
type testCase struct {
|
type testCase struct {
|
||||||
psp *extensions.PodSecurityPolicy
|
psp *extensions.PodSecurityPolicy
|
||||||
errorType field.ErrorType
|
errorType field.ErrorType
|
||||||
@@ -2600,6 +2604,11 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
|
|||||||
errorType: field.ErrorTypeInvalid,
|
errorType: field.ErrorTypeInvalid,
|
||||||
errorDetail: "must be a valid seccomp profile",
|
errorDetail: "must be a valid seccomp profile",
|
||||||
},
|
},
|
||||||
|
"invalid defaultAllowPrivilegeEscalation": {
|
||||||
|
psp: invalidDefaultAllowPrivilegeEscalation,
|
||||||
|
errorType: field.ErrorTypeInvalid,
|
||||||
|
errorDetail: "Cannot set DefaultAllowPrivilegeEscalation to true without also setting AllowPrivilegeEscalation to true",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for k, v := range errorCases {
|
for k, v := range errorCases {
|
||||||
@@ -2674,6 +2683,11 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
|
|||||||
seccomp.AllowedProfilesAnnotationKey: "docker/default,unconfined,localhost/foo",
|
seccomp.AllowedProfilesAnnotationKey: "docker/default,unconfined,localhost/foo",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
validDefaultAllowPrivilegeEscalation := validPSP()
|
||||||
|
pe = true
|
||||||
|
validDefaultAllowPrivilegeEscalation.Spec.DefaultAllowPrivilegeEscalation = &pe
|
||||||
|
validDefaultAllowPrivilegeEscalation.Spec.AllowPrivilegeEscalation = true
|
||||||
|
|
||||||
successCases := map[string]struct {
|
successCases := map[string]struct {
|
||||||
psp *extensions.PodSecurityPolicy
|
psp *extensions.PodSecurityPolicy
|
||||||
}{
|
}{
|
||||||
@@ -2701,6 +2715,9 @@ func TestValidatePodSecurityPolicy(t *testing.T) {
|
|||||||
"valid seccomp annotations": {
|
"valid seccomp annotations": {
|
||||||
psp: validSeccomp,
|
psp: validSeccomp,
|
||||||
},
|
},
|
||||||
|
"valid defaultAllowPrivilegeEscalation as true": {
|
||||||
|
psp: validDefaultAllowPrivilegeEscalation,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for k, v := range successCases {
|
for k, v := range successCases {
|
||||||
|
@@ -1316,6 +1316,15 @@ func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) {
|
|||||||
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
|
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
|
||||||
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
|
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
|
||||||
in.FSGroup.DeepCopyInto(&out.FSGroup)
|
in.FSGroup.DeepCopyInto(&out.FSGroup)
|
||||||
|
if in.DefaultAllowPrivilegeEscalation != nil {
|
||||||
|
in, out := &in.DefaultAllowPrivilegeEscalation, &out.DefaultAllowPrivilegeEscalation
|
||||||
|
if *in == nil {
|
||||||
|
*out = nil
|
||||||
|
} else {
|
||||||
|
*out = new(bool)
|
||||||
|
**out = **in
|
||||||
|
}
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -1349,6 +1349,9 @@ type LinuxContainerSecurityContext struct {
|
|||||||
// * localhost/<full-path-to-profile>: the profile installed on the node.
|
// * localhost/<full-path-to-profile>: the profile installed on the node.
|
||||||
// <full-path-to-profile> is the full path of the profile.
|
// <full-path-to-profile> is the full path of the profile.
|
||||||
SeccompProfilePath string `protobuf:"bytes,10,opt,name=seccomp_profile_path,json=seccompProfilePath,proto3" json:"seccomp_profile_path,omitempty"`
|
SeccompProfilePath string `protobuf:"bytes,10,opt,name=seccomp_profile_path,json=seccompProfilePath,proto3" json:"seccomp_profile_path,omitempty"`
|
||||||
|
// no_new_privs defines if the flag for no_new_privs should be set on the
|
||||||
|
// container.
|
||||||
|
NoNewPrivs bool `protobuf:"varint,11,opt,name=no_new_privs,json=noNewPrivs,proto3" json:"no_new_privs,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *LinuxContainerSecurityContext) Reset() { *m = LinuxContainerSecurityContext{} }
|
func (m *LinuxContainerSecurityContext) Reset() { *m = LinuxContainerSecurityContext{} }
|
||||||
@@ -1427,6 +1430,13 @@ func (m *LinuxContainerSecurityContext) GetSeccompProfilePath() string {
|
|||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m *LinuxContainerSecurityContext) GetNoNewPrivs() bool {
|
||||||
|
if m != nil {
|
||||||
|
return m.NoNewPrivs
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
// LinuxContainerConfig contains platform-specific configuration for
|
// LinuxContainerConfig contains platform-specific configuration for
|
||||||
// Linux-based containers.
|
// Linux-based containers.
|
||||||
type LinuxContainerConfig struct {
|
type LinuxContainerConfig struct {
|
||||||
@@ -5740,6 +5750,16 @@ func (m *LinuxContainerSecurityContext) MarshalTo(dAtA []byte) (int, error) {
|
|||||||
i = encodeVarintApi(dAtA, i, uint64(len(m.SeccompProfilePath)))
|
i = encodeVarintApi(dAtA, i, uint64(len(m.SeccompProfilePath)))
|
||||||
i += copy(dAtA[i:], m.SeccompProfilePath)
|
i += copy(dAtA[i:], m.SeccompProfilePath)
|
||||||
}
|
}
|
||||||
|
if m.NoNewPrivs {
|
||||||
|
dAtA[i] = 0x58
|
||||||
|
i++
|
||||||
|
if m.NoNewPrivs {
|
||||||
|
dAtA[i] = 1
|
||||||
|
} else {
|
||||||
|
dAtA[i] = 0
|
||||||
|
}
|
||||||
|
i++
|
||||||
|
}
|
||||||
return i, nil
|
return i, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -8702,6 +8722,9 @@ func (m *LinuxContainerSecurityContext) Size() (n int) {
|
|||||||
if l > 0 {
|
if l > 0 {
|
||||||
n += 1 + l + sovApi(uint64(l))
|
n += 1 + l + sovApi(uint64(l))
|
||||||
}
|
}
|
||||||
|
if m.NoNewPrivs {
|
||||||
|
n += 2
|
||||||
|
}
|
||||||
return n
|
return n
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -10161,6 +10184,7 @@ func (this *LinuxContainerSecurityContext) String() string {
|
|||||||
`SupplementalGroups:` + fmt.Sprintf("%v", this.SupplementalGroups) + `,`,
|
`SupplementalGroups:` + fmt.Sprintf("%v", this.SupplementalGroups) + `,`,
|
||||||
`ApparmorProfile:` + fmt.Sprintf("%v", this.ApparmorProfile) + `,`,
|
`ApparmorProfile:` + fmt.Sprintf("%v", this.ApparmorProfile) + `,`,
|
||||||
`SeccompProfilePath:` + fmt.Sprintf("%v", this.SeccompProfilePath) + `,`,
|
`SeccompProfilePath:` + fmt.Sprintf("%v", this.SeccompProfilePath) + `,`,
|
||||||
|
`NoNewPrivs:` + fmt.Sprintf("%v", this.NoNewPrivs) + `,`,
|
||||||
`}`,
|
`}`,
|
||||||
}, "")
|
}, "")
|
||||||
return s
|
return s
|
||||||
@@ -16013,6 +16037,26 @@ func (m *LinuxContainerSecurityContext) Unmarshal(dAtA []byte) error {
|
|||||||
}
|
}
|
||||||
m.SeccompProfilePath = string(dAtA[iNdEx:postIndex])
|
m.SeccompProfilePath = string(dAtA[iNdEx:postIndex])
|
||||||
iNdEx = postIndex
|
iNdEx = postIndex
|
||||||
|
case 11:
|
||||||
|
if wireType != 0 {
|
||||||
|
return fmt.Errorf("proto: wrong wireType = %d for field NoNewPrivs", wireType)
|
||||||
|
}
|
||||||
|
var v int
|
||||||
|
for shift := uint(0); ; shift += 7 {
|
||||||
|
if shift >= 64 {
|
||||||
|
return ErrIntOverflowApi
|
||||||
|
}
|
||||||
|
if iNdEx >= l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
b := dAtA[iNdEx]
|
||||||
|
iNdEx++
|
||||||
|
v |= (int(b) & 0x7F) << shift
|
||||||
|
if b < 0x80 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m.NoNewPrivs = bool(v != 0)
|
||||||
default:
|
default:
|
||||||
iNdEx = preIndex
|
iNdEx = preIndex
|
||||||
skippy, err := skipApi(dAtA[iNdEx:])
|
skippy, err := skipApi(dAtA[iNdEx:])
|
||||||
@@ -24029,260 +24073,262 @@ var (
|
|||||||
func init() { proto.RegisterFile("api.proto", fileDescriptorApi) }
|
func init() { proto.RegisterFile("api.proto", fileDescriptorApi) }
|
||||||
|
|
||||||
var fileDescriptorApi = []byte{
|
var fileDescriptorApi = []byte{
|
||||||
// 4080 bytes of a gzipped FileDescriptorProto
|
// 4103 bytes of a gzipped FileDescriptorProto
|
||||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x3b, 0x4d, 0x6f, 0x1c, 0x47,
|
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x3b, 0x4d, 0x6f, 0x1c, 0x47,
|
||||||
0x76, 0x9c, 0x19, 0x7e, 0xcc, 0xbc, 0xe1, 0x0c, 0x87, 0x25, 0x8a, 0x1c, 0x8d, 0x24, 0x9a, 0x6e,
|
0x76, 0x9c, 0x19, 0x7e, 0xcc, 0xbc, 0xe1, 0x0c, 0x87, 0x25, 0x8a, 0x1c, 0x8d, 0x24, 0x9a, 0x6e,
|
||||||
0x59, 0xb6, 0xa4, 0x5d, 0xc9, 0x32, 0xbd, 0xb6, 0x63, 0xf9, 0x4b, 0x63, 0x92, 0x32, 0x68, 0x49,
|
0x59, 0xb6, 0xa4, 0x5d, 0xc9, 0x32, 0xbd, 0xb6, 0x63, 0xf9, 0x4b, 0x34, 0x49, 0x19, 0xb4, 0xa4,
|
||||||
0x24, 0xb7, 0x47, 0xf4, 0xee, 0x66, 0x03, 0x74, 0x9a, 0xd3, 0xc5, 0x61, 0xdb, 0x33, 0x5d, 0xbd,
|
0x11, 0xb7, 0x47, 0xf4, 0xee, 0x66, 0x03, 0x74, 0x9a, 0xd3, 0xc5, 0x61, 0x5b, 0x33, 0x5d, 0xbd,
|
||||||
0xdd, 0xd5, 0xb2, 0x98, 0x53, 0x72, 0x09, 0x72, 0x74, 0x80, 0x5c, 0x72, 0xcb, 0x21, 0xc0, 0x22,
|
0xdd, 0xd5, 0x92, 0x98, 0x53, 0x72, 0x09, 0x72, 0x74, 0x8e, 0xb9, 0xe5, 0x10, 0x60, 0x91, 0x4b,
|
||||||
0x97, 0x1c, 0x72, 0xca, 0x2f, 0x08, 0x16, 0x08, 0x02, 0xe4, 0x14, 0x24, 0xb7, 0x5d, 0xe5, 0x90,
|
0x0e, 0x39, 0x04, 0xf9, 0x05, 0xc1, 0x02, 0x41, 0x80, 0x9c, 0x82, 0xe4, 0xb6, 0xab, 0x1c, 0x72,
|
||||||
0x43, 0x80, 0xfc, 0x86, 0xa0, 0xbe, 0xba, 0xab, 0xbf, 0x46, 0xa4, 0x6c, 0xec, 0xea, 0xd6, 0xf5,
|
0x08, 0x90, 0xdf, 0x10, 0xd4, 0x57, 0x77, 0xf5, 0xd7, 0x88, 0x94, 0x8d, 0x5d, 0xdd, 0xba, 0x5e,
|
||||||
0xea, 0xbd, 0x57, 0xaf, 0xea, 0xbd, 0x7a, 0xf5, 0xde, 0xab, 0x6a, 0x68, 0xd8, 0xbe, 0x7b, 0xc7,
|
0xbd, 0xf7, 0xea, 0x55, 0xbd, 0x57, 0xaf, 0xde, 0x7b, 0x55, 0x0d, 0x0d, 0xdb, 0x77, 0x6f, 0xf9,
|
||||||
0x0f, 0x08, 0x25, 0x68, 0x21, 0x88, 0x3c, 0xea, 0x4e, 0x70, 0xef, 0xf6, 0xc8, 0xa5, 0x27, 0xd1,
|
0x01, 0xa1, 0x04, 0x2d, 0x04, 0x91, 0x47, 0xdd, 0x09, 0xee, 0xdd, 0x1c, 0xb9, 0xf4, 0x38, 0x3a,
|
||||||
0xd1, 0x9d, 0x21, 0x99, 0xbc, 0x3d, 0x22, 0x23, 0xf2, 0x36, 0xef, 0x3f, 0x8a, 0x8e, 0x79, 0x8b,
|
0xbc, 0x35, 0x24, 0x93, 0x77, 0x47, 0x64, 0x44, 0xde, 0xe5, 0xfd, 0x87, 0xd1, 0x11, 0x6f, 0xf1,
|
||||||
0x37, 0xf8, 0x97, 0xa0, 0x33, 0x6e, 0x41, 0xfb, 0x2b, 0x1c, 0x84, 0x2e, 0xf1, 0x4c, 0xfc, 0xab,
|
0x06, 0xff, 0x12, 0x74, 0xc6, 0x0d, 0x68, 0x7f, 0x83, 0x83, 0xd0, 0x25, 0x9e, 0x89, 0x7f, 0x15,
|
||||||
0x08, 0x87, 0x14, 0x75, 0x61, 0xe1, 0xa9, 0x80, 0x74, 0x2b, 0x1b, 0x95, 0x1b, 0x0d, 0x53, 0x35,
|
0xe1, 0x90, 0xa2, 0x2e, 0x2c, 0x3c, 0x15, 0x90, 0x6e, 0x65, 0xa3, 0x72, 0xad, 0x61, 0xaa, 0xa6,
|
||||||
0x8d, 0x5f, 0x57, 0x60, 0x29, 0x46, 0x0e, 0x7d, 0xe2, 0x85, 0xb8, 0x1c, 0x1b, 0xbd, 0x0e, 0x8b,
|
0xf1, 0xeb, 0x0a, 0x2c, 0xc5, 0xc8, 0xa1, 0x4f, 0xbc, 0x10, 0x97, 0x63, 0xa3, 0x37, 0x61, 0x51,
|
||||||
0x52, 0x26, 0xcb, 0xb3, 0x27, 0xb8, 0x5b, 0xe5, 0xdd, 0x4d, 0x09, 0xdb, 0xb3, 0x27, 0x18, 0xbd,
|
0xca, 0x64, 0x79, 0xf6, 0x04, 0x77, 0xab, 0xbc, 0xbb, 0x29, 0x61, 0x7d, 0x7b, 0x82, 0xd1, 0x3b,
|
||||||
0x05, 0x4b, 0x0a, 0x45, 0x31, 0xa9, 0x71, 0xac, 0xb6, 0x04, 0xcb, 0xd1, 0xd0, 0x1d, 0xb8, 0xa0,
|
0xb0, 0xa4, 0x50, 0x14, 0x93, 0x1a, 0xc7, 0x6a, 0x4b, 0xb0, 0x1c, 0x0d, 0xdd, 0x82, 0x73, 0x0a,
|
||||||
0x10, 0x6d, 0xdf, 0x8d, 0x91, 0x67, 0x39, 0xf2, 0xb2, 0xec, 0xea, 0xfb, 0xae, 0xc4, 0x37, 0x7e,
|
0xd1, 0xf6, 0xdd, 0x18, 0x79, 0x96, 0x23, 0x2f, 0xcb, 0xae, 0x2d, 0xdf, 0x95, 0xf8, 0xc6, 0x2f,
|
||||||
0x09, 0x8d, 0xed, 0xbd, 0xc1, 0x16, 0xf1, 0x8e, 0xdd, 0x11, 0x13, 0x31, 0xc4, 0x01, 0xa3, 0xe9,
|
0xa1, 0xb1, 0xd3, 0x1f, 0x6c, 0x13, 0xef, 0xc8, 0x1d, 0x31, 0x11, 0x43, 0x1c, 0x30, 0x9a, 0x6e,
|
||||||
0x56, 0x36, 0x6a, 0x4c, 0x44, 0xd9, 0x44, 0x3d, 0xa8, 0x87, 0xd8, 0x0e, 0x86, 0x27, 0x38, 0xec,
|
0x65, 0xa3, 0xc6, 0x44, 0x94, 0x4d, 0xd4, 0x83, 0x7a, 0x88, 0xed, 0x60, 0x78, 0x8c, 0xc3, 0x6e,
|
||||||
0x56, 0x79, 0x57, 0xdc, 0x66, 0x54, 0xc4, 0xa7, 0x2e, 0xf1, 0xc2, 0x6e, 0x4d, 0x50, 0xc9, 0xa6,
|
0x95, 0x77, 0xc5, 0x6d, 0x46, 0x45, 0x7c, 0xea, 0x12, 0x2f, 0xec, 0xd6, 0x04, 0x95, 0x6c, 0x1a,
|
||||||
0xf1, 0xb7, 0x15, 0x68, 0x1e, 0x90, 0x80, 0x3e, 0xb6, 0x7d, 0xdf, 0xf5, 0x46, 0xe8, 0x36, 0xd4,
|
0x7f, 0x53, 0x81, 0xe6, 0x3e, 0x09, 0xe8, 0x43, 0xdb, 0xf7, 0x5d, 0x6f, 0x84, 0x6e, 0x42, 0x9d,
|
||||||
0xf9, 0x5a, 0x0e, 0xc9, 0x98, 0xaf, 0x41, 0x7b, 0x73, 0xf9, 0x8e, 0x14, 0xe9, 0xce, 0x81, 0xec,
|
0xaf, 0xe5, 0x90, 0x8c, 0xf9, 0x1a, 0xb4, 0x37, 0x97, 0x6f, 0x49, 0x91, 0x6e, 0xed, 0xcb, 0x0e,
|
||||||
0x30, 0x63, 0x14, 0x74, 0x1d, 0xda, 0x43, 0xe2, 0x51, 0xdb, 0xf5, 0x70, 0x60, 0xf9, 0x24, 0xa0,
|
0x33, 0x46, 0x41, 0x57, 0xa1, 0x3d, 0x24, 0x1e, 0xb5, 0x5d, 0x0f, 0x07, 0x96, 0x4f, 0x02, 0xca,
|
||||||
0x7c, 0x65, 0xe6, 0xcc, 0x56, 0x0c, 0x65, 0xcc, 0xd1, 0x65, 0x68, 0x9c, 0x90, 0x90, 0x0a, 0x8c,
|
0x57, 0x66, 0xce, 0x6c, 0xc5, 0x50, 0xc6, 0x1c, 0x5d, 0x84, 0xc6, 0x31, 0x09, 0xa9, 0xc0, 0xa8,
|
||||||
0x1a, 0xc7, 0xa8, 0x33, 0x00, 0xef, 0x5c, 0x83, 0x05, 0xde, 0xe9, 0xfa, 0x72, 0x0d, 0xe6, 0x59,
|
0x71, 0x8c, 0x3a, 0x03, 0xf0, 0xce, 0x35, 0x58, 0xe0, 0x9d, 0xae, 0x2f, 0xd7, 0x60, 0x9e, 0x35,
|
||||||
0x73, 0xd7, 0x37, 0xbe, 0xab, 0xc0, 0xdc, 0x63, 0x12, 0x79, 0x34, 0x33, 0x8c, 0x4d, 0x4f, 0xa4,
|
0xf7, 0x7c, 0xe3, 0xbb, 0x0a, 0xcc, 0x3d, 0x24, 0x91, 0x47, 0x33, 0xc3, 0xd8, 0xf4, 0x58, 0xea,
|
||||||
0x7e, 0xb4, 0x61, 0x6c, 0x7a, 0x92, 0x0c, 0xc3, 0x30, 0x84, 0x8a, 0xc4, 0x30, 0xac, 0xb3, 0x07,
|
0x47, 0x1b, 0xc6, 0xa6, 0xc7, 0xc9, 0x30, 0x0c, 0x43, 0xa8, 0x48, 0x0c, 0xc3, 0x3a, 0x7b, 0x50,
|
||||||
0xf5, 0x00, 0xdb, 0x0e, 0xf1, 0xc6, 0xa7, 0x5c, 0x84, 0xba, 0x19, 0xb7, 0x99, 0xee, 0x42, 0x3c,
|
0x0f, 0xb0, 0xed, 0x10, 0x6f, 0x7c, 0xc2, 0x45, 0xa8, 0x9b, 0x71, 0x9b, 0xe9, 0x2e, 0xc4, 0x63,
|
||||||
0x76, 0xbd, 0xe8, 0x99, 0x15, 0xe0, 0xb1, 0x7d, 0x84, 0xc7, 0x5c, 0x94, 0xba, 0xd9, 0x96, 0x60,
|
0xd7, 0x8b, 0x9e, 0x5b, 0x01, 0x1e, 0xdb, 0x87, 0x78, 0xcc, 0x45, 0xa9, 0x9b, 0x6d, 0x09, 0x36,
|
||||||
0x53, 0x40, 0x8d, 0xaf, 0x61, 0x89, 0x29, 0x3b, 0xf4, 0xed, 0x21, 0xde, 0xe7, 0x4b, 0xc8, 0x4c,
|
0x05, 0xd4, 0xf8, 0x16, 0x96, 0x98, 0xb2, 0x43, 0xdf, 0x1e, 0xe2, 0x47, 0x7c, 0x09, 0x99, 0x69,
|
||||||
0x83, 0x0f, 0xea, 0x61, 0xfa, 0x2d, 0x09, 0xbe, 0xe1, 0x92, 0xd5, 0xcd, 0x26, 0x83, 0xed, 0x09,
|
0xf0, 0x41, 0x3d, 0x4c, 0x9f, 0x91, 0xe0, 0x09, 0x97, 0xac, 0x6e, 0x36, 0x19, 0xac, 0x2f, 0x40,
|
||||||
0x10, 0xba, 0x04, 0x75, 0x21, 0x97, 0xeb, 0x70, 0xb1, 0xea, 0x26, 0x9f, 0xf1, 0x81, 0xeb, 0xc4,
|
0xe8, 0x02, 0xd4, 0x85, 0x5c, 0xae, 0xc3, 0xc5, 0xaa, 0x9b, 0x7c, 0xc6, 0xfb, 0xae, 0x13, 0x77,
|
||||||
0x5d, 0xae, 0x3f, 0x94, 0x52, 0x2d, 0x88, 0xd9, 0x0f, 0x0d, 0x03, 0x60, 0xd7, 0xa3, 0xef, 0xff,
|
0xb9, 0xfe, 0x50, 0x4a, 0xb5, 0x20, 0x66, 0x3f, 0x34, 0x0c, 0x80, 0x3d, 0x8f, 0x7e, 0xf8, 0x93,
|
||||||
0xe4, 0x2b, 0x7b, 0x1c, 0x61, 0xb4, 0x02, 0x73, 0x4f, 0xd9, 0x07, 0xe7, 0x5f, 0x33, 0x45, 0xc3,
|
0x6f, 0xec, 0x71, 0x84, 0xd1, 0x0a, 0xcc, 0x3d, 0x65, 0x1f, 0x9c, 0x7f, 0xcd, 0x14, 0x0d, 0xe3,
|
||||||
0xf8, 0xcb, 0x1a, 0x5c, 0x7e, 0xc4, 0x04, 0x1c, 0xd8, 0x9e, 0x73, 0x44, 0x9e, 0x0d, 0xf0, 0x30,
|
0x2f, 0x6b, 0x70, 0xf1, 0x01, 0x13, 0x70, 0x60, 0x7b, 0xce, 0x21, 0x79, 0x3e, 0xc0, 0xc3, 0x28,
|
||||||
0x0a, 0x5c, 0x7a, 0xba, 0x45, 0x3c, 0x8a, 0x9f, 0x51, 0xb4, 0x03, 0xcb, 0x9e, 0x92, 0xd7, 0x52,
|
0x70, 0xe9, 0xc9, 0x36, 0xf1, 0x28, 0x7e, 0x4e, 0xd1, 0x2e, 0x2c, 0x7b, 0x4a, 0x5e, 0x4b, 0x99,
|
||||||
0x26, 0xc0, 0x38, 0x34, 0x37, 0xbb, 0xb1, 0x5e, 0x33, 0x33, 0x32, 0x3b, 0x5e, 0x1a, 0x10, 0xa2,
|
0x00, 0xe3, 0xd0, 0xdc, 0xec, 0xc6, 0x7a, 0xcd, 0xcc, 0xc8, 0xec, 0x78, 0x69, 0x40, 0x88, 0xbe,
|
||||||
0xcf, 0x92, 0xf5, 0x51, 0x4c, 0xaa, 0x9c, 0xc9, 0x6a, 0xcc, 0x64, 0xb0, 0xc3, 0xe5, 0x90, 0x2c,
|
0x48, 0xd6, 0x47, 0x31, 0xa9, 0x72, 0x26, 0xab, 0x31, 0x93, 0xc1, 0x2e, 0x97, 0x43, 0xb2, 0x50,
|
||||||
0xd4, 0xba, 0x29, 0x06, 0xef, 0x02, 0xdb, 0x2b, 0x96, 0x1d, 0x5a, 0x51, 0x88, 0x03, 0x3e, 0xd3,
|
0xeb, 0xa6, 0x18, 0xbc, 0x0f, 0x6c, 0xaf, 0x58, 0x76, 0x68, 0x45, 0x21, 0x0e, 0xf8, 0x4c, 0x9b,
|
||||||
0xe6, 0xe6, 0x85, 0x98, 0x38, 0x99, 0xa7, 0xd9, 0x08, 0x22, 0xaf, 0x1f, 0x1e, 0x86, 0x38, 0xe0,
|
0x9b, 0xe7, 0x62, 0xe2, 0x64, 0x9e, 0x66, 0x23, 0x88, 0xbc, 0xad, 0xf0, 0x20, 0xc4, 0x01, 0xdf,
|
||||||
0x3b, 0x4a, 0x6a, 0xc8, 0x0a, 0x08, 0xa1, 0xc7, 0xa1, 0xd2, 0x8a, 0x02, 0x9b, 0x1c, 0x8a, 0xde,
|
0x51, 0x52, 0x43, 0x56, 0x40, 0x08, 0x3d, 0x0a, 0x95, 0x56, 0x14, 0xd8, 0xe4, 0x50, 0xf4, 0x2e,
|
||||||
0x86, 0x0b, 0x61, 0xe4, 0xfb, 0x63, 0x3c, 0xc1, 0x1e, 0xb5, 0xc7, 0xd6, 0x28, 0x20, 0x91, 0x1f,
|
0x9c, 0x0b, 0x23, 0xdf, 0x1f, 0xe3, 0x09, 0xf6, 0xa8, 0x3d, 0xb6, 0x46, 0x01, 0x89, 0xfc, 0xb0,
|
||||||
0x76, 0xe7, 0x36, 0x6a, 0x37, 0x6a, 0x26, 0xd2, 0xbb, 0xbe, 0xe0, 0x3d, 0x68, 0x1d, 0xc0, 0x0f,
|
0x3b, 0xb7, 0x51, 0xbb, 0x56, 0x33, 0x91, 0xde, 0xf5, 0x15, 0xef, 0x41, 0xeb, 0x00, 0x7e, 0xe0,
|
||||||
0xdc, 0xa7, 0xee, 0x18, 0x8f, 0xb0, 0xd3, 0x9d, 0xe7, 0x4c, 0x35, 0x08, 0xba, 0x0b, 0x2b, 0x21,
|
0x3e, 0x75, 0xc7, 0x78, 0x84, 0x9d, 0xee, 0x3c, 0x67, 0xaa, 0x41, 0xd0, 0x6d, 0x58, 0x09, 0xf1,
|
||||||
0x1e, 0x0e, 0xc9, 0xc4, 0xb7, 0xfc, 0x80, 0x1c, 0xbb, 0x63, 0x2c, 0x6c, 0x6a, 0x81, 0xdb, 0x14,
|
0x70, 0x48, 0x26, 0xbe, 0xe5, 0x07, 0xe4, 0xc8, 0x1d, 0x63, 0x61, 0x53, 0x0b, 0xdc, 0xa6, 0x90,
|
||||||
0x92, 0x7d, 0x07, 0xa2, 0x8b, 0x59, 0x97, 0xf1, 0x5d, 0x15, 0x2e, 0xf2, 0x05, 0x38, 0x20, 0x8e,
|
0xec, 0xdb, 0x17, 0x5d, 0xcc, 0xba, 0x8c, 0xef, 0xaa, 0x70, 0x9e, 0x2f, 0xc0, 0x3e, 0x71, 0xa4,
|
||||||
0xd4, 0x85, 0xdc, 0xb1, 0xd7, 0xa0, 0x35, 0xe4, 0x02, 0x59, 0xbe, 0x1d, 0x60, 0x8f, 0x4a, 0xd3,
|
0x2e, 0xe4, 0x8e, 0xbd, 0x02, 0xad, 0x21, 0x17, 0xc8, 0xf2, 0xed, 0x00, 0x7b, 0x54, 0x9a, 0xee,
|
||||||
0x5d, 0x14, 0xc0, 0x03, 0x0e, 0x43, 0xfb, 0xd0, 0x09, 0xa5, 0xea, 0xac, 0xa1, 0xd0, 0x9d, 0x5c,
|
0xa2, 0x00, 0xee, 0x73, 0x18, 0x7a, 0x04, 0x9d, 0x50, 0xaa, 0xce, 0x1a, 0x0a, 0xdd, 0xc9, 0x15,
|
||||||
0xe1, 0x37, 0xe2, 0x45, 0x9a, 0xa2, 0x67, 0x73, 0x29, 0xcc, 0x29, 0x7e, 0x21, 0x3c, 0x0d, 0x87,
|
0x7e, 0x2b, 0x5e, 0xa4, 0x29, 0x7a, 0x36, 0x97, 0xc2, 0x9c, 0xe2, 0x17, 0xc2, 0x93, 0x70, 0x48,
|
||||||
0x74, 0x2c, 0x76, 0x7c, 0x73, 0xf3, 0x47, 0x69, 0x3e, 0x59, 0x31, 0xef, 0x0c, 0x04, 0xf6, 0x8e,
|
0xc7, 0x62, 0xc7, 0x37, 0x37, 0x7f, 0x94, 0xe6, 0x93, 0x15, 0xf3, 0xd6, 0x40, 0x60, 0xef, 0x7a,
|
||||||
0x47, 0x83, 0x53, 0x53, 0xd1, 0xf6, 0xee, 0xc1, 0xa2, 0xde, 0x81, 0x3a, 0x50, 0xfb, 0x06, 0x9f,
|
0x34, 0x38, 0x31, 0x15, 0x6d, 0xef, 0x0e, 0x2c, 0xea, 0x1d, 0xa8, 0x03, 0xb5, 0x27, 0xf8, 0x44,
|
||||||
0xca, 0x29, 0xb0, 0xcf, 0xc4, 0x2e, 0xc5, 0x7e, 0x13, 0x8d, 0x7b, 0xd5, 0x3f, 0xaa, 0x18, 0x01,
|
0x4e, 0x81, 0x7d, 0x26, 0x76, 0x29, 0xf6, 0x9b, 0x68, 0xdc, 0xa9, 0xfe, 0x51, 0xc5, 0x08, 0x00,
|
||||||
0xa0, 0x64, 0x94, 0xc7, 0x98, 0xda, 0x8e, 0x4d, 0x6d, 0x84, 0x60, 0x96, 0x7b, 0x50, 0xc1, 0x82,
|
0x25, 0xa3, 0x3c, 0xc4, 0xd4, 0x76, 0x6c, 0x6a, 0x23, 0x04, 0xb3, 0xdc, 0x83, 0x0a, 0x16, 0xfc,
|
||||||
0x7f, 0x33, 0xae, 0x91, 0xdc, 0x1a, 0x0d, 0x93, 0x7d, 0xa2, 0x2b, 0xd0, 0x88, 0x8d, 0x50, 0xba,
|
0x9b, 0x71, 0x8d, 0xe4, 0xd6, 0x68, 0x98, 0xec, 0x13, 0x5d, 0x82, 0x46, 0x6c, 0x84, 0xd2, 0x8d,
|
||||||
0xd1, 0x04, 0xc0, 0xdc, 0x99, 0x4d, 0x29, 0x9e, 0xf8, 0x94, 0x1b, 0x44, 0xcb, 0x54, 0x4d, 0xe3,
|
0x26, 0x00, 0xe6, 0xce, 0x6c, 0x4a, 0xf1, 0xc4, 0xa7, 0xdc, 0x20, 0x5a, 0xa6, 0x6a, 0x1a, 0xff,
|
||||||
0x9f, 0x67, 0xa1, 0x93, 0xd3, 0xc0, 0x07, 0x50, 0x9f, 0xc8, 0xe1, 0xa5, 0xed, 0x5f, 0x4e, 0x7c,
|
0x3c, 0x0b, 0x9d, 0x9c, 0x06, 0x3e, 0x82, 0xfa, 0x44, 0x0e, 0x2f, 0x6d, 0xff, 0x62, 0xe2, 0xd3,
|
||||||
0x5a, 0x4e, 0x42, 0x33, 0x46, 0x66, 0x2e, 0x83, 0x6d, 0x46, 0xcd, 0xe3, 0xc7, 0x6d, 0xa6, 0xd6,
|
0x72, 0x12, 0x9a, 0x31, 0x32, 0x73, 0x19, 0x6c, 0x33, 0x6a, 0x1e, 0x3f, 0x6e, 0x33, 0xb5, 0x8e,
|
||||||
0x31, 0x19, 0x59, 0x8e, 0x1b, 0xe0, 0x21, 0x25, 0xc1, 0xa9, 0x94, 0x72, 0x71, 0x4c, 0x46, 0xdb,
|
0xc9, 0xc8, 0x72, 0xdc, 0x00, 0x0f, 0x29, 0x09, 0x4e, 0xa4, 0x94, 0x8b, 0x63, 0x32, 0xda, 0x51,
|
||||||
0x0a, 0x86, 0xde, 0x01, 0x70, 0xbc, 0x90, 0x69, 0xf4, 0xd8, 0x1d, 0x71, 0x59, 0x9b, 0x9b, 0x28,
|
0x30, 0xf4, 0x1e, 0x80, 0xe3, 0x85, 0x4c, 0xa3, 0x47, 0xee, 0x88, 0xcb, 0xda, 0xdc, 0x44, 0xf1,
|
||||||
0x1e, 0x3b, 0xf6, 0xea, 0x66, 0xc3, 0xf1, 0x42, 0x29, 0xec, 0x87, 0xd0, 0x62, 0x5e, 0xd2, 0x9a,
|
0xd8, 0xb1, 0x57, 0x37, 0x1b, 0x8e, 0x17, 0x4a, 0x61, 0x3f, 0x86, 0x16, 0xf3, 0x92, 0xd6, 0x44,
|
||||||
0x08, 0x87, 0x2c, 0xac, 0xb8, 0xb9, 0xb9, 0xa2, 0x49, 0x1c, 0x7b, 0x6b, 0x73, 0xd1, 0x4f, 0x1a,
|
0x38, 0x64, 0x61, 0xc5, 0xcd, 0xcd, 0x15, 0x4d, 0xe2, 0xd8, 0x5b, 0x9b, 0x8b, 0x7e, 0xd2, 0x08,
|
||||||
0x21, 0xfa, 0x04, 0xe6, 0xb9, 0x97, 0x0a, 0xbb, 0xf3, 0x9c, 0xe6, 0x7a, 0xc1, 0x2c, 0xa5, 0xb6,
|
0xd1, 0x67, 0x30, 0xcf, 0xbd, 0x54, 0xd8, 0x9d, 0xe7, 0x34, 0x57, 0x0b, 0x66, 0x29, 0xb5, 0xfd,
|
||||||
0x1f, 0x71, 0x3c, 0xa1, 0x6c, 0x49, 0x84, 0x1e, 0x41, 0xd3, 0xf6, 0x3c, 0x42, 0x6d, 0xb1, 0xc1,
|
0x80, 0xe3, 0x09, 0x65, 0x4b, 0x22, 0xf4, 0x00, 0x9a, 0xb6, 0xe7, 0x11, 0x6a, 0x8b, 0x0d, 0xbe,
|
||||||
0x17, 0x38, 0x8f, 0x5b, 0xe5, 0x3c, 0xfa, 0x09, 0xb2, 0x60, 0xa4, 0x93, 0xa3, 0x9f, 0xc0, 0x1c,
|
0xc0, 0x79, 0xdc, 0x28, 0xe7, 0xb1, 0x95, 0x20, 0x0b, 0x46, 0x3a, 0x39, 0xfa, 0x09, 0xcc, 0x71,
|
||||||
0xf7, 0x00, 0xdd, 0x3a, 0x9f, 0xf5, 0xfa, 0x74, 0xf3, 0x33, 0x05, 0x72, 0xef, 0x43, 0x68, 0x6a,
|
0x0f, 0xd0, 0xad, 0xf3, 0x59, 0xaf, 0x4f, 0x37, 0x3f, 0x53, 0x20, 0xf7, 0x3e, 0x86, 0xa6, 0x26,
|
||||||
0xa2, 0x9d, 0xc7, 0xdc, 0x7a, 0x9f, 0x42, 0x27, 0x2b, 0xd1, 0xb9, 0xcc, 0x75, 0x17, 0x56, 0xcc,
|
0xda, 0x59, 0xcc, 0xad, 0xf7, 0x39, 0x74, 0xb2, 0x12, 0x9d, 0xc9, 0x5c, 0xf7, 0x60, 0xc5, 0x8c,
|
||||||
0xc8, 0x4b, 0x04, 0x53, 0x21, 0xc4, 0x3b, 0x30, 0x2f, 0xf5, 0x27, 0x6c, 0xe7, 0x52, 0xe9, 0x8a,
|
0xbc, 0x44, 0x30, 0x15, 0x42, 0xbc, 0x07, 0xf3, 0x52, 0x7f, 0xc2, 0x76, 0x2e, 0x94, 0xae, 0x88,
|
||||||
0x98, 0x12, 0xd1, 0xf8, 0x04, 0x2e, 0x66, 0x58, 0xc9, 0x00, 0xe3, 0x0d, 0x68, 0xfb, 0xc4, 0xb1,
|
0x29, 0x11, 0x8d, 0xcf, 0xe0, 0x7c, 0x86, 0x95, 0x0c, 0x30, 0xde, 0x82, 0xb6, 0x4f, 0x1c, 0x2b,
|
||||||
0x42, 0x01, 0xb6, 0x5c, 0x47, 0x39, 0x03, 0x3f, 0xc6, 0xdd, 0x75, 0x18, 0xf9, 0x80, 0x12, 0x3f,
|
0x14, 0x60, 0xcb, 0x75, 0x94, 0x33, 0xf0, 0x63, 0xdc, 0x3d, 0x87, 0x91, 0x0f, 0x28, 0xf1, 0xf3,
|
||||||
0x2f, 0xca, 0xd9, 0xc8, 0xbb, 0xb0, 0x9a, 0x25, 0x17, 0xc3, 0x1b, 0x9f, 0xc1, 0x9a, 0x89, 0x27,
|
0xa2, 0x9c, 0x8e, 0xbc, 0x0b, 0xab, 0x59, 0x72, 0x31, 0xbc, 0xf1, 0x05, 0xac, 0x99, 0x78, 0x42,
|
||||||
0xe4, 0x29, 0x7e, 0x59, 0xd6, 0x3d, 0xe8, 0xe6, 0x19, 0x24, 0xcc, 0x13, 0xe8, 0x80, 0xda, 0x34,
|
0x9e, 0xe2, 0x57, 0x65, 0xdd, 0x83, 0x6e, 0x9e, 0x41, 0xc2, 0x3c, 0x81, 0x0e, 0xa8, 0x4d, 0xa3,
|
||||||
0x0a, 0xcf, 0xc7, 0xfc, 0xa6, 0xce, 0x40, 0x1e, 0x9d, 0x82, 0x0f, 0x6a, 0x43, 0xd5, 0xf5, 0x25,
|
0xf0, 0x6c, 0xcc, 0xaf, 0xeb, 0x0c, 0xe4, 0xd1, 0x29, 0xf8, 0xa0, 0x36, 0x54, 0x5d, 0x5f, 0x12,
|
||||||
0x51, 0xd5, 0xf5, 0x8d, 0xcf, 0xa0, 0x11, 0x1f, 0x5a, 0x68, 0x33, 0x09, 0x6e, 0xaa, 0x2f, 0x38,
|
0x55, 0x5d, 0xdf, 0xf8, 0x02, 0x1a, 0xf1, 0xa1, 0x85, 0x36, 0x93, 0xe0, 0xa6, 0xfa, 0x92, 0x93,
|
||||||
0xd9, 0xe2, 0xb0, 0xe7, 0x61, 0xce, 0x5b, 0xcb, 0x91, 0x36, 0x01, 0x62, 0x3f, 0xa3, 0x4e, 0x4a,
|
0x2d, 0x0e, 0x7b, 0xee, 0xe7, 0xbc, 0xb5, 0x1c, 0x69, 0x13, 0x20, 0xf6, 0x33, 0xea, 0xa4, 0x44,
|
||||||
0x94, 0xe7, 0x67, 0x6a, 0x58, 0xc6, 0xdf, 0xa7, 0x9c, 0x8e, 0x26, 0xb2, 0x13, 0x8b, 0xec, 0xa4,
|
0x79, 0x7e, 0xa6, 0x86, 0x65, 0xfc, 0x5d, 0xca, 0xe9, 0x68, 0x22, 0x3b, 0xb1, 0xc8, 0x4e, 0xca,
|
||||||
0x9c, 0x50, 0xf5, 0x3c, 0x4e, 0xe8, 0x0e, 0xcc, 0x85, 0xd4, 0xa6, 0xc2, 0x0d, 0xb6, 0xb5, 0xc9,
|
0x09, 0x55, 0xcf, 0xe2, 0x84, 0x6e, 0xc1, 0x5c, 0x48, 0x6d, 0x2a, 0xdc, 0x60, 0x5b, 0x9b, 0x5c,
|
||||||
0xa5, 0x87, 0xc4, 0xa6, 0x40, 0x43, 0x57, 0x01, 0x86, 0x01, 0xb6, 0x29, 0x76, 0x2c, 0x5b, 0xf8,
|
0x7a, 0x48, 0x6c, 0x0a, 0x34, 0x74, 0x19, 0x60, 0x18, 0x60, 0x9b, 0x62, 0xc7, 0xb2, 0x85, 0x7f,
|
||||||
0xc7, 0x9a, 0xd9, 0x90, 0x90, 0x3e, 0x45, 0xf7, 0x60, 0x41, 0x45, 0x2a, 0x73, 0x5c, 0x8c, 0x8d,
|
0xac, 0x99, 0x0d, 0x09, 0xd9, 0xa2, 0xe8, 0x0e, 0x2c, 0xa8, 0x48, 0x65, 0x8e, 0x8b, 0xb1, 0x51,
|
||||||
0x02, 0x86, 0xa9, 0xd5, 0x37, 0x15, 0x41, 0xb2, 0xa7, 0xe7, 0xa7, 0xef, 0x69, 0x49, 0x27, 0x90,
|
0xc0, 0x30, 0xb5, 0xfa, 0xa6, 0x22, 0x48, 0xf6, 0xf4, 0xfc, 0xf4, 0x3d, 0x2d, 0xe9, 0x04, 0xb2,
|
||||||
0x35, 0xb7, 0xb4, 0x50, 0xea, 0x96, 0x04, 0xc5, 0x59, 0xdc, 0x52, 0xbd, 0xd4, 0x2d, 0x49, 0x1e,
|
0xe6, 0x96, 0x16, 0x4a, 0xdd, 0x92, 0xa0, 0x38, 0x8d, 0x5b, 0xaa, 0x97, 0xba, 0x25, 0xc9, 0x63,
|
||||||
0x53, 0xdd, 0xd2, 0x1f, 0xd2, 0xc1, 0x3c, 0x86, 0x6e, 0x7e, 0x83, 0x48, 0xc7, 0xf0, 0x0e, 0xcc,
|
0xaa, 0x5b, 0xfa, 0x43, 0x3a, 0x98, 0x87, 0xd0, 0xcd, 0x6f, 0x10, 0xe9, 0x18, 0xde, 0x83, 0xf9,
|
||||||
0x87, 0x1c, 0x32, 0xc5, 0xc9, 0x48, 0x12, 0x89, 0x68, 0x3c, 0x80, 0x95, 0x8c, 0x05, 0x88, 0x40,
|
0x90, 0x43, 0xa6, 0x38, 0x19, 0x49, 0x22, 0x11, 0x8d, 0x7b, 0xb0, 0x92, 0xb1, 0x00, 0x11, 0x28,
|
||||||
0x31, 0xb6, 0x97, 0xca, 0x99, 0xec, 0xc5, 0xf8, 0xbf, 0x8a, 0x6e, 0xbd, 0x0f, 0xdc, 0x31, 0xc5,
|
0xc6, 0xf6, 0x52, 0x39, 0x95, 0xbd, 0x18, 0xff, 0x57, 0xd1, 0xad, 0xf7, 0x9e, 0x3b, 0xa6, 0x38,
|
||||||
0x41, 0xce, 0x7a, 0xdf, 0x55, 0x4c, 0x85, 0xe9, 0x5e, 0x2d, 0x63, 0x2a, 0x62, 0x38, 0x69, 0x89,
|
0xc8, 0x59, 0xef, 0xfb, 0x8a, 0xa9, 0x30, 0xdd, 0xcb, 0x65, 0x4c, 0x45, 0x0c, 0x27, 0x2d, 0x71,
|
||||||
0x03, 0x68, 0x73, 0x1d, 0x5a, 0x21, 0x1e, 0xf3, 0x03, 0x51, 0x86, 0x22, 0x3f, 0x2e, 0xa0, 0x16,
|
0x00, 0x6d, 0xae, 0x43, 0x2b, 0xc4, 0x63, 0x7e, 0x20, 0xca, 0x50, 0xe4, 0xc7, 0x05, 0xd4, 0x62,
|
||||||
0xe3, 0x0a, 0x03, 0x18, 0x48, 0x74, 0xa1, 0xbe, 0xd6, 0x58, 0x87, 0xf5, 0xee, 0x03, 0xca, 0x23,
|
0x5c, 0x61, 0x00, 0x03, 0x89, 0x2e, 0xd4, 0xd7, 0x1a, 0xeb, 0xb0, 0xde, 0x5d, 0x40, 0x79, 0xa4,
|
||||||
0x9d, 0x4b, 0x0f, 0x5f, 0xb2, 0xbd, 0xcf, 0x72, 0x8f, 0x02, 0x4f, 0x7f, 0xcc, 0xc5, 0x98, 0xa2,
|
0x33, 0xe9, 0xe1, 0x6b, 0xb6, 0xf7, 0x59, 0xee, 0x51, 0xe0, 0xe9, 0x8f, 0xb8, 0x18, 0x53, 0x94,
|
||||||
0x04, 0x21, 0xa7, 0x29, 0x11, 0x8d, 0xbf, 0xab, 0x01, 0x24, 0x9d, 0xaf, 0xec, 0xa6, 0xff, 0x20,
|
0x20, 0xe4, 0x34, 0x25, 0xa2, 0xf1, 0xb7, 0x35, 0x80, 0xa4, 0xf3, 0xb5, 0xdd, 0xf4, 0x1f, 0xc5,
|
||||||
0xde, 0x82, 0x22, 0x9a, 0x78, 0xad, 0x80, 0x5f, 0xe1, 0xe6, 0x7b, 0x90, 0xde, 0x7c, 0x22, 0xae,
|
0x5b, 0x50, 0x44, 0x13, 0x6f, 0x14, 0xf0, 0x2b, 0xdc, 0x7c, 0xf7, 0xd2, 0x9b, 0x4f, 0xc4, 0x15,
|
||||||
0x78, 0xa3, 0x88, 0xfa, 0x95, 0xdd, 0x76, 0x5b, 0xb0, 0x9a, 0x55, 0xb7, 0xdc, 0x74, 0x37, 0x61,
|
0x6f, 0x15, 0x51, 0xbf, 0xb6, 0xdb, 0x6e, 0x1b, 0x56, 0xb3, 0xea, 0x96, 0x9b, 0xee, 0x3a, 0xcc,
|
||||||
0xce, 0xa5, 0x78, 0x22, 0x32, 0x69, 0x3d, 0x1d, 0xd1, 0x70, 0x05, 0x86, 0xf1, 0x3a, 0x34, 0x76,
|
0xb9, 0x14, 0x4f, 0x44, 0x26, 0xad, 0xa7, 0x23, 0x1a, 0xae, 0xc0, 0x30, 0xde, 0x84, 0xc6, 0xde,
|
||||||
0x27, 0xf6, 0x08, 0x0f, 0x7c, 0x3c, 0x64, 0x63, 0xb9, 0xac, 0x21, 0xc7, 0x17, 0x0d, 0x63, 0x13,
|
0xc4, 0x1e, 0xe1, 0x81, 0x8f, 0x87, 0x6c, 0x2c, 0x97, 0x35, 0xe4, 0xf8, 0xa2, 0x61, 0x6c, 0x42,
|
||||||
0xea, 0x0f, 0xf1, 0xa9, 0xd8, 0x83, 0x67, 0x94, 0xcf, 0xf8, 0xd7, 0x0a, 0xac, 0x71, 0xdf, 0xb9,
|
0xfd, 0x3e, 0x3e, 0x11, 0x7b, 0xf0, 0x94, 0xf2, 0x19, 0xff, 0x5a, 0x81, 0x35, 0xee, 0x3b, 0xb7,
|
||||||
0xa5, 0xf2, 0x58, 0x13, 0x87, 0x24, 0x0a, 0x86, 0x38, 0xe4, 0x2a, 0xf5, 0x23, 0xcb, 0xc7, 0x81,
|
0x55, 0x1e, 0x6b, 0xe2, 0x90, 0x44, 0xc1, 0x10, 0x87, 0x5c, 0xa5, 0x7e, 0x64, 0xf9, 0x38, 0x70,
|
||||||
0x4b, 0x1c, 0x99, 0xf5, 0x35, 0x86, 0x7e, 0x74, 0xc0, 0x01, 0x2c, 0xd7, 0x65, 0xdd, 0xbf, 0x8a,
|
0x89, 0x23, 0xb3, 0xbe, 0xc6, 0xd0, 0x8f, 0xf6, 0x39, 0x80, 0xe5, 0xba, 0xac, 0xfb, 0x57, 0x11,
|
||||||
0x88, 0xb4, 0xad, 0x9a, 0x59, 0x1f, 0xfa, 0xd1, 0x4f, 0x59, 0x5b, 0xd1, 0x86, 0x27, 0x76, 0x80,
|
0x91, 0xb6, 0x55, 0x33, 0xeb, 0x43, 0x3f, 0xfa, 0x29, 0x6b, 0x2b, 0xda, 0xf0, 0xd8, 0x0e, 0x70,
|
||||||
0x43, 0x6e, 0x43, 0x82, 0x76, 0xc0, 0x01, 0xe8, 0x1d, 0xb8, 0x38, 0xc1, 0x13, 0x12, 0x9c, 0x5a,
|
0xc8, 0x6d, 0x48, 0xd0, 0x0e, 0x38, 0x00, 0xbd, 0x07, 0xe7, 0x27, 0x78, 0x42, 0x82, 0x13, 0x6b,
|
||||||
0x63, 0x77, 0xe2, 0x52, 0xcb, 0xf5, 0xac, 0xa3, 0x53, 0x8a, 0x43, 0x69, 0x38, 0x48, 0x74, 0x3e,
|
0xec, 0x4e, 0x5c, 0x6a, 0xb9, 0x9e, 0x75, 0x78, 0x42, 0x71, 0x28, 0x0d, 0x07, 0x89, 0xce, 0x07,
|
||||||
0x62, 0x7d, 0xbb, 0xde, 0xe7, 0xac, 0x07, 0x19, 0xd0, 0x22, 0x64, 0x62, 0x85, 0x43, 0x12, 0x60,
|
0xac, 0x6f, 0xcf, 0xfb, 0x92, 0xf5, 0x20, 0x03, 0x5a, 0x84, 0x4c, 0xac, 0x70, 0x48, 0x02, 0x6c,
|
||||||
0xcb, 0x76, 0xbe, 0xe6, 0x87, 0x47, 0xcd, 0x6c, 0x12, 0x32, 0x19, 0x30, 0x58, 0xdf, 0xf9, 0xda,
|
0xd9, 0xce, 0xb7, 0xfc, 0xf0, 0xa8, 0x99, 0x4d, 0x42, 0x26, 0x03, 0x06, 0xdb, 0x72, 0xbe, 0x35,
|
||||||
0xb0, 0xa1, 0x95, 0xca, 0x02, 0x59, 0xac, 0xcf, 0xd3, 0x3d, 0x19, 0xeb, 0xb3, 0x6f, 0x06, 0x0b,
|
0x6c, 0x68, 0xa5, 0xb2, 0x40, 0x16, 0xeb, 0xf3, 0x74, 0x4f, 0xc6, 0xfa, 0xec, 0x9b, 0xc1, 0x02,
|
||||||
0xc8, 0x58, 0xad, 0x03, 0xff, 0x66, 0x30, 0x7a, 0xea, 0xab, 0x40, 0x9f, 0x7f, 0xb3, 0x05, 0x1b,
|
0x32, 0x56, 0xeb, 0xc0, 0xbf, 0x19, 0x8c, 0x9e, 0xf8, 0x2a, 0xd0, 0xe7, 0xdf, 0x6c, 0xc1, 0xc6,
|
||||||
0xe3, 0xa7, 0x32, 0x11, 0x6f, 0x98, 0xa2, 0x61, 0x38, 0x00, 0x5b, 0xb6, 0x6f, 0x1f, 0xb9, 0x63,
|
0xf8, 0xa9, 0x4c, 0xc4, 0x1b, 0xa6, 0x68, 0x18, 0x0e, 0xc0, 0xb6, 0xed, 0xdb, 0x87, 0xee, 0xd8,
|
||||||
0x97, 0x9e, 0xa2, 0x9b, 0xd0, 0xb1, 0x1d, 0xc7, 0x1a, 0x2a, 0x88, 0x8b, 0x55, 0x55, 0x64, 0xc9,
|
0xa5, 0x27, 0xe8, 0x3a, 0x74, 0x6c, 0xc7, 0xb1, 0x86, 0x0a, 0xe2, 0x62, 0x55, 0x15, 0x59, 0xb2,
|
||||||
0x76, 0x9c, 0x2d, 0x0d, 0x8c, 0x7e, 0x04, 0xcb, 0x4e, 0x40, 0xfc, 0x34, 0xae, 0x28, 0x93, 0x74,
|
0x1d, 0x67, 0x5b, 0x03, 0xa3, 0x1f, 0xc1, 0xb2, 0x13, 0x10, 0x3f, 0x8d, 0x2b, 0xca, 0x24, 0x1d,
|
||||||
0x58, 0x87, 0x8e, 0x6c, 0xfc, 0xcd, 0x2c, 0x5c, 0x4d, 0xab, 0x25, 0x9b, 0x57, 0x7f, 0x00, 0x8b,
|
0xd6, 0xa1, 0x23, 0x1b, 0xff, 0x34, 0x0b, 0x97, 0xd3, 0x6a, 0xc9, 0xe6, 0xd5, 0x1f, 0xc1, 0x62,
|
||||||
0x99, 0x51, 0xd3, 0x09, 0x6d, 0x22, 0xa4, 0x99, 0x42, 0xcc, 0x64, 0x9e, 0xd5, 0x5c, 0xe6, 0x59,
|
0x66, 0xd4, 0x74, 0x42, 0x9b, 0x08, 0x69, 0xa6, 0x10, 0x33, 0x99, 0x67, 0x35, 0x97, 0x79, 0x16,
|
||||||
0x98, 0xb0, 0xd7, 0x7e, 0x88, 0x84, 0x7d, 0xf6, 0xfb, 0x24, 0xec, 0x73, 0x67, 0x4a, 0xd8, 0xdf,
|
0x26, 0xec, 0xb5, 0x1f, 0x22, 0x61, 0x9f, 0xfd, 0x3e, 0x09, 0xfb, 0xdc, 0xa9, 0x12, 0xf6, 0xb7,
|
||||||
0xe4, 0x25, 0x30, 0x45, 0xc4, 0xd3, 0xa6, 0x79, 0x51, 0xa7, 0x89, 0x71, 0x3c, 0x55, 0x2a, 0xcb,
|
0x79, 0x09, 0x4c, 0x11, 0xf1, 0xb4, 0x69, 0x5e, 0xd4, 0x69, 0x62, 0x1c, 0x4f, 0x95, 0xca, 0x32,
|
||||||
0x24, 0xf6, 0x0b, 0xe7, 0x49, 0xec, 0xeb, 0xa5, 0x89, 0x3d, 0xb3, 0x08, 0xdf, 0xb7, 0x83, 0x09,
|
0x89, 0xfd, 0xc2, 0x59, 0x12, 0xfb, 0x7a, 0x69, 0x62, 0xcf, 0x2c, 0xc2, 0xf7, 0xed, 0x60, 0x42,
|
||||||
0x09, 0x54, 0xe6, 0xde, 0x6d, 0x70, 0x11, 0x96, 0x14, 0x5c, 0x66, 0xed, 0xa5, 0x39, 0x3e, 0x94,
|
0x02, 0x95, 0xb9, 0x77, 0x1b, 0x5c, 0x84, 0x25, 0x05, 0x97, 0x59, 0x7b, 0x69, 0x8e, 0x0f, 0x65,
|
||||||
0xe6, 0xf8, 0xff, 0x50, 0x81, 0x95, 0xb4, 0x59, 0xc8, 0x9c, 0xed, 0x53, 0x68, 0x04, 0x6a, 0xdf,
|
0x39, 0x3e, 0xda, 0x80, 0x45, 0x8f, 0x58, 0x1e, 0x7e, 0x66, 0x31, 0x85, 0x85, 0xdd, 0xa6, 0xd0,
|
||||||
0x4a, 0x53, 0xd8, 0x48, 0xc7, 0x46, 0xf9, 0xfd, 0x6d, 0x26, 0x24, 0xe8, 0xa7, 0xa5, 0xd9, 0xff,
|
0x9e, 0x47, 0xfa, 0xf8, 0xd9, 0x3e, 0x83, 0x18, 0x7f, 0x5f, 0x81, 0x95, 0xb4, 0xe1, 0xc8, 0xac,
|
||||||
0x9b, 0x25, 0x6c, 0x5e, 0x94, 0xff, 0x1b, 0x7d, 0x58, 0x8e, 0x91, 0xa7, 0xe6, 0xde, 0x5a, 0x2e,
|
0xee, 0x73, 0x68, 0x04, 0x6a, 0x67, 0x4b, 0x63, 0xd9, 0x48, 0x47, 0x4f, 0x79, 0x0f, 0x60, 0x26,
|
||||||
0x5d, 0x4d, 0xe7, 0xd2, 0x1e, 0xcc, 0x6f, 0xe3, 0xa7, 0xee, 0x10, 0xff, 0x20, 0xe5, 0xb7, 0x0d,
|
0x24, 0xe8, 0xa7, 0xa5, 0xf5, 0x81, 0xb7, 0x4b, 0xd8, 0xbc, 0xac, 0x42, 0x60, 0x6c, 0xc1, 0x72,
|
||||||
0x68, 0xfa, 0x38, 0x98, 0xb8, 0x61, 0x18, 0x9b, 0x74, 0xc3, 0xd4, 0x41, 0xc6, 0x7f, 0xcd, 0xc1,
|
0x8c, 0x3c, 0x35, 0x3b, 0xd7, 0xb2, 0xed, 0x6a, 0x3a, 0xdb, 0xf6, 0x60, 0x7e, 0x07, 0x3f, 0x75,
|
||||||
0x52, 0x76, 0x65, 0xdf, 0xcf, 0xa5, 0xee, 0xbd, 0x64, 0x8f, 0x65, 0xe7, 0xa7, 0x9d, 0x9f, 0x37,
|
0x87, 0xf8, 0x07, 0x29, 0xd0, 0x6d, 0x40, 0xd3, 0xc7, 0xc1, 0xc4, 0x0d, 0xc3, 0xd8, 0xe8, 0x1b,
|
||||||
0x94, 0x8b, 0xae, 0x66, 0x22, 0xf8, 0xd8, 0x8b, 0x4b, 0xb7, 0xcd, 0xe6, 0x3f, 0x24, 0x93, 0x89,
|
0xa6, 0x0e, 0x32, 0xfe, 0x6b, 0x0e, 0x96, 0xb2, 0x2b, 0xfb, 0x61, 0x2e, 0xb9, 0xef, 0x25, 0xbb,
|
||||||
0xed, 0x39, 0xaa, 0x34, 0x2a, 0x9b, 0x6c, 0xb5, 0xec, 0x60, 0xc4, 0x36, 0x0e, 0x03, 0xf3, 0x6f,
|
0x30, 0x3b, 0x3f, 0xed, 0x84, 0xbd, 0xa6, 0x9c, 0x78, 0x35, 0x13, 0xe3, 0xc7, 0x7e, 0x5e, 0x3a,
|
||||||
0xf4, 0x1a, 0x34, 0x59, 0x24, 0xec, 0x7a, 0x3c, 0xf3, 0xe7, 0xdb, 0xa2, 0x61, 0x82, 0x04, 0x6d,
|
0x76, 0x36, 0xff, 0x21, 0x99, 0x4c, 0x6c, 0xcf, 0x51, 0xc5, 0x53, 0xd9, 0x64, 0xab, 0x65, 0x07,
|
||||||
0xbb, 0x01, 0xba, 0x0e, 0xb3, 0xd8, 0x7b, 0xaa, 0x4e, 0xca, 0xa4, 0x76, 0xaa, 0x8e, 0x06, 0x93,
|
0x23, 0xb6, 0xb5, 0x18, 0x98, 0x7f, 0xa3, 0x37, 0xa0, 0xc9, 0x62, 0x65, 0xd7, 0xe3, 0xb5, 0x01,
|
||||||
0x77, 0xa3, 0x37, 0x61, 0x7e, 0x42, 0x22, 0x8f, 0xaa, 0x98, 0xb8, 0x1d, 0x23, 0xf2, 0x82, 0xa7,
|
0xbe, 0x71, 0x1a, 0x26, 0x48, 0xd0, 0x8e, 0x1b, 0xa0, 0xab, 0x30, 0x8b, 0xbd, 0xa7, 0xea, 0x2c,
|
||||||
0x29, 0x7b, 0xd1, 0x4d, 0x58, 0x70, 0xb8, 0x0e, 0x54, 0xe0, 0xbb, 0x94, 0x54, 0x0f, 0x38, 0xdc,
|
0x4d, 0xaa, 0xab, 0xea, 0xf0, 0x30, 0x79, 0x37, 0x7a, 0x1b, 0xe6, 0x27, 0x24, 0xf2, 0xa8, 0x8a,
|
||||||
0x54, 0xfd, 0xe8, 0xe3, 0xf8, 0x8c, 0x6f, 0x64, 0x4e, 0xe9, 0xcc, 0xa2, 0x16, 0x1e, 0xf4, 0x0f,
|
0x9a, 0xdb, 0x31, 0x22, 0x2f, 0x89, 0x9a, 0xb2, 0x17, 0x5d, 0x87, 0x05, 0x87, 0xeb, 0x40, 0x85,
|
||||||
0xd3, 0x07, 0x3d, 0x70, 0x16, 0x37, 0x4b, 0x59, 0x4c, 0xcf, 0xfd, 0x2f, 0x41, 0x7d, 0x4c, 0x46,
|
0xc6, 0x4b, 0x49, 0x7d, 0x81, 0xc3, 0x4d, 0xd5, 0x8f, 0x3e, 0x8d, 0xa3, 0x80, 0x46, 0xe6, 0x1c,
|
||||||
0xc2, 0x0e, 0x9a, 0xa2, 0x90, 0x3e, 0x26, 0x23, 0x6e, 0x06, 0x2b, 0x2c, 0xb0, 0x71, 0x5c, 0xaf,
|
0xcf, 0x2c, 0x6a, 0x61, 0x28, 0x70, 0x3f, 0x1d, 0x0a, 0x00, 0x67, 0x71, 0xbd, 0x94, 0xc5, 0xf4,
|
||||||
0xbb, 0xc8, 0x37, 0xbc, 0x68, 0xb0, 0xf3, 0x8a, 0x7f, 0x58, 0xc4, 0x1b, 0xe2, 0x6e, 0x8b, 0x77,
|
0xea, 0xc0, 0x05, 0xa8, 0x8f, 0xc9, 0x48, 0xd8, 0x41, 0x53, 0x94, 0xda, 0xc7, 0x64, 0xc4, 0xcd,
|
||||||
0x35, 0x38, 0x64, 0xdf, 0x1b, 0xf2, 0xe3, 0x94, 0xd2, 0xd3, 0x6e, 0x9b, 0xc3, 0xd9, 0x27, 0x8b,
|
0x60, 0x85, 0x85, 0x3e, 0x8e, 0xeb, 0x75, 0x17, 0xf9, 0xf6, 0x12, 0x0d, 0x76, 0xa2, 0xf1, 0x0f,
|
||||||
0x47, 0x45, 0x26, 0xb2, 0x94, 0x89, 0x47, 0x8b, 0xf6, 0xe7, 0x2b, 0x50, 0x5c, 0xf8, 0xa7, 0x0a,
|
0x8b, 0x78, 0x43, 0xdc, 0x6d, 0xf1, 0xae, 0x06, 0x87, 0x3c, 0xf2, 0x86, 0xfc, 0xc0, 0xa5, 0xf4,
|
||||||
0xac, 0x6e, 0xf1, 0x70, 0x4c, 0xf3, 0x04, 0xe7, 0x48, 0x8e, 0xd1, 0xdd, 0xb8, 0x0a, 0x91, 0xcd,
|
0xa4, 0xdb, 0xe6, 0x70, 0xf6, 0xc9, 0x22, 0x56, 0x91, 0xab, 0x2c, 0x65, 0x22, 0xd6, 0xa2, 0xfd,
|
||||||
0x71, 0xb3, 0x93, 0x95, 0x78, 0xe8, 0x3e, 0xb4, 0x15, 0x4f, 0x49, 0x59, 0x7b, 0x51, 0xfd, 0xa2,
|
0xf9, 0x1a, 0x94, 0x1f, 0xfe, 0xb1, 0x02, 0xab, 0xdb, 0x3c, 0x60, 0xd3, 0x3c, 0xc1, 0x19, 0xd2,
|
||||||
0x15, 0xea, 0x4d, 0xe3, 0x63, 0x58, 0xcb, 0xc9, 0x2c, 0x43, 0xa7, 0xd7, 0x61, 0x31, 0xf1, 0x08,
|
0x67, 0x74, 0x3b, 0xae, 0x53, 0x64, 0xb3, 0xe0, 0xec, 0x64, 0x25, 0x1e, 0xba, 0x0b, 0x6d, 0xc5,
|
||||||
0xb1, 0xc8, 0xcd, 0x18, 0xb6, 0xeb, 0x18, 0xf7, 0xe0, 0xe2, 0x80, 0xda, 0x01, 0xcd, 0x4d, 0xf8,
|
0x53, 0x52, 0xd6, 0x5e, 0x56, 0xe1, 0x68, 0x85, 0x7a, 0xd3, 0xf8, 0x14, 0xd6, 0x72, 0x32, 0xcb,
|
||||||
0x0c, 0xb4, 0xbc, 0x84, 0x91, 0xa6, 0x95, 0x55, 0x86, 0x01, 0xac, 0x0c, 0x28, 0xf1, 0x5f, 0x82,
|
0xe0, 0xea, 0x4d, 0x58, 0x4c, 0x3c, 0x42, 0x2c, 0x72, 0x33, 0x86, 0xed, 0x39, 0xc6, 0x1d, 0x38,
|
||||||
0x29, 0xdb, 0xe9, 0x6c, 0xda, 0x24, 0xa2, 0x32, 0x5e, 0x52, 0x4d, 0x63, 0x4d, 0x14, 0x5c, 0xf2,
|
0x3f, 0xa0, 0x76, 0x40, 0x73, 0x13, 0x3e, 0x05, 0x2d, 0x2f, 0x72, 0xa4, 0x69, 0x65, 0x1d, 0x62,
|
||||||
0xa3, 0x7d, 0x04, 0xab, 0xa2, 0xde, 0xf1, 0x32, 0x93, 0xb8, 0xa4, 0xaa, 0x2d, 0x79, 0xbe, 0xdb,
|
0x00, 0x2b, 0x03, 0x4a, 0xfc, 0x57, 0x60, 0xca, 0x76, 0x3a, 0x9b, 0x36, 0x89, 0xa8, 0x8c, 0xa8,
|
||||||
0x70, 0x21, 0x71, 0xe5, 0x49, 0xea, 0x76, 0x3b, 0x9d, 0xba, 0xad, 0xe5, 0x75, 0x9c, 0xca, 0xdc,
|
0x54, 0xd3, 0x58, 0x13, 0x25, 0x99, 0xfc, 0x68, 0x9f, 0xc0, 0xaa, 0xa8, 0x88, 0xbc, 0xca, 0x24,
|
||||||
0xfe, 0xba, 0xaa, 0x39, 0xcc, 0x92, 0xc4, 0x6d, 0x33, 0x9d, 0xb8, 0x5d, 0x29, 0x61, 0x99, 0xca,
|
0x2e, 0xa8, 0x7a, 0x4c, 0x9e, 0xef, 0x0e, 0x9c, 0x4b, 0x5c, 0x79, 0x92, 0xdc, 0xdd, 0x4c, 0x27,
|
||||||
0xdb, 0xf2, 0x16, 0x59, 0x2b, 0xb0, 0x48, 0x33, 0x97, 0xdd, 0xcd, 0x66, 0x0a, 0xcd, 0x19, 0xd9,
|
0x77, 0x6b, 0x79, 0x1d, 0xa7, 0x72, 0xbb, 0xbf, 0xae, 0x6a, 0x0e, 0xb3, 0x24, 0xb5, 0xdb, 0x4c,
|
||||||
0x7e, 0x2f, 0xc9, 0xdd, 0xae, 0x48, 0xee, 0xe2, 0xa1, 0xe3, 0x1a, 0xd4, 0xdd, 0x4c, 0x72, 0xd7,
|
0xa7, 0x76, 0x97, 0x4a, 0x58, 0xa6, 0x32, 0xbb, 0xbc, 0x45, 0xd6, 0x0a, 0x2c, 0xd2, 0xcc, 0xe5,
|
||||||
0x2d, 0x13, 0x33, 0xce, 0xed, 0xfe, 0x6a, 0x16, 0x1a, 0x71, 0x5f, 0x6e, 0x61, 0xf3, 0x8b, 0x54,
|
0x7f, 0xb3, 0x99, 0x52, 0x74, 0x46, 0xb6, 0xdf, 0x4b, 0xfa, 0xb7, 0x27, 0xd2, 0xbf, 0x78, 0xe8,
|
||||||
0x2d, 0x58, 0x24, 0xfd, 0xfc, 0xaa, 0xbd, 0xcc, 0xf9, 0x35, 0xfb, 0xa2, 0xf3, 0xeb, 0x32, 0x34,
|
0xb8, 0x4a, 0x75, 0x3b, 0x93, 0xfe, 0x75, 0xcb, 0xc4, 0x8c, 0xb3, 0xbf, 0xbf, 0x9a, 0x85, 0x46,
|
||||||
0xf8, 0x87, 0x15, 0xe0, 0x63, 0x79, 0x1e, 0xd5, 0x39, 0xc0, 0xc4, 0xc7, 0x89, 0x41, 0xcd, 0x9f,
|
0xdc, 0x97, 0x5b, 0xd8, 0xfc, 0x22, 0x55, 0x0b, 0x16, 0x49, 0x3f, 0xbf, 0x6a, 0xaf, 0x72, 0x7e,
|
||||||
0xc5, 0xa0, 0x32, 0x59, 0xe4, 0x42, 0x36, 0x8b, 0x7c, 0x3f, 0x3e, 0x61, 0xc4, 0x59, 0xb4, 0x9e,
|
0xcd, 0xbe, 0xec, 0xfc, 0xba, 0x08, 0x0d, 0xfe, 0x61, 0x05, 0xf8, 0x48, 0x9e, 0x47, 0x75, 0x0e,
|
||||||
0x67, 0x57, 0x78, 0xb6, 0xec, 0xa4, 0xcf, 0x16, 0x71, 0x3c, 0x5d, 0x2b, 0x20, 0x7e, 0x65, 0x73,
|
0x30, 0xf1, 0x51, 0x62, 0x50, 0xf3, 0xa7, 0x31, 0xa8, 0x4c, 0x9e, 0xb9, 0x90, 0xcd, 0x33, 0x3f,
|
||||||
0xc8, 0x47, 0x22, 0x87, 0xd4, 0xad, 0x4a, 0x3a, 0xc2, 0x4d, 0x80, 0x78, 0xcf, 0xab, 0x44, 0x12,
|
0x8c, 0x4f, 0x18, 0x71, 0x16, 0xad, 0xe7, 0xd9, 0x15, 0x9e, 0x2d, 0xbb, 0xe9, 0xb3, 0x45, 0x1c,
|
||||||
0xe5, 0xa7, 0x66, 0x6a, 0x58, 0xcc, 0xab, 0xa4, 0xd6, 0x3f, 0x29, 0x94, 0x9e, 0xc1, 0xab, 0xfc,
|
0x4f, 0x57, 0x0a, 0x88, 0x5f, 0xdb, 0x2c, 0xf3, 0x81, 0xc8, 0x32, 0x75, 0xab, 0x92, 0x8e, 0x70,
|
||||||
0x8b, 0x1e, 0x25, 0x95, 0xd4, 0x1a, 0xdf, 0xcf, 0x95, 0x1d, 0xce, 0x66, 0x75, 0xb7, 0xd3, 0x55,
|
0x13, 0x20, 0xde, 0xf3, 0x2a, 0xd5, 0x44, 0xf9, 0xa9, 0x99, 0x1a, 0x16, 0xf3, 0x2a, 0xa9, 0xf5,
|
||||||
0x87, 0xf3, 0x99, 0x4b, 0xae, 0xe8, 0xc0, 0x0f, 0x75, 0x3b, 0x90, 0xdd, 0x22, 0x5f, 0x6c, 0x48,
|
0x4f, 0x4a, 0xa9, 0xa7, 0xf0, 0x2a, 0xff, 0xa2, 0x47, 0x49, 0x25, 0xd5, 0xc8, 0x0f, 0x73, 0x85,
|
||||||
0x48, 0x9f, 0xb2, 0x50, 0xea, 0xd8, 0xf5, 0xdc, 0xf0, 0x44, 0xf4, 0xcf, 0xf3, 0x7e, 0x50, 0xa0,
|
0x89, 0xd3, 0x59, 0xdd, 0xcd, 0x74, 0x5d, 0xe2, 0x6c, 0xe6, 0x92, 0x2b, 0x4b, 0xf0, 0x43, 0xdd,
|
||||||
0x3e, 0xbf, 0x34, 0xc6, 0xcf, 0x5c, 0x6a, 0x0d, 0x89, 0x83, 0xb9, 0x31, 0xce, 0x99, 0x75, 0x06,
|
0x0e, 0x64, 0xb7, 0xc8, 0x28, 0x1b, 0x12, 0xb2, 0x45, 0x59, 0x28, 0x75, 0xe4, 0x7a, 0x6e, 0x78,
|
||||||
0xd8, 0x22, 0x0e, 0x4e, 0x36, 0x48, 0xfd, 0x5c, 0x1b, 0xa4, 0x91, 0xd9, 0x20, 0xab, 0x30, 0x1f,
|
0x2c, 0xfa, 0xe7, 0x79, 0x3f, 0x28, 0xd0, 0x16, 0xbf, 0x56, 0xc6, 0xcf, 0x5d, 0x6a, 0x0d, 0x89,
|
||||||
0x60, 0x3b, 0x24, 0x9e, 0x0c, 0xfb, 0x65, 0x8b, 0x9d, 0x15, 0x13, 0x1c, 0x86, 0x6c, 0x00, 0x19,
|
0x83, 0xb9, 0x31, 0xce, 0x99, 0x75, 0x06, 0xd8, 0x26, 0x0e, 0x4e, 0x36, 0x48, 0xfd, 0x4c, 0x1b,
|
||||||
0xc0, 0xc8, 0xa6, 0x16, 0x66, 0x2d, 0x96, 0x85, 0x59, 0x53, 0x8a, 0x99, 0x99, 0x30, 0xab, 0x55,
|
0xa4, 0x91, 0xd9, 0x20, 0xab, 0x30, 0x1f, 0x60, 0x3b, 0x24, 0x9e, 0x4c, 0x0c, 0x64, 0x8b, 0x9d,
|
||||||
0x16, 0x66, 0x9d, 0xa5, 0x96, 0xa9, 0x05, 0x91, 0xed, 0xa9, 0x41, 0xa4, 0x1e, 0x8e, 0x2d, 0xa5,
|
0x15, 0x13, 0x1c, 0x86, 0x6c, 0x00, 0x19, 0xc0, 0xc8, 0xa6, 0x16, 0x66, 0x2d, 0x96, 0x85, 0x59,
|
||||||
0xc2, 0xb1, 0x3f, 0xe4, 0x9e, 0x7a, 0x08, 0x6b, 0xb9, 0x5d, 0x20, 0x37, 0xd5, 0xdd, 0x4c, 0x35,
|
0x53, 0xca, 0x9d, 0x99, 0x30, 0xab, 0x55, 0x16, 0x66, 0x9d, 0xa6, 0xda, 0xa9, 0x05, 0x91, 0xed,
|
||||||
0xb4, 0x5b, 0xb6, 0x40, 0x71, 0x31, 0xf4, 0x4f, 0x61, 0x69, 0xe7, 0x19, 0x1e, 0x0e, 0x4e, 0xbd,
|
0xa9, 0x41, 0xa4, 0x1e, 0x8e, 0x2d, 0xa5, 0xc2, 0xb1, 0x3f, 0xe4, 0x9e, 0xba, 0x0f, 0x6b, 0xb9,
|
||||||
0xe1, 0x39, 0x22, 0x82, 0x0e, 0xd4, 0x86, 0x13, 0x47, 0x96, 0x01, 0xd8, 0xa7, 0x1e, 0x23, 0xd4,
|
0x5d, 0x20, 0x37, 0xd5, 0xed, 0x4c, 0xbd, 0xb4, 0x5b, 0xb6, 0x40, 0x71, 0xb9, 0xf4, 0x4f, 0x61,
|
||||||
0xd2, 0x31, 0x82, 0x05, 0x9d, 0x64, 0x04, 0x29, 0xe7, 0x2a, 0x93, 0xd3, 0x61, 0xc8, 0x8c, 0xf9,
|
0x69, 0xf7, 0x39, 0x1e, 0x0e, 0x4e, 0xbc, 0xe1, 0x19, 0x22, 0x82, 0x0e, 0xd4, 0x86, 0x13, 0x47,
|
||||||
0xa2, 0x29, 0x5b, 0x12, 0x8e, 0x83, 0x80, 0xcf, 0x5a, 0xc0, 0x71, 0x10, 0xa4, 0x2d, 0xba, 0x96,
|
0x16, 0x0a, 0xd8, 0xa7, 0x1e, 0x23, 0xd4, 0xd2, 0x31, 0x82, 0x05, 0x9d, 0x64, 0x04, 0x29, 0xe7,
|
||||||
0xb6, 0x68, 0xe3, 0x6b, 0x68, 0xb2, 0x01, 0xbe, 0x97, 0xf8, 0x32, 0x50, 0xae, 0x25, 0x81, 0x72,
|
0x2a, 0x93, 0xd3, 0x61, 0xc8, 0x8c, 0xf9, 0xa2, 0x29, 0x5b, 0x12, 0x8e, 0x83, 0x80, 0xcf, 0x5a,
|
||||||
0x1c, 0x6f, 0xcf, 0x6a, 0xf1, 0xb6, 0xb1, 0x01, 0x8b, 0x62, 0x2c, 0x39, 0x91, 0x0e, 0xd4, 0xa2,
|
0xc0, 0x71, 0x10, 0xa4, 0x2d, 0xba, 0x96, 0xb6, 0x68, 0xe3, 0x5b, 0x68, 0xb2, 0x01, 0xbe, 0x97,
|
||||||
0x60, 0xac, 0xf4, 0x16, 0x05, 0x63, 0xe3, 0x8f, 0xa1, 0xd5, 0xa7, 0xd4, 0x1e, 0x9e, 0x9c, 0x43,
|
0xf8, 0x32, 0x50, 0xae, 0x25, 0x81, 0x72, 0x1c, 0x6f, 0xcf, 0x6a, 0xf1, 0xb6, 0xb1, 0x01, 0x8b,
|
||||||
0x9e, 0x78, 0xac, 0xaa, 0x1e, 0xdb, 0xe7, 0x64, 0x32, 0x0c, 0x68, 0x2b, 0xde, 0xa5, 0xe3, 0xef,
|
0x62, 0x2c, 0x39, 0x91, 0x0e, 0xd4, 0xa2, 0x60, 0xac, 0xf4, 0x16, 0x05, 0x63, 0xe3, 0x8f, 0xa1,
|
||||||
0x01, 0x3a, 0x20, 0x01, 0x7d, 0x40, 0x82, 0x6f, 0xed, 0xc0, 0x39, 0x5f, 0xac, 0x8c, 0x60, 0x56,
|
0xb5, 0x45, 0xa9, 0x3d, 0x3c, 0x3e, 0x83, 0x3c, 0xf1, 0x58, 0x55, 0x3d, 0xb6, 0xcf, 0xc9, 0x64,
|
||||||
0x3e, 0x45, 0xa9, 0xdd, 0x98, 0x33, 0xf9, 0xb7, 0xf1, 0x16, 0x5c, 0x48, 0xf1, 0x2b, 0x1d, 0xf8,
|
0x18, 0xd0, 0x56, 0xbc, 0x4b, 0xc7, 0xef, 0x03, 0xda, 0x27, 0x01, 0xbd, 0x47, 0x82, 0x67, 0x76,
|
||||||
0x03, 0x68, 0x72, 0x17, 0x22, 0xe3, 0xa9, 0x1b, 0x7a, 0xad, 0x6f, 0x9a, 0x9f, 0x61, 0x19, 0x37,
|
0xe0, 0x9c, 0x2d, 0x56, 0x46, 0x30, 0x2b, 0x1f, 0xab, 0xd4, 0xae, 0xcd, 0x99, 0xfc, 0xdb, 0x78,
|
||||||
0x3b, 0x23, 0x38, 0x3c, 0x76, 0xe8, 0x3f, 0xce, 0x44, 0x1d, 0x2b, 0x69, 0xfa, 0x4c, 0xc4, 0xf1,
|
0x07, 0xce, 0xa5, 0xf8, 0x95, 0x0e, 0xfc, 0x11, 0x34, 0xb9, 0x0b, 0x91, 0xf1, 0xd4, 0x35, 0xbd,
|
||||||
0x8f, 0x15, 0x98, 0xe3, 0xf0, 0x9c, 0x47, 0xbf, 0x0c, 0x8d, 0x00, 0xfb, 0xc4, 0xa2, 0xf6, 0x28,
|
0x1a, 0x38, 0xcd, 0xcf, 0xb0, 0x8c, 0x9b, 0x9d, 0x11, 0x1c, 0x1e, 0x3b, 0xf4, 0x1f, 0x67, 0xa2,
|
||||||
0x7e, 0xdd, 0xc3, 0x00, 0x4f, 0xec, 0x51, 0xc8, 0x1f, 0x27, 0xb1, 0x4e, 0xc7, 0x1d, 0xe1, 0x90,
|
0x8e, 0x95, 0x34, 0x7d, 0x26, 0xe2, 0xf8, 0x87, 0x0a, 0xcc, 0x71, 0x78, 0xce, 0xa3, 0x5f, 0x84,
|
||||||
0xaa, 0x27, 0x3e, 0x4d, 0x06, 0xdb, 0x16, 0x20, 0xb6, 0x24, 0xa1, 0xfb, 0x67, 0x22, 0x9c, 0x98,
|
0x46, 0x80, 0x7d, 0x62, 0x51, 0x7b, 0x14, 0xbf, 0xff, 0x61, 0x80, 0xc7, 0xf6, 0x28, 0xe4, 0xcf,
|
||||||
0x35, 0xf9, 0x37, 0xba, 0x2e, 0x6e, 0xdd, 0xa7, 0x94, 0x76, 0xf8, 0x55, 0x7c, 0x0f, 0xea, 0x99,
|
0x97, 0x58, 0xa7, 0xe3, 0x8e, 0x70, 0x48, 0xd5, 0x23, 0xa0, 0x26, 0x83, 0xed, 0x08, 0x10, 0x5b,
|
||||||
0x6a, 0x4e, 0xdc, 0x36, 0x3e, 0x06, 0xa4, 0xcf, 0x59, 0x2e, 0xea, 0x9b, 0x30, 0xcf, 0x97, 0x44,
|
0x92, 0xd0, 0xfd, 0x33, 0x11, 0x4e, 0xcc, 0x9a, 0xfc, 0x1b, 0x5d, 0x15, 0xf7, 0xf2, 0x53, 0x8a,
|
||||||
0x9d, 0x87, 0xed, 0xf4, 0xa4, 0x4d, 0xd9, 0x6b, 0x7c, 0x0a, 0x48, 0xac, 0x62, 0xea, 0x0c, 0x3c,
|
0x3f, 0xfc, 0xb2, 0xbe, 0x07, 0xf5, 0x4c, 0xbd, 0x27, 0x6e, 0x1b, 0x9f, 0x02, 0xd2, 0xe7, 0x2c,
|
||||||
0xfb, 0x8a, 0x7f, 0x04, 0x17, 0x52, 0xf4, 0xf1, 0x25, 0x6b, 0x8a, 0x41, 0x76, 0x74, 0x49, 0xfc,
|
0x17, 0xf5, 0x6d, 0x98, 0xe7, 0x4b, 0xa2, 0xce, 0xc3, 0x76, 0x7a, 0xd2, 0xa6, 0xec, 0x35, 0x3e,
|
||||||
0x6f, 0x15, 0x80, 0x7e, 0x44, 0x4f, 0x64, 0xa1, 0x41, 0x9f, 0x65, 0x25, 0x3d, 0x4b, 0xd6, 0xe7,
|
0x07, 0x24, 0x56, 0x31, 0x75, 0x06, 0x9e, 0x7e, 0xc5, 0x3f, 0x81, 0x73, 0x29, 0xfa, 0xf8, 0x1a,
|
||||||
0xdb, 0x61, 0xf8, 0x2d, 0x09, 0x54, 0x90, 0x17, 0xb7, 0x79, 0x91, 0x20, 0xa2, 0x27, 0xaa, 0x74,
|
0x36, 0xc5, 0x20, 0x3b, 0xba, 0x24, 0xfe, 0xb7, 0x0a, 0xc0, 0x56, 0x44, 0x8f, 0x65, 0xa1, 0x41,
|
||||||
0xc9, 0xbe, 0xd1, 0x75, 0x68, 0x8b, 0x47, 0x59, 0x96, 0xed, 0x38, 0x01, 0x0e, 0x43, 0x59, 0xc3,
|
0x9f, 0x65, 0x25, 0x3d, 0x4b, 0xd6, 0xe7, 0xdb, 0x61, 0xf8, 0x8c, 0x04, 0x2a, 0xc8, 0x8b, 0xdb,
|
||||||
0x6c, 0x09, 0x68, 0x5f, 0x00, 0x19, 0x9a, 0xeb, 0x60, 0x8f, 0xba, 0xf4, 0xd4, 0xa2, 0xe4, 0x1b,
|
0xbc, 0x48, 0x10, 0xd1, 0x63, 0x55, 0xdc, 0x64, 0xdf, 0xe8, 0x2a, 0xb4, 0xc5, 0xb3, 0x2d, 0xcb,
|
||||||
0xec, 0xc9, 0xf0, 0xad, 0xa5, 0xa0, 0x4f, 0x18, 0x90, 0xa1, 0x05, 0x78, 0xe4, 0x86, 0x34, 0x50,
|
0x76, 0x9c, 0x00, 0x87, 0xa1, 0xac, 0x72, 0xb6, 0x04, 0x74, 0x4b, 0x00, 0x19, 0x9a, 0xeb, 0x60,
|
||||||
0x68, 0xaa, 0xa6, 0x26, 0xa1, 0x1c, 0xcd, 0xf8, 0x75, 0x05, 0x3a, 0x07, 0xd1, 0x78, 0x2c, 0x26,
|
0x8f, 0xba, 0xf4, 0xc4, 0xa2, 0xe4, 0x09, 0xf6, 0x64, 0xf8, 0xd6, 0x52, 0xd0, 0xc7, 0x0c, 0xc8,
|
||||||
0x79, 0xde, 0xb5, 0x44, 0x6f, 0xc9, 0x79, 0x54, 0x33, 0xd6, 0x90, 0x2c, 0x91, 0x9c, 0xdc, 0xf7,
|
0xd0, 0x02, 0x3c, 0x72, 0x43, 0x1a, 0x28, 0x34, 0x55, 0x75, 0x93, 0x50, 0x8e, 0x66, 0xfc, 0xba,
|
||||||
0x4f, 0x2b, 0xef, 0xc2, 0xb2, 0x26, 0xa8, 0x54, 0x5a, 0xea, 0x94, 0xae, 0xa4, 0x4f, 0x69, 0x66,
|
0x02, 0x9d, 0xfd, 0x68, 0x3c, 0x16, 0x93, 0x3c, 0xeb, 0x5a, 0xa2, 0x77, 0xe4, 0x3c, 0xaa, 0x19,
|
||||||
0x28, 0x22, 0x93, 0x7a, 0xb9, 0xc9, 0x19, 0x17, 0xe1, 0x42, 0x8a, 0x5e, 0x66, 0x61, 0xb7, 0xa0,
|
0x6b, 0x48, 0x96, 0x48, 0x4e, 0xee, 0xfb, 0xa7, 0x95, 0xb7, 0x61, 0x59, 0x13, 0x54, 0x2a, 0x2d,
|
||||||
0x25, 0x2f, 0x3a, 0xa5, 0x11, 0x5c, 0x82, 0x3a, 0x73, 0x2f, 0x43, 0xd7, 0x51, 0x35, 0xeb, 0x05,
|
0x75, 0x4a, 0x57, 0xd2, 0xa7, 0x34, 0x33, 0x14, 0x91, 0x49, 0xbd, 0xda, 0xe4, 0x8c, 0xf3, 0x70,
|
||||||
0x9f, 0x38, 0x5b, 0xae, 0x13, 0x18, 0x7b, 0xd0, 0x32, 0x05, 0x7b, 0x89, 0xfb, 0x09, 0xb4, 0xe5,
|
0x2e, 0x45, 0x2f, 0xb3, 0xb0, 0x1b, 0xd0, 0x92, 0x57, 0xa1, 0xd2, 0x08, 0x2e, 0x40, 0x9d, 0xb9,
|
||||||
0xb5, 0xa8, 0x95, 0x7a, 0x1e, 0x90, 0x14, 0x58, 0x53, 0xbc, 0xcd, 0x96, 0xa7, 0x37, 0x8d, 0x5f,
|
0x97, 0xa1, 0xeb, 0xa8, 0xaa, 0xf6, 0x82, 0x4f, 0x9c, 0x6d, 0xd7, 0x09, 0x8c, 0x3e, 0xb4, 0x4c,
|
||||||
0x42, 0xef, 0xd0, 0x77, 0x58, 0x30, 0xa5, 0x73, 0x55, 0x53, 0xfb, 0x04, 0xd4, 0xa3, 0xc1, 0x32,
|
0xc1, 0x5e, 0xe2, 0x7e, 0x06, 0x6d, 0x79, 0x71, 0x6a, 0xa5, 0x1e, 0x10, 0x24, 0x25, 0xd8, 0x14,
|
||||||
0xe6, 0x69, 0xb2, 0x56, 0xa0, 0x37, 0x8d, 0xab, 0x70, 0xb9, 0x90, 0xb9, 0x9c, 0xb7, 0x0f, 0x9d,
|
0x6f, 0xb3, 0xe5, 0xe9, 0x4d, 0xe3, 0x97, 0xd0, 0x3b, 0xf0, 0x1d, 0x16, 0x4c, 0xe9, 0x5c, 0xd5,
|
||||||
0xa4, 0xc3, 0x71, 0x55, 0xa9, 0x9e, 0x97, 0xe0, 0x2b, 0x5a, 0x09, 0x7e, 0x35, 0x3e, 0x86, 0x85,
|
0xd4, 0x3e, 0x03, 0xf5, 0xac, 0xb0, 0x8c, 0x79, 0x9a, 0xac, 0x15, 0xe8, 0x4d, 0xe3, 0x32, 0x5c,
|
||||||
0x43, 0x97, 0x2d, 0x2d, 0x68, 0xaa, 0x95, 0x05, 0x4d, 0xb3, 0xa9, 0xa0, 0xc9, 0xf8, 0x32, 0x5e,
|
0x2c, 0x64, 0x2e, 0xe7, 0xed, 0x43, 0x27, 0xe9, 0x70, 0x5c, 0x55, 0xcc, 0xe7, 0x45, 0xfa, 0x8a,
|
||||||
0x3d, 0x19, 0xb1, 0x7e, 0xc8, 0xc3, 0x66, 0x31, 0xb6, 0x72, 0x13, 0x97, 0x0a, 0x26, 0x27, 0x30,
|
0x56, 0xa4, 0x5f, 0x8d, 0x8f, 0x61, 0xe1, 0xd0, 0x65, 0x4b, 0x0b, 0x9a, 0x6a, 0x65, 0x41, 0xd3,
|
||||||
0x4c, 0x0d, 0xd9, 0x58, 0x82, 0x56, 0xca, 0x61, 0x18, 0xf7, 0xa1, 0x9d, 0xf1, 0x00, 0x77, 0x32,
|
0x6c, 0x2a, 0x68, 0x32, 0xbe, 0x8e, 0x57, 0x4f, 0x46, 0xac, 0x1f, 0xf3, 0xb0, 0x59, 0x8c, 0xad,
|
||||||
0xf1, 0x43, 0x6e, 0xd9, 0x32, 0xd1, 0xc3, 0x8a, 0x74, 0x44, 0x0f, 0xc2, 0x5d, 0xef, 0x98, 0x28,
|
0xdc, 0xc4, 0x85, 0x82, 0xc9, 0x09, 0x0c, 0x53, 0x43, 0x36, 0x96, 0xa0, 0x95, 0x72, 0x18, 0xc6,
|
||||||
0xbe, 0xd7, 0xa0, 0x79, 0x58, 0xf6, 0x00, 0x6f, 0x56, 0xdd, 0xe0, 0xbc, 0x05, 0xcb, 0x03, 0x4a,
|
0x5d, 0x68, 0x67, 0x3c, 0xc0, 0xad, 0x4c, 0xfc, 0x90, 0x5b, 0xb6, 0x4c, 0xf4, 0xb0, 0x22, 0x1d,
|
||||||
0x02, 0x7b, 0x84, 0x77, 0xf9, 0xae, 0x3d, 0x76, 0xc5, 0x1d, 0x47, 0x14, 0xc5, 0xfe, 0x9b, 0x7f,
|
0xd1, 0xbd, 0x70, 0xcf, 0x3b, 0x22, 0x8a, 0xef, 0x15, 0x68, 0x1e, 0x94, 0x3d, 0xd1, 0x9b, 0x55,
|
||||||
0x1b, 0xff, 0x51, 0x81, 0xa5, 0x07, 0xee, 0x18, 0x87, 0xa7, 0x21, 0xc5, 0x93, 0x43, 0x1e, 0x4b,
|
0x77, 0x3c, 0xef, 0xc0, 0xf2, 0x80, 0x92, 0xc0, 0x1e, 0xe1, 0x3d, 0xbe, 0x6b, 0x8f, 0x5c, 0x71,
|
||||||
0x5e, 0x81, 0x06, 0x93, 0x26, 0xa4, 0xf6, 0xc4, 0x57, 0x37, 0x3c, 0x31, 0x80, 0xad, 0x51, 0x28,
|
0x0b, 0x12, 0x45, 0xb1, 0xff, 0xe6, 0xdf, 0xc6, 0x7f, 0x54, 0x60, 0xe9, 0x9e, 0x3b, 0xc6, 0xe1,
|
||||||
0x58, 0xab, 0xec, 0x52, 0x8f, 0xe3, 0x73, 0xa3, 0xb2, 0xd8, 0x5a, 0x82, 0xd0, 0xbb, 0x00, 0x51,
|
0x49, 0x48, 0xf1, 0xe4, 0x80, 0xc7, 0x92, 0x97, 0xa0, 0xc1, 0xa4, 0x09, 0xa9, 0x3d, 0xf1, 0xd5,
|
||||||
0x88, 0x1d, 0x79, 0xab, 0x53, 0xcb, 0x1c, 0x3d, 0x87, 0x7a, 0xf5, 0x9e, 0xe1, 0x89, 0x2b, 0x9e,
|
0x1d, 0x50, 0x0c, 0x60, 0x6b, 0x14, 0x0a, 0xd6, 0x2a, 0xbb, 0xd4, 0xe3, 0xf8, 0xdc, 0xa8, 0x2c,
|
||||||
0xf7, 0xa0, 0xe9, 0x7a, 0xc4, 0xc1, 0xbc, 0x7a, 0xef, 0xc8, 0xcc, 0xb3, 0x98, 0x0a, 0x04, 0xe2,
|
0xb6, 0x96, 0x20, 0xf4, 0x3e, 0x40, 0x14, 0x62, 0x47, 0xde, 0xfb, 0xd4, 0x32, 0x47, 0xcf, 0x81,
|
||||||
0x61, 0x88, 0x1d, 0xe3, 0x4f, 0xa4, 0x17, 0x56, 0x8b, 0x27, 0x75, 0xb0, 0x03, 0xcb, 0x62, 0x43,
|
0x5e, 0xdf, 0x67, 0x78, 0xe2, 0x12, 0xe8, 0x03, 0x68, 0xba, 0x1e, 0x71, 0x30, 0xaf, 0xef, 0x3b,
|
||||||
0x1f, 0xc7, 0x93, 0x56, 0x8a, 0x4e, 0xc2, 0xb9, 0xcc, 0x82, 0x98, 0x1d, 0x57, 0x9e, 0x8a, 0x8a,
|
0x32, 0xf3, 0x2c, 0xa6, 0x02, 0x81, 0x78, 0x10, 0x62, 0xc7, 0xf8, 0x13, 0xe9, 0x85, 0xd5, 0xe2,
|
||||||
0xc2, 0xb8, 0x07, 0x17, 0x53, 0x31, 0xdf, 0x79, 0x52, 0xa5, 0x2f, 0x32, 0x79, 0x56, 0x62, 0x20,
|
0x49, 0x1d, 0xec, 0xc2, 0xb2, 0xd8, 0xd0, 0x47, 0xf1, 0xa4, 0x95, 0xa2, 0x93, 0x70, 0x2e, 0xb3,
|
||||||
0x32, 0xd1, 0x51, 0xf6, 0x51, 0x92, 0xe8, 0x84, 0x22, 0xd1, 0x09, 0x0d, 0x13, 0x2e, 0xa5, 0xd2,
|
0x20, 0x66, 0xc7, 0x95, 0xa7, 0xa2, 0xa2, 0x30, 0xee, 0xc0, 0xf9, 0x54, 0xcc, 0x77, 0x96, 0x54,
|
||||||
0xbf, 0x94, 0x20, 0xef, 0x65, 0x8e, 0xf8, 0xab, 0x25, 0xcc, 0x32, 0x67, 0xfd, 0xff, 0x54, 0x60,
|
0xe9, 0xab, 0x4c, 0x9e, 0x95, 0x18, 0x88, 0x4c, 0x74, 0x94, 0x7d, 0x94, 0x24, 0x3a, 0xa1, 0x48,
|
||||||
0xa5, 0x08, 0xe1, 0x25, 0x0b, 0x0d, 0x3f, 0x2b, 0xb9, 0x6b, 0xbf, 0x3b, 0x55, 0x9a, 0xdf, 0x4b,
|
0x74, 0x42, 0xc3, 0x84, 0x0b, 0xa9, 0xf4, 0x2f, 0x25, 0xc8, 0x07, 0x99, 0x23, 0xfe, 0x72, 0x09,
|
||||||
0x49, 0xe6, 0x21, 0xf4, 0x8a, 0x56, 0x2f, 0xaf, 0x8a, 0xda, 0x19, 0x54, 0xf1, 0xbf, 0x55, 0xad,
|
0xb3, 0xcc, 0x59, 0xff, 0x3f, 0x15, 0x58, 0x29, 0x42, 0x78, 0xc5, 0x42, 0xc3, 0xcf, 0x4a, 0x6e,
|
||||||
0x74, 0xd6, 0xa7, 0x34, 0x70, 0x8f, 0x22, 0x66, 0xbc, 0x3f, 0x54, 0x0a, 0x7c, 0x3f, 0x4e, 0xef,
|
0xe3, 0x6f, 0x4f, 0x95, 0xe6, 0xf7, 0x52, 0x92, 0xb9, 0x0f, 0xbd, 0xa2, 0xd5, 0xcb, 0xab, 0xa2,
|
||||||
0xc4, 0xfa, 0xdd, 0xc8, 0x53, 0x25, 0xa3, 0x16, 0xa6, 0x78, 0xfb, 0xe9, 0x14, 0x4f, 0x14, 0xc5,
|
0x76, 0x0a, 0x55, 0xfc, 0x6f, 0x55, 0x2b, 0x9d, 0x6d, 0x51, 0x1a, 0xb8, 0x87, 0x11, 0x33, 0xde,
|
||||||
0x6e, 0x4f, 0x65, 0xf3, 0xca, 0xd6, 0x3d, 0x9e, 0x57, 0xa0, 0x9d, 0xd6, 0x03, 0xfa, 0x18, 0xc0,
|
0x1f, 0x2a, 0x05, 0xbe, 0x1b, 0xa7, 0x77, 0x62, 0xfd, 0xae, 0xe5, 0xa9, 0x92, 0x51, 0x0b, 0x53,
|
||||||
0x8e, 0x25, 0x97, 0x26, 0x7f, 0x65, 0xda, 0xec, 0x4c, 0x0d, 0x1f, 0x5d, 0x83, 0xda, 0xd0, 0x8f,
|
0xbc, 0x47, 0xe9, 0x14, 0x4f, 0x14, 0xc5, 0x6e, 0x4e, 0x65, 0xf3, 0xda, 0xd6, 0x3d, 0x5e, 0x54,
|
||||||
0xa4, 0x46, 0x92, 0xdb, 0x91, 0x2d, 0x3f, 0x12, 0x0e, 0x80, 0xf5, 0xb2, 0xa0, 0x59, 0xdc, 0x40,
|
0xa0, 0x9d, 0xd6, 0x03, 0xfa, 0x14, 0xc0, 0x8e, 0x25, 0x97, 0x26, 0x7f, 0x69, 0xda, 0xec, 0x4c,
|
||||||
0xe7, 0x3c, 0xd7, 0x63, 0x0e, 0x16, 0xa8, 0x12, 0x07, 0x7d, 0x06, 0xed, 0x6f, 0x03, 0x97, 0xda,
|
0x0d, 0x1f, 0x5d, 0x81, 0xda, 0xd0, 0x8f, 0xa4, 0x46, 0x92, 0xdb, 0x91, 0x6d, 0x3f, 0x12, 0x0e,
|
||||||
0x47, 0x63, 0x6c, 0x8d, 0xed, 0x53, 0x1c, 0x48, 0xcf, 0x55, 0xee, 0x65, 0x5a, 0x0a, 0xff, 0x11,
|
0x80, 0xf5, 0xb2, 0xa0, 0x59, 0xdc, 0x51, 0xe7, 0x3c, 0xd7, 0x43, 0x0e, 0x16, 0xa8, 0x12, 0x07,
|
||||||
0x43, 0x37, 0x22, 0xa8, 0xab, 0xf1, 0x5f, 0xe0, 0x91, 0x1f, 0xc2, 0x5a, 0xc4, 0xd0, 0x2c, 0x7e,
|
0x7d, 0x01, 0xed, 0x67, 0x81, 0x4b, 0xed, 0xc3, 0x31, 0xb6, 0xc6, 0xf6, 0x09, 0x0e, 0xa4, 0xe7,
|
||||||
0x0b, 0xee, 0xd9, 0x1e, 0xb1, 0x42, 0xcc, 0x8e, 0x26, 0xf5, 0xf2, 0xac, 0xd8, 0x5b, 0xae, 0x70,
|
0x2a, 0xf7, 0x32, 0x2d, 0x85, 0xff, 0x80, 0xa1, 0x1b, 0x11, 0xd4, 0xd5, 0xf8, 0x2f, 0xf1, 0xc8,
|
||||||
0xa2, 0x2d, 0x12, 0xe0, 0x3d, 0xdb, 0x23, 0x03, 0x41, 0x61, 0x4c, 0xa0, 0xa9, 0x4d, 0xe7, 0x05,
|
0xf7, 0x61, 0x2d, 0x62, 0x68, 0x16, 0xbf, 0x27, 0xf7, 0x6c, 0x8f, 0x58, 0x21, 0x66, 0x47, 0x93,
|
||||||
0x23, 0xdf, 0x87, 0x65, 0x75, 0xef, 0x14, 0x62, 0x2a, 0xfd, 0xfa, 0xb4, 0x31, 0x97, 0x24, 0xfa,
|
0x7a, 0x9b, 0x56, 0xec, 0x2d, 0x57, 0x38, 0xd1, 0x36, 0x09, 0x70, 0xdf, 0xf6, 0xc8, 0x40, 0x50,
|
||||||
0x00, 0x53, 0xee, 0xdd, 0x6f, 0x5d, 0x81, 0xba, 0x7a, 0xbf, 0x8f, 0x16, 0xa0, 0xf6, 0x64, 0xeb,
|
0x18, 0x13, 0x68, 0x6a, 0xd3, 0x79, 0xc9, 0xc8, 0x77, 0x61, 0x59, 0xdd, 0x3b, 0x85, 0x98, 0x4a,
|
||||||
0xa0, 0x33, 0xc3, 0x3e, 0x0e, 0xb7, 0x0f, 0x3a, 0x95, 0x5b, 0xf7, 0x60, 0x29, 0xf3, 0xb2, 0x04,
|
0xbf, 0x3e, 0x6d, 0xcc, 0x25, 0x89, 0x3e, 0xc0, 0x94, 0x7b, 0xf7, 0x1b, 0x97, 0xa0, 0xae, 0x5e,
|
||||||
0x2d, 0x43, 0x6b, 0xd0, 0xdf, 0xdb, 0xfe, 0x7c, 0xff, 0xe7, 0x96, 0xb9, 0xd3, 0xdf, 0xfe, 0x45,
|
0xf8, 0xa3, 0x05, 0xa8, 0x3d, 0xde, 0xde, 0xef, 0xcc, 0xb0, 0x8f, 0x83, 0x9d, 0xfd, 0x4e, 0xe5,
|
||||||
0x67, 0x06, 0xad, 0x40, 0x47, 0x81, 0xf6, 0xf6, 0x9f, 0x08, 0x68, 0xe5, 0xd6, 0x37, 0x19, 0x1b,
|
0xc6, 0x1d, 0x58, 0xca, 0xbc, 0x3d, 0x41, 0xcb, 0xd0, 0x1a, 0x6c, 0xf5, 0x77, 0xbe, 0x7c, 0xf4,
|
||||||
0xc1, 0xe8, 0x22, 0x2c, 0x6f, 0xed, 0xef, 0x3d, 0xe9, 0xef, 0xee, 0xed, 0x98, 0xd6, 0x96, 0xb9,
|
0x73, 0xcb, 0xdc, 0xdd, 0xda, 0xf9, 0x45, 0x67, 0x06, 0xad, 0x40, 0x47, 0x81, 0xfa, 0x8f, 0x1e,
|
||||||
0xd3, 0x7f, 0xb2, 0xb3, 0xdd, 0x99, 0x49, 0x83, 0xcd, 0xc3, 0xbd, 0xbd, 0xdd, 0xbd, 0x2f, 0x3a,
|
0x0b, 0x68, 0xe5, 0xc6, 0x93, 0x8c, 0x8d, 0x60, 0x74, 0x1e, 0x96, 0xb7, 0x1f, 0xf5, 0x1f, 0x6f,
|
||||||
0x15, 0xc6, 0x35, 0x01, 0xef, 0xfc, 0x7c, 0x97, 0x21, 0x57, 0xd3, 0xc8, 0x87, 0x7b, 0x0f, 0xf7,
|
0xed, 0xf5, 0x77, 0x4d, 0x6b, 0xdb, 0xdc, 0xdd, 0x7a, 0xbc, 0xbb, 0xd3, 0x99, 0x49, 0x83, 0xcd,
|
||||||
0xf6, 0x7f, 0xb6, 0xd7, 0xa9, 0x6d, 0xfe, 0x76, 0x11, 0xda, 0xea, 0x10, 0xc7, 0x01, 0xbf, 0x9d,
|
0x83, 0x7e, 0x7f, 0xaf, 0xff, 0x55, 0xa7, 0xc2, 0xb8, 0x26, 0xe0, 0xdd, 0x9f, 0xef, 0x31, 0xe4,
|
||||||
0xfc, 0x14, 0x16, 0xd4, 0xaf, 0x15, 0x89, 0xf7, 0x48, 0xff, 0x07, 0xd2, 0xeb, 0xe6, 0x3b, 0x64,
|
0x6a, 0x1a, 0xf9, 0xa0, 0x7f, 0xbf, 0xff, 0xe8, 0x67, 0xfd, 0x4e, 0x6d, 0xf3, 0xb7, 0x8b, 0xd0,
|
||||||
0x30, 0x34, 0x83, 0x0e, 0x78, 0x70, 0xa2, 0xbd, 0xe2, 0xb9, 0xaa, 0x87, 0x0b, 0xb9, 0x67, 0x42,
|
0x56, 0x87, 0x38, 0x0e, 0xf8, 0xed, 0xe4, 0xe7, 0xb0, 0xa0, 0x7e, 0xbe, 0x48, 0xbc, 0x47, 0xfa,
|
||||||
0xbd, 0xf5, 0xb2, 0xee, 0x98, 0xe3, 0x80, 0x45, 0x24, 0xfa, 0x0b, 0x4c, 0xb4, 0xae, 0x9f, 0xdb,
|
0x4f, 0x91, 0x5e, 0x37, 0xdf, 0x21, 0x83, 0xa1, 0x19, 0xb4, 0xcf, 0x83, 0x13, 0xed, 0x9d, 0xcf,
|
||||||
0xf9, 0x97, 0x9d, 0xbd, 0xd7, 0x4a, 0xfb, 0x63, 0xa6, 0xbf, 0x80, 0x4e, 0xf6, 0xed, 0x25, 0x4a,
|
0x65, 0x3d, 0x5c, 0xc8, 0x3d, 0x24, 0xea, 0xad, 0x97, 0x75, 0xc7, 0x1c, 0x07, 0x2c, 0x22, 0xd1,
|
||||||
0x6e, 0x99, 0x4b, 0xde, 0x75, 0xf6, 0x5e, 0x9f, 0x82, 0xa1, 0xb3, 0xce, 0xbd, 0x5f, 0xdc, 0x28,
|
0xdf, 0x68, 0xa2, 0x75, 0xfd, 0xdc, 0xce, 0xbf, 0xfd, 0xec, 0xbd, 0x51, 0xda, 0x1f, 0x33, 0xfd,
|
||||||
0x7f, 0x81, 0x96, 0x63, 0x5d, 0xf6, 0xac, 0x4d, 0x2c, 0x45, 0xfa, 0xf5, 0x0d, 0xd2, 0x5f, 0x0d,
|
0x05, 0x74, 0xb2, 0xaf, 0x33, 0x51, 0x72, 0xcb, 0x5c, 0xf2, 0xf2, 0xb3, 0xf7, 0xe6, 0x14, 0x0c,
|
||||||
0x16, 0xbc, 0xc2, 0xd2, 0x96, 0xa2, 0xf8, 0xd9, 0x8e, 0x31, 0x83, 0xbe, 0x82, 0xa5, 0xcc, 0xc5,
|
0x9d, 0x75, 0xee, 0x85, 0xe3, 0x46, 0xf9, 0x1b, 0xb5, 0x1c, 0xeb, 0xb2, 0x87, 0x6f, 0x62, 0x29,
|
||||||
0x14, 0x4a, 0xa8, 0x8a, 0xaf, 0xd9, 0x7a, 0x1b, 0xe5, 0x08, 0x69, 0xbd, 0xe9, 0xd7, 0x4e, 0x29,
|
0xd2, 0xef, 0x73, 0x90, 0xfe, 0xae, 0xb0, 0xe0, 0x9d, 0x96, 0xb6, 0x14, 0xc5, 0x0f, 0x7b, 0x8c,
|
||||||
0xbd, 0x15, 0xdc, 0x65, 0xa5, 0xf4, 0x56, 0x78, 0x5f, 0xc5, 0xcd, 0x2b, 0x75, 0xb9, 0xa4, 0x99,
|
0x19, 0xf4, 0x0d, 0x2c, 0x65, 0x2e, 0xa6, 0x50, 0x42, 0x55, 0x7c, 0xcd, 0xd6, 0xdb, 0x28, 0x47,
|
||||||
0x57, 0xd1, 0x4d, 0x56, 0x6f, 0xbd, 0xac, 0x5b, 0x9f, 0x7e, 0xe6, 0x62, 0x49, 0x9b, 0x7e, 0xf1,
|
0x48, 0xeb, 0x4d, 0xbf, 0x76, 0x4a, 0xe9, 0xad, 0xe0, 0x2e, 0x2b, 0xa5, 0xb7, 0xc2, 0xfb, 0x2a,
|
||||||
0x7d, 0x55, 0x6f, 0xa3, 0x1c, 0x21, 0xab, 0xab, 0xa4, 0xca, 0x9d, 0xd1, 0x55, 0xee, 0x52, 0x25,
|
0x6e, 0x5e, 0xa9, 0xcb, 0x25, 0xcd, 0xbc, 0x8a, 0x6e, 0xb2, 0x7a, 0xeb, 0x65, 0xdd, 0xfa, 0xf4,
|
||||||
0xa3, 0xab, 0x7c, 0x79, 0x5c, 0xea, 0x2a, 0x53, 0xae, 0x7e, 0xad, 0xb4, 0x9c, 0x97, 0xd7, 0x55,
|
0x33, 0x17, 0x4b, 0xda, 0xf4, 0x8b, 0xef, 0xab, 0x7a, 0x1b, 0xe5, 0x08, 0x59, 0x5d, 0x25, 0x55,
|
||||||
0x71, 0x85, 0xd0, 0x98, 0x41, 0x7d, 0xa8, 0xab, 0x7a, 0x1c, 0x4a, 0x76, 0x77, 0xa6, 0x08, 0xd8,
|
0xee, 0x8c, 0xae, 0x72, 0x97, 0x2a, 0x19, 0x5d, 0xe5, 0xcb, 0xe3, 0x52, 0x57, 0x99, 0x72, 0xf5,
|
||||||
0xbb, 0x54, 0xd0, 0x13, 0xb3, 0x78, 0x0f, 0x66, 0x19, 0x14, 0xad, 0xa4, 0x90, 0x14, 0xe9, 0xc5,
|
0x1b, 0xa5, 0xe5, 0xbc, 0xbc, 0xae, 0x8a, 0x2b, 0x84, 0xc6, 0x0c, 0xda, 0x82, 0xba, 0xaa, 0xc7,
|
||||||
0x0c, 0x34, 0x26, 0xfb, 0x08, 0xe6, 0x45, 0xf9, 0x0a, 0x25, 0x79, 0x45, 0xaa, 0x56, 0xd6, 0x5b,
|
0xa1, 0x64, 0x77, 0x67, 0x8a, 0x80, 0xbd, 0x0b, 0x05, 0x3d, 0x31, 0x8b, 0x0f, 0x60, 0x96, 0x41,
|
||||||
0xcb, 0xc1, 0x63, 0xe2, 0x2f, 0xc5, 0xef, 0x56, 0xb2, 0x0e, 0x85, 0x2e, 0xa7, 0x9e, 0xf5, 0xa7,
|
0xd1, 0x4a, 0x0a, 0x49, 0x91, 0x9e, 0xcf, 0x40, 0x63, 0xb2, 0x4f, 0x60, 0x5e, 0x94, 0xaf, 0x50,
|
||||||
0xab, 0x5d, 0xbd, 0x2b, 0xc5, 0x9d, 0xba, 0xbe, 0x32, 0x87, 0xf3, 0x7a, 0x59, 0xf4, 0x94, 0xd3,
|
0x92, 0x57, 0xa4, 0x6a, 0x65, 0xbd, 0xb5, 0x1c, 0x3c, 0x26, 0xfe, 0x5a, 0xfc, 0x90, 0x25, 0xeb,
|
||||||
0x57, 0x71, 0x34, 0x66, 0xcc, 0x20, 0x4b, 0x94, 0x74, 0x32, 0x8c, 0x8d, 0x62, 0x45, 0xa7, 0x98,
|
0x50, 0xe8, 0x62, 0xea, 0xe1, 0x7f, 0xba, 0xda, 0xd5, 0xbb, 0x54, 0xdc, 0xa9, 0xeb, 0x2b, 0x73,
|
||||||
0x5f, 0x9b, 0x8a, 0x13, 0x0f, 0x70, 0x04, 0x17, 0x0a, 0x92, 0x53, 0x94, 0x50, 0x97, 0xe7, 0xc5,
|
0x38, 0xaf, 0x97, 0x45, 0x4f, 0x39, 0x7d, 0x15, 0x47, 0x63, 0xc6, 0x0c, 0xb2, 0x44, 0x49, 0x27,
|
||||||
0xbd, 0x37, 0xa6, 0x23, 0xe9, 0x2a, 0x92, 0xb6, 0xb6, 0xaa, 0x6f, 0x50, 0xcd, 0xc4, 0xd6, 0x72,
|
0xc3, 0xd8, 0x28, 0x56, 0x74, 0x8a, 0xf9, 0x95, 0xa9, 0x38, 0xf1, 0x00, 0x87, 0x70, 0xae, 0x20,
|
||||||
0x70, 0x45, 0xbc, 0xf9, 0x17, 0x35, 0x58, 0x14, 0x25, 0x04, 0x79, 0xc0, 0x7c, 0x01, 0x90, 0x54,
|
0x39, 0x45, 0x09, 0x75, 0x79, 0x5e, 0xdc, 0x7b, 0x6b, 0x3a, 0x92, 0xae, 0x22, 0x69, 0x6b, 0xab,
|
||||||
0xb9, 0x50, 0x2f, 0x35, 0xcd, 0x54, 0xb9, 0xaf, 0x77, 0xb9, 0xb0, 0x4f, 0x57, 0xbe, 0x56, 0xb0,
|
0xfa, 0x06, 0xd5, 0x4c, 0x6c, 0x2d, 0x07, 0x57, 0xc4, 0x9b, 0x7f, 0x51, 0x83, 0x45, 0x51, 0x42,
|
||||||
0xd2, 0x94, 0x9f, 0x2f, 0x83, 0x69, 0xca, 0x2f, 0xa8, 0x71, 0x19, 0x33, 0x68, 0x1b, 0x1a, 0x71,
|
0x90, 0x07, 0xcc, 0x57, 0x00, 0x49, 0x95, 0x0b, 0xf5, 0x52, 0xd3, 0x4c, 0x95, 0xfb, 0x7a, 0x17,
|
||||||
0x15, 0x05, 0x69, 0xc5, 0x97, 0x4c, 0x09, 0xa8, 0xd7, 0x2b, 0xea, 0xd2, 0x25, 0xd2, 0x2a, 0x23,
|
0x0b, 0xfb, 0x74, 0xe5, 0x6b, 0x05, 0x2b, 0x4d, 0xf9, 0xf9, 0x32, 0x98, 0xa6, 0xfc, 0x82, 0x1a,
|
||||||
0x9a, 0x44, 0xf9, 0x7a, 0x8b, 0x26, 0x51, 0x51, 0x31, 0x25, 0x99, 0x9d, 0x48, 0x04, 0xb3, 0xb3,
|
0x97, 0x31, 0x83, 0x76, 0xa0, 0x11, 0x57, 0x51, 0x90, 0x56, 0x7c, 0xc9, 0x94, 0x80, 0x7a, 0xbd,
|
||||||
0x4b, 0xe5, 0xd6, 0xd9, 0xd9, 0xa5, 0x73, 0x47, 0x63, 0xe6, 0xf3, 0x2b, 0xbf, 0xf9, 0xdd, 0x7a,
|
0xa2, 0x2e, 0x5d, 0x22, 0xad, 0x32, 0xa2, 0x49, 0x94, 0xaf, 0xb7, 0x68, 0x12, 0x15, 0x15, 0x53,
|
||||||
0xe5, 0x3f, 0x7f, 0xb7, 0x3e, 0xf3, 0xe7, 0xcf, 0xd7, 0x2b, 0xbf, 0x79, 0xbe, 0x5e, 0xf9, 0xf7,
|
0x92, 0xd9, 0x89, 0x44, 0x30, 0x3b, 0xbb, 0x54, 0x6e, 0x9d, 0x9d, 0x5d, 0x3a, 0x77, 0x34, 0x66,
|
||||||
0xe7, 0xeb, 0x95, 0xdf, 0x3e, 0x5f, 0xaf, 0x7c, 0xf7, 0xdf, 0xeb, 0x33, 0x47, 0xf3, 0xfc, 0xff,
|
0xbe, 0xbc, 0xf4, 0x9b, 0xdf, 0xad, 0x57, 0xfe, 0xf3, 0x77, 0xeb, 0x33, 0x7f, 0xfe, 0x62, 0xbd,
|
||||||
0xc3, 0x77, 0xff, 0x3f, 0x00, 0x00, 0xff, 0xff, 0x05, 0xad, 0x49, 0x79, 0x33, 0x3a, 0x00, 0x00,
|
0xf2, 0x9b, 0x17, 0xeb, 0x95, 0x7f, 0x7f, 0xb1, 0x5e, 0xf9, 0xed, 0x8b, 0xf5, 0xca, 0x77, 0xff,
|
||||||
|
0xbd, 0x3e, 0x73, 0x38, 0xcf, 0xff, 0x50, 0x7c, 0xff, 0xff, 0x03, 0x00, 0x00, 0xff, 0xff, 0xbd,
|
||||||
|
0x17, 0xb2, 0x8b, 0x55, 0x3a, 0x00, 0x00,
|
||||||
}
|
}
|
||||||
|
@@ -514,6 +514,9 @@ message LinuxContainerSecurityContext {
|
|||||||
// * localhost/<full-path-to-profile>: the profile installed on the node.
|
// * localhost/<full-path-to-profile>: the profile installed on the node.
|
||||||
// <full-path-to-profile> is the full path of the profile.
|
// <full-path-to-profile> is the full path of the profile.
|
||||||
string seccomp_profile_path = 10;
|
string seccomp_profile_path = 10;
|
||||||
|
// no_new_privs defines if the flag for no_new_privs should be set on the
|
||||||
|
// container.
|
||||||
|
bool no_new_privs = 11;
|
||||||
}
|
}
|
||||||
|
|
||||||
// LinuxContainerConfig contains platform-specific configuration for
|
// LinuxContainerConfig contains platform-specific configuration for
|
||||||
|
@@ -113,6 +113,10 @@ func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, hostConfig *
|
|||||||
}
|
}
|
||||||
hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, apparmorSecurityOpts...)
|
hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, apparmorSecurityOpts...)
|
||||||
|
|
||||||
|
if sc.NoNewPrivs {
|
||||||
|
hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, "no-new-privileges")
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -798,6 +798,7 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Dep
|
|||||||
|
|
||||||
klet.appArmorValidator = apparmor.NewValidator(kubeCfg.ContainerRuntime)
|
klet.appArmorValidator = apparmor.NewValidator(kubeCfg.ContainerRuntime)
|
||||||
klet.softAdmitHandlers.AddPodAdmitHandler(lifecycle.NewAppArmorAdmitHandler(klet.appArmorValidator))
|
klet.softAdmitHandlers.AddPodAdmitHandler(lifecycle.NewAppArmorAdmitHandler(klet.appArmorValidator))
|
||||||
|
klet.softAdmitHandlers.AddPodAdmitHandler(lifecycle.NewNoNewPrivsAdmitHandler(klet.containerRuntime))
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.Accelerators) {
|
if utilfeature.DefaultFeatureGate.Enabled(features.Accelerators) {
|
||||||
if kubeCfg.ContainerRuntime == kubetypes.DockerContainerRuntime {
|
if kubeCfg.ContainerRuntime == kubetypes.DockerContainerRuntime {
|
||||||
if klet.gpuManager, err = nvidia.NewNvidiaGPUManager(klet, kubeDeps.DockerClient); err != nil {
|
if klet.gpuManager, err = nvidia.NewNvidiaGPUManager(klet, kubeDeps.DockerClient); err != nil {
|
||||||
|
@@ -66,6 +66,8 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Po
|
|||||||
synthesized.SupplementalGroups = append(synthesized.SupplementalGroups, groups...)
|
synthesized.SupplementalGroups = append(synthesized.SupplementalGroups, groups...)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
synthesized.NoNewPrivs = securitycontext.AddNoNewPrivileges(effectiveSc)
|
||||||
|
|
||||||
return synthesized
|
return synthesized
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -165,3 +165,74 @@ func (a *appArmorAdmitHandler) Admit(attrs *PodAdmitAttributes) PodAdmitResult {
|
|||||||
Message: fmt.Sprintf("Cannot enforce AppArmor: %v", err),
|
Message: fmt.Sprintf("Cannot enforce AppArmor: %v", err),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func NewNoNewPrivsAdmitHandler(runtime kubecontainer.Runtime) PodAdmitHandler {
|
||||||
|
return &noNewPrivsAdmitHandler{
|
||||||
|
Runtime: runtime,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
type noNewPrivsAdmitHandler struct {
|
||||||
|
kubecontainer.Runtime
|
||||||
|
}
|
||||||
|
|
||||||
|
func (a *noNewPrivsAdmitHandler) Admit(attrs *PodAdmitAttributes) PodAdmitResult {
|
||||||
|
// If the pod is already running or terminated, no need to recheck NoNewPrivs.
|
||||||
|
if attrs.Pod.Status.Phase != v1.PodPending {
|
||||||
|
return PodAdmitResult{Admit: true}
|
||||||
|
}
|
||||||
|
|
||||||
|
// If the containers in a pod do not require no-new-privs, admit it.
|
||||||
|
if !noNewPrivsRequired(attrs.Pod) {
|
||||||
|
return PodAdmitResult{Admit: true}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Make sure it is either docker or rkt runtimes.
|
||||||
|
if a.Runtime.Type() != kubetypes.DockerContainerRuntime && a.Runtime.Type() != kubetypes.RktContainerRuntime {
|
||||||
|
return PodAdmitResult{
|
||||||
|
Admit: false,
|
||||||
|
Reason: "NoNewPrivs",
|
||||||
|
Message: fmt.Sprintf("Cannot enforce NoNewPrivs: %s runtime not supported", a.Runtime.Type()),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if a.Runtime.Type() != kubetypes.DockerContainerRuntime {
|
||||||
|
// Make sure docker api version is valid.
|
||||||
|
rversion, err := a.Runtime.APIVersion()
|
||||||
|
if err != nil {
|
||||||
|
return PodAdmitResult{
|
||||||
|
Admit: false,
|
||||||
|
Reason: "NoNewPrivs",
|
||||||
|
Message: fmt.Sprintf("Cannot enforce NoNewPrivs: %v", err),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
v, err := rversion.Compare("1.23")
|
||||||
|
if err != nil {
|
||||||
|
return PodAdmitResult{
|
||||||
|
Admit: false,
|
||||||
|
Reason: "NoNewPrivs",
|
||||||
|
Message: fmt.Sprintf("Cannot enforce NoNewPrivs: %v", err),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// If the version is less than 1.23 it will return -1 above.
|
||||||
|
if v == -1 {
|
||||||
|
return PodAdmitResult{
|
||||||
|
Admit: false,
|
||||||
|
Reason: "NoNewPrivs",
|
||||||
|
Message: fmt.Sprintf("Cannot enforce NoNewPrivs: docker runtime API version %q must be greater than or equal to 1.23", rversion.String()),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return PodAdmitResult{Admit: true}
|
||||||
|
}
|
||||||
|
|
||||||
|
func noNewPrivsRequired(pod *v1.Pod) bool {
|
||||||
|
// Iterate over pod containers and check if we added no-new-privs.
|
||||||
|
for _, c := range pod.Spec.Containers {
|
||||||
|
if c.SecurityContext != nil && c.SecurityContext.AllowPrivilegeEscalation != nil && !*c.SecurityContext.AllowPrivilegeEscalation {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
@@ -439,6 +439,14 @@ func setIsolators(app *appctypes.App, c *v1.Container, ctx *v1.SecurityContext)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ok := securitycontext.AddNoNewPrivileges(ctx); ok {
|
||||||
|
isolator, err := newNoNewPrivilegesIsolator(true)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
isolators = append(isolators, *isolator)
|
||||||
|
}
|
||||||
|
|
||||||
mergeIsolators(app, isolators)
|
mergeIsolators(app, isolators)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@@ -2621,3 +2629,16 @@ func convertKubePortMappings(portMappings []kubecontainer.PortMapping) ([]appcty
|
|||||||
|
|
||||||
return containerPorts, hostPorts
|
return containerPorts, hostPorts
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func newNoNewPrivilegesIsolator(v bool) (*appctypes.Isolator, error) {
|
||||||
|
b := fmt.Sprintf(`{"name": "%s", "value": %t}`, appctypes.LinuxNoNewPrivilegesName, v)
|
||||||
|
|
||||||
|
i := &appctypes.Isolator{
|
||||||
|
Name: appctypes.LinuxNoNewPrivilegesName,
|
||||||
|
}
|
||||||
|
if err := i.UnmarshalJSON([]byte(b)); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return i, nil
|
||||||
|
}
|
||||||
|
@@ -23,6 +23,7 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"sort"
|
"sort"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@@ -48,7 +49,6 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/kubelet/types"
|
"k8s.io/kubernetes/pkg/kubelet/types"
|
||||||
"k8s.io/utils/exec"
|
"k8s.io/utils/exec"
|
||||||
fakeexec "k8s.io/utils/exec/testing"
|
fakeexec "k8s.io/utils/exec/testing"
|
||||||
"strings"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func mustMarshalPodManifest(man *appcschema.PodManifest) []byte {
|
func mustMarshalPodManifest(man *appcschema.PodManifest) []byte {
|
||||||
@@ -938,6 +938,7 @@ func baseImageManifest(t *testing.T) *appcschema.ImageManifest {
|
|||||||
func baseAppWithRootUserGroup(t *testing.T) *appctypes.App {
|
func baseAppWithRootUserGroup(t *testing.T) *appctypes.App {
|
||||||
app := baseApp(t)
|
app := baseApp(t)
|
||||||
app.User, app.Group = "0", "0"
|
app.User, app.Group = "0", "0"
|
||||||
|
app.Isolators = append(app.Isolators)
|
||||||
return app
|
return app
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -183,6 +183,17 @@ func (s *simpleProvider) CreateContainerSecurityContext(pod *api.Pod, container
|
|||||||
sc.ReadOnlyRootFilesystem = &readOnlyRootFS
|
sc.ReadOnlyRootFilesystem = &readOnlyRootFS
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// if the PSP sets DefaultAllowPrivilegeEscalation and the container security context
|
||||||
|
// allowPrivilegeEscalation is not set, then default to that set by the PSP.
|
||||||
|
if s.psp.Spec.DefaultAllowPrivilegeEscalation != nil && sc.AllowPrivilegeEscalation == nil {
|
||||||
|
sc.AllowPrivilegeEscalation = s.psp.Spec.DefaultAllowPrivilegeEscalation
|
||||||
|
}
|
||||||
|
|
||||||
|
// if the PSP sets psp.AllowPrivilegeEscalation to false set that as the default
|
||||||
|
if !s.psp.Spec.AllowPrivilegeEscalation && sc.AllowPrivilegeEscalation == nil {
|
||||||
|
sc.AllowPrivilegeEscalation = &s.psp.Spec.AllowPrivilegeEscalation
|
||||||
|
}
|
||||||
|
|
||||||
return sc, annotations, nil
|
return sc, annotations, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -301,6 +312,15 @@ func (s *simpleProvider) ValidateContainerSecurityContext(pod *api.Pod, containe
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !s.psp.Spec.AllowPrivilegeEscalation && sc.AllowPrivilegeEscalation == nil {
|
||||||
|
allErrs = append(allErrs, field.Invalid(fldPath.Child("allowPrivilegeEscalation"), sc.AllowPrivilegeEscalation, "Allowing privilege escalation for containers is not allowed"))
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if !s.psp.Spec.AllowPrivilegeEscalation && sc.AllowPrivilegeEscalation != nil && *sc.AllowPrivilegeEscalation {
|
||||||
|
allErrs = append(allErrs, field.Invalid(fldPath.Child("allowPrivilegeEscalation"), *sc.AllowPrivilegeEscalation, "Allowing privilege escalation for containers is not allowed"))
|
||||||
|
}
|
||||||
|
|
||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -920,6 +920,7 @@ func defaultPSP() *extensions.PodSecurityPolicy {
|
|||||||
SupplementalGroups: extensions.SupplementalGroupsStrategyOptions{
|
SupplementalGroups: extensions.SupplementalGroupsStrategyOptions{
|
||||||
Rule: extensions.SupplementalGroupsStrategyRunAsAny,
|
Rule: extensions.SupplementalGroupsStrategyRunAsAny,
|
||||||
},
|
},
|
||||||
|
AllowPrivilegeEscalation: true,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1033,3 +1034,111 @@ func TestValidateAllowedVolumes(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestValidateAllowPrivilegeEscalation will test that when the podSecurityPolicy
|
||||||
|
// AllowPrivilegeEscalation is false we cannot set a container's securityContext
|
||||||
|
// to allowPrivilegeEscalation, but when it is true we can.
|
||||||
|
func TestValidateAllowPrivilegeEscalation(t *testing.T) {
|
||||||
|
pod := defaultPod()
|
||||||
|
pe := true
|
||||||
|
pod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = &pe
|
||||||
|
|
||||||
|
// create a PSP that does not allow privilege escalation
|
||||||
|
psp := defaultPSP()
|
||||||
|
psp.Spec.AllowPrivilegeEscalation = false
|
||||||
|
|
||||||
|
provider, err := NewSimpleProvider(psp, "namespace", NewSimpleStrategyFactory())
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("error creating provider: %v", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
// expect a denial for this PSP and test the error message to ensure it's related to allowPrivilegeEscalation
|
||||||
|
errs := provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
|
||||||
|
if len(errs) != 1 {
|
||||||
|
t.Errorf("expected exactly 1 error but got %v", errs)
|
||||||
|
} else {
|
||||||
|
if !strings.Contains(errs.ToAggregate().Error(), "Allowing privilege escalation for containers is not allowed") {
|
||||||
|
t.Errorf("did not find the expected error, received: %v", errs)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// now add allowPrivilegeEscalation to the podSecurityPolicy
|
||||||
|
psp.Spec.AllowPrivilegeEscalation = true
|
||||||
|
errs = provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
|
||||||
|
if len(errs) != 0 {
|
||||||
|
t.Errorf("directly allowing privilege escalation expected no errors but got %v", errs)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestValidateDefaultAllowPrivilegeEscalation will test that when the podSecurityPolicy
|
||||||
|
// DefaultAllowPrivilegeEscalation is false we cannot set a container's
|
||||||
|
// securityContext to allowPrivilegeEscalation but when it is true we can.
|
||||||
|
func TestValidateDefaultAllowPrivilegeEscalation(t *testing.T) {
|
||||||
|
pod := defaultPod()
|
||||||
|
pe := true
|
||||||
|
pod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = &pe
|
||||||
|
|
||||||
|
// create a PSP that does not allow privilege escalation
|
||||||
|
psp := defaultPSP()
|
||||||
|
dpe := false
|
||||||
|
psp.Spec.DefaultAllowPrivilegeEscalation = &dpe
|
||||||
|
psp.Spec.AllowPrivilegeEscalation = false
|
||||||
|
|
||||||
|
provider, err := NewSimpleProvider(psp, "namespace", NewSimpleStrategyFactory())
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("error creating provider: %v", err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
|
// expect a denial for this PSP and test the error message to ensure it's related to allowPrivilegeEscalation
|
||||||
|
errs := provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
|
||||||
|
if len(errs) != 1 {
|
||||||
|
t.Errorf("expected exactly 1 error but got %v", errs)
|
||||||
|
} else {
|
||||||
|
if !strings.Contains(errs.ToAggregate().Error(), "Allowing privilege escalation for containers is not allowed") {
|
||||||
|
t.Errorf("did not find the expected error, received: %v", errs)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// now add DefaultAllowPrivilegeEscalation to the podSecurityPolicy
|
||||||
|
dpe = true
|
||||||
|
psp.Spec.DefaultAllowPrivilegeEscalation = &dpe
|
||||||
|
psp.Spec.AllowPrivilegeEscalation = false
|
||||||
|
|
||||||
|
// expect a denial for this PSP because we did not allowPrivilege Escalation via the PodSecurityPolicy
|
||||||
|
// and test the error message to ensure it's related to allowPrivilegeEscalation
|
||||||
|
errs = provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
|
||||||
|
if len(errs) != 1 {
|
||||||
|
t.Errorf("expected exactly 1 error but got %v", errs)
|
||||||
|
} else {
|
||||||
|
if !strings.Contains(errs.ToAggregate().Error(), "Allowing privilege escalation for containers is not allowed") {
|
||||||
|
t.Errorf("did not find the expected error, received: %v", errs)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Now set AllowPrivilegeEscalation
|
||||||
|
psp.Spec.AllowPrivilegeEscalation = true
|
||||||
|
errs = provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
|
||||||
|
if len(errs) != 0 {
|
||||||
|
t.Errorf("directly allowing privilege escalation expected no errors but got %v", errs)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Now set the psp spec to false and reset AllowPrivilegeEscalation
|
||||||
|
psp.Spec.AllowPrivilegeEscalation = false
|
||||||
|
pod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = nil
|
||||||
|
errs = provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
|
||||||
|
if len(errs) != 1 {
|
||||||
|
t.Errorf("expected exactly 1 error but got %v", errs)
|
||||||
|
} else {
|
||||||
|
if !strings.Contains(errs.ToAggregate().Error(), "Allowing privilege escalation for containers is not allowed") {
|
||||||
|
t.Errorf("did not find the expected error, received: %v", errs)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Now unset both AllowPrivilegeEscalation
|
||||||
|
psp.Spec.AllowPrivilegeEscalation = true
|
||||||
|
pod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation = nil
|
||||||
|
errs = provider.ValidateContainerSecurityContext(pod, &pod.Spec.Containers[0], field.NewPath(""))
|
||||||
|
if len(errs) != 0 {
|
||||||
|
t.Errorf("resetting allowing privilege escalation expected no errors but got %v", errs)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -133,6 +133,11 @@ func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1
|
|||||||
*effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem
|
*effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if containerSc.AllowPrivilegeEscalation != nil {
|
||||||
|
effectiveSc.AllowPrivilegeEscalation = new(bool)
|
||||||
|
*effectiveSc.AllowPrivilegeEscalation = *containerSc.AllowPrivilegeEscalation
|
||||||
|
}
|
||||||
|
|
||||||
return effectiveSc
|
return effectiveSc
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -205,6 +210,11 @@ func InternalDetermineEffectiveSecurityContext(pod *api.Pod, container *api.Cont
|
|||||||
*effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem
|
*effectiveSc.ReadOnlyRootFilesystem = *containerSc.ReadOnlyRootFilesystem
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if containerSc.AllowPrivilegeEscalation != nil {
|
||||||
|
effectiveSc.AllowPrivilegeEscalation = new(bool)
|
||||||
|
*effectiveSc.AllowPrivilegeEscalation = *containerSc.AllowPrivilegeEscalation
|
||||||
|
}
|
||||||
|
|
||||||
return effectiveSc
|
return effectiveSc
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -231,3 +241,38 @@ func internalSecurityContextFromPodSecurityContext(pod *api.Pod) *api.SecurityCo
|
|||||||
|
|
||||||
return synthesized
|
return synthesized
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// AddNoNewPrivileges returns if we should add the no_new_privs option. This will return true if:
|
||||||
|
// 1) the container is not privileged
|
||||||
|
// 2) CAP_SYS_ADMIN is not being added
|
||||||
|
// 3) if podSecurityPolicy.DefaultAllowPrivilegeEscalation is:
|
||||||
|
// - nil, then return false
|
||||||
|
// - true, then return false
|
||||||
|
// - false, then return true
|
||||||
|
func AddNoNewPrivileges(sc *v1.SecurityContext) bool {
|
||||||
|
if sc == nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// handle the case where the container is privileged
|
||||||
|
if sc.Privileged != nil && *sc.Privileged {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// handle the case where we are adding CAP_SYS_ADMIN
|
||||||
|
if sc.Capabilities != nil {
|
||||||
|
for _, cap := range sc.Capabilities.Add {
|
||||||
|
if string(cap) == "CAP_SYS_ADMIN" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// handle the case where the user did not set the default and did not explicitly set allowPrivilegeEscalation
|
||||||
|
if sc.AllowPrivilegeEscalation == nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// handle the case where defaultAllowPrivilegeEscalation is false or the user explicitly set allowPrivilegeEscalation to true/false
|
||||||
|
return !*sc.AllowPrivilegeEscalation
|
||||||
|
}
|
||||||
|
@@ -176,3 +176,100 @@ func TestHasRootRunAsUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAddNoNewPrivileges(t *testing.T) {
|
||||||
|
var nonRoot int64 = 1000
|
||||||
|
var root int64 = 0
|
||||||
|
pfalse := false
|
||||||
|
ptrue := true
|
||||||
|
|
||||||
|
tests := map[string]struct {
|
||||||
|
sc v1.SecurityContext
|
||||||
|
expect bool
|
||||||
|
}{
|
||||||
|
"allowPrivilegeEscalation nil security context nil": {},
|
||||||
|
"allowPrivilegeEscalation nil capAddSysadmin": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
Capabilities: &v1.Capabilities{
|
||||||
|
Add: []v1.Capability{"CAP_SYS_ADMIN"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation nil privileged": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
Privileged: &ptrue,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation nil nonRoot": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
RunAsUser: &nonRoot,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation nil root": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
RunAsUser: &root,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation false capAddSysadmin": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
Capabilities: &v1.Capabilities{
|
||||||
|
Add: []v1.Capability{"CAP_SYS_ADMIN"},
|
||||||
|
},
|
||||||
|
AllowPrivilegeEscalation: &pfalse,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation false privileged": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
Privileged: &ptrue,
|
||||||
|
AllowPrivilegeEscalation: &pfalse,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation false nonRoot": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
RunAsUser: &nonRoot,
|
||||||
|
AllowPrivilegeEscalation: &pfalse,
|
||||||
|
},
|
||||||
|
expect: true,
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation false root": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
RunAsUser: &root,
|
||||||
|
AllowPrivilegeEscalation: &pfalse,
|
||||||
|
},
|
||||||
|
expect: true,
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation true capAddSysadmin": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
Capabilities: &v1.Capabilities{
|
||||||
|
Add: []v1.Capability{"CAP_SYS_ADMIN"},
|
||||||
|
},
|
||||||
|
AllowPrivilegeEscalation: &ptrue,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation true privileged": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
Privileged: &ptrue,
|
||||||
|
AllowPrivilegeEscalation: &ptrue,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation true nonRoot": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
RunAsUser: &nonRoot,
|
||||||
|
AllowPrivilegeEscalation: &ptrue,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"allowPrivilegeEscalation true root": {
|
||||||
|
sc: v1.SecurityContext{
|
||||||
|
RunAsUser: &root,
|
||||||
|
AllowPrivilegeEscalation: &ptrue,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for k, v := range tests {
|
||||||
|
actual := AddNoNewPrivileges(&v.sc)
|
||||||
|
if actual != v.expect {
|
||||||
|
t.Errorf("%s failed, expected %t but received %t", k, v.expect, actual)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
File diff suppressed because it is too large
Load Diff
@@ -3540,6 +3540,15 @@ message SecurityContext {
|
|||||||
// Default is false.
|
// Default is false.
|
||||||
// +optional
|
// +optional
|
||||||
optional bool readOnlyRootFilesystem = 6;
|
optional bool readOnlyRootFilesystem = 6;
|
||||||
|
|
||||||
|
// AllowPrivilegeEscalation controls whether a process can gain more
|
||||||
|
// privileges than it's parent process. This bool directly controls if
|
||||||
|
// the no_new_privs flag will be set on the container process.
|
||||||
|
// AllowPrivilegeEscalation is true always when the container is:
|
||||||
|
// 1) run as Privileged
|
||||||
|
// 2) has CAP_SYS_ADMIN
|
||||||
|
// +optional
|
||||||
|
optional bool allowPrivilegeEscalation = 7;
|
||||||
}
|
}
|
||||||
|
|
||||||
// SerializedReference is a reference to serialized object.
|
// SerializedReference is a reference to serialized object.
|
||||||
|
@@ -67986,7 +67986,7 @@ func (x *SecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
|
|||||||
} else {
|
} else {
|
||||||
yysep2 := !z.EncBinary()
|
yysep2 := !z.EncBinary()
|
||||||
yy2arr2 := z.EncBasicHandle().StructToArray
|
yy2arr2 := z.EncBasicHandle().StructToArray
|
||||||
var yyq2 [6]bool
|
var yyq2 [7]bool
|
||||||
_, _, _ = yysep2, yyq2, yy2arr2
|
_, _, _ = yysep2, yyq2, yy2arr2
|
||||||
const yyr2 bool = false
|
const yyr2 bool = false
|
||||||
yyq2[0] = x.Capabilities != nil
|
yyq2[0] = x.Capabilities != nil
|
||||||
@@ -67995,9 +67995,10 @@ func (x *SecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
|
|||||||
yyq2[3] = x.RunAsUser != nil
|
yyq2[3] = x.RunAsUser != nil
|
||||||
yyq2[4] = x.RunAsNonRoot != nil
|
yyq2[4] = x.RunAsNonRoot != nil
|
||||||
yyq2[5] = x.ReadOnlyRootFilesystem != nil
|
yyq2[5] = x.ReadOnlyRootFilesystem != nil
|
||||||
|
yyq2[6] = x.AllowPrivilegeEscalation != nil
|
||||||
var yynn2 int
|
var yynn2 int
|
||||||
if yyr2 || yy2arr2 {
|
if yyr2 || yy2arr2 {
|
||||||
r.EncodeArrayStart(6)
|
r.EncodeArrayStart(7)
|
||||||
} else {
|
} else {
|
||||||
yynn2 = 0
|
yynn2 = 0
|
||||||
for _, b := range yyq2 {
|
for _, b := range yyq2 {
|
||||||
@@ -68194,6 +68195,41 @@ func (x *SecurityContext) CodecEncodeSelf(e *codec1978.Encoder) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if yyq2[6] {
|
||||||
|
if x.AllowPrivilegeEscalation == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
yy30 := *x.AllowPrivilegeEscalation
|
||||||
|
yym31 := z.EncBinary()
|
||||||
|
_ = yym31
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
r.EncodeBool(bool(yy30))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
r.EncodeNil()
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if yyq2[6] {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string("allowPrivilegeEscalation"))
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
if x.AllowPrivilegeEscalation == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
yy32 := *x.AllowPrivilegeEscalation
|
||||||
|
yym33 := z.EncBinary()
|
||||||
|
_ = yym33
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
r.EncodeBool(bool(yy32))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
if yyr2 || yy2arr2 {
|
if yyr2 || yy2arr2 {
|
||||||
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
} else {
|
} else {
|
||||||
@@ -68341,6 +68377,22 @@ func (x *SecurityContext) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
|
|||||||
*((*bool)(x.ReadOnlyRootFilesystem)) = r.DecodeBool()
|
*((*bool)(x.ReadOnlyRootFilesystem)) = r.DecodeBool()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
case "allowPrivilegeEscalation":
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
if x.AllowPrivilegeEscalation != nil {
|
||||||
|
x.AllowPrivilegeEscalation = nil
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if x.AllowPrivilegeEscalation == nil {
|
||||||
|
x.AllowPrivilegeEscalation = new(bool)
|
||||||
|
}
|
||||||
|
yym15 := z.DecBinary()
|
||||||
|
_ = yym15
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*bool)(x.AllowPrivilegeEscalation)) = r.DecodeBool()
|
||||||
|
}
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
z.DecStructFieldNotFound(-1, yys3)
|
z.DecStructFieldNotFound(-1, yys3)
|
||||||
} // end switch yys3
|
} // end switch yys3
|
||||||
@@ -68352,16 +68404,16 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
|
|||||||
var h codecSelfer1234
|
var h codecSelfer1234
|
||||||
z, r := codec1978.GenHelperDecoder(d)
|
z, r := codec1978.GenHelperDecoder(d)
|
||||||
_, _, _ = h, z, r
|
_, _, _ = h, z, r
|
||||||
var yyj14 int
|
var yyj16 int
|
||||||
var yyb14 bool
|
var yyb16 bool
|
||||||
var yyhl14 bool = l >= 0
|
var yyhl16 bool = l >= 0
|
||||||
yyj14++
|
yyj16++
|
||||||
if yyhl14 {
|
if yyhl16 {
|
||||||
yyb14 = yyj14 > l
|
yyb16 = yyj16 > l
|
||||||
} else {
|
} else {
|
||||||
yyb14 = r.CheckBreak()
|
yyb16 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb14 {
|
if yyb16 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -68376,13 +68428,13 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
|
|||||||
}
|
}
|
||||||
x.Capabilities.CodecDecodeSelf(d)
|
x.Capabilities.CodecDecodeSelf(d)
|
||||||
}
|
}
|
||||||
yyj14++
|
yyj16++
|
||||||
if yyhl14 {
|
if yyhl16 {
|
||||||
yyb14 = yyj14 > l
|
yyb16 = yyj16 > l
|
||||||
} else {
|
} else {
|
||||||
yyb14 = r.CheckBreak()
|
yyb16 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb14 {
|
if yyb16 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -68395,20 +68447,20 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
|
|||||||
if x.Privileged == nil {
|
if x.Privileged == nil {
|
||||||
x.Privileged = new(bool)
|
x.Privileged = new(bool)
|
||||||
}
|
}
|
||||||
yym17 := z.DecBinary()
|
yym19 := z.DecBinary()
|
||||||
_ = yym17
|
_ = yym19
|
||||||
if false {
|
if false {
|
||||||
} else {
|
} else {
|
||||||
*((*bool)(x.Privileged)) = r.DecodeBool()
|
*((*bool)(x.Privileged)) = r.DecodeBool()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yyj14++
|
yyj16++
|
||||||
if yyhl14 {
|
if yyhl16 {
|
||||||
yyb14 = yyj14 > l
|
yyb16 = yyj16 > l
|
||||||
} else {
|
} else {
|
||||||
yyb14 = r.CheckBreak()
|
yyb16 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb14 {
|
if yyb16 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -68423,13 +68475,13 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
|
|||||||
}
|
}
|
||||||
x.SELinuxOptions.CodecDecodeSelf(d)
|
x.SELinuxOptions.CodecDecodeSelf(d)
|
||||||
}
|
}
|
||||||
yyj14++
|
yyj16++
|
||||||
if yyhl14 {
|
if yyhl16 {
|
||||||
yyb14 = yyj14 > l
|
yyb16 = yyj16 > l
|
||||||
} else {
|
} else {
|
||||||
yyb14 = r.CheckBreak()
|
yyb16 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb14 {
|
if yyb16 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -68442,20 +68494,20 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
|
|||||||
if x.RunAsUser == nil {
|
if x.RunAsUser == nil {
|
||||||
x.RunAsUser = new(int64)
|
x.RunAsUser = new(int64)
|
||||||
}
|
}
|
||||||
yym20 := z.DecBinary()
|
yym22 := z.DecBinary()
|
||||||
_ = yym20
|
_ = yym22
|
||||||
if false {
|
if false {
|
||||||
} else {
|
} else {
|
||||||
*((*int64)(x.RunAsUser)) = int64(r.DecodeInt(64))
|
*((*int64)(x.RunAsUser)) = int64(r.DecodeInt(64))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yyj14++
|
yyj16++
|
||||||
if yyhl14 {
|
if yyhl16 {
|
||||||
yyb14 = yyj14 > l
|
yyb16 = yyj16 > l
|
||||||
} else {
|
} else {
|
||||||
yyb14 = r.CheckBreak()
|
yyb16 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb14 {
|
if yyb16 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -68468,20 +68520,20 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
|
|||||||
if x.RunAsNonRoot == nil {
|
if x.RunAsNonRoot == nil {
|
||||||
x.RunAsNonRoot = new(bool)
|
x.RunAsNonRoot = new(bool)
|
||||||
}
|
}
|
||||||
yym22 := z.DecBinary()
|
yym24 := z.DecBinary()
|
||||||
_ = yym22
|
_ = yym24
|
||||||
if false {
|
if false {
|
||||||
} else {
|
} else {
|
||||||
*((*bool)(x.RunAsNonRoot)) = r.DecodeBool()
|
*((*bool)(x.RunAsNonRoot)) = r.DecodeBool()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yyj14++
|
yyj16++
|
||||||
if yyhl14 {
|
if yyhl16 {
|
||||||
yyb14 = yyj14 > l
|
yyb16 = yyj16 > l
|
||||||
} else {
|
} else {
|
||||||
yyb14 = r.CheckBreak()
|
yyb16 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb14 {
|
if yyb16 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -68494,25 +68546,51 @@ func (x *SecurityContext) codecDecodeSelfFromArray(l int, d *codec1978.Decoder)
|
|||||||
if x.ReadOnlyRootFilesystem == nil {
|
if x.ReadOnlyRootFilesystem == nil {
|
||||||
x.ReadOnlyRootFilesystem = new(bool)
|
x.ReadOnlyRootFilesystem = new(bool)
|
||||||
}
|
}
|
||||||
yym24 := z.DecBinary()
|
yym26 := z.DecBinary()
|
||||||
_ = yym24
|
_ = yym26
|
||||||
if false {
|
if false {
|
||||||
} else {
|
} else {
|
||||||
*((*bool)(x.ReadOnlyRootFilesystem)) = r.DecodeBool()
|
*((*bool)(x.ReadOnlyRootFilesystem)) = r.DecodeBool()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for {
|
yyj16++
|
||||||
yyj14++
|
if yyhl16 {
|
||||||
if yyhl14 {
|
yyb16 = yyj16 > l
|
||||||
yyb14 = yyj14 > l
|
|
||||||
} else {
|
} else {
|
||||||
yyb14 = r.CheckBreak()
|
yyb16 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb14 {
|
if yyb16 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
if x.AllowPrivilegeEscalation != nil {
|
||||||
|
x.AllowPrivilegeEscalation = nil
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if x.AllowPrivilegeEscalation == nil {
|
||||||
|
x.AllowPrivilegeEscalation = new(bool)
|
||||||
|
}
|
||||||
|
yym28 := z.DecBinary()
|
||||||
|
_ = yym28
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*bool)(x.AllowPrivilegeEscalation)) = r.DecodeBool()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for {
|
||||||
|
yyj16++
|
||||||
|
if yyhl16 {
|
||||||
|
yyb16 = yyj16 > l
|
||||||
|
} else {
|
||||||
|
yyb16 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb16 {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
z.DecStructFieldNotFound(yyj14-1, "")
|
z.DecStructFieldNotFound(yyj16-1, "")
|
||||||
}
|
}
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
}
|
}
|
||||||
|
@@ -4613,6 +4613,14 @@ type SecurityContext struct {
|
|||||||
// Default is false.
|
// Default is false.
|
||||||
// +optional
|
// +optional
|
||||||
ReadOnlyRootFilesystem *bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,6,opt,name=readOnlyRootFilesystem"`
|
ReadOnlyRootFilesystem *bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,6,opt,name=readOnlyRootFilesystem"`
|
||||||
|
// AllowPrivilegeEscalation controls whether a process can gain more
|
||||||
|
// privileges than it's parent process. This bool directly controls if
|
||||||
|
// the no_new_privs flag will be set on the container process.
|
||||||
|
// AllowPrivilegeEscalation is true always when the container is:
|
||||||
|
// 1) run as Privileged
|
||||||
|
// 2) has CAP_SYS_ADMIN
|
||||||
|
// +optional
|
||||||
|
AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,7,opt,name=allowPrivilegeEscalation"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// SELinuxOptions are the labels to be applied to the container
|
// SELinuxOptions are the labels to be applied to the container
|
||||||
|
@@ -1770,6 +1770,7 @@ var map_SecurityContext = map[string]string{
|
|||||||
"runAsUser": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.",
|
"runAsUser": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.",
|
||||||
"runAsNonRoot": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.",
|
"runAsNonRoot": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.",
|
||||||
"readOnlyRootFilesystem": "Whether this container has a read-only root filesystem. Default is false.",
|
"readOnlyRootFilesystem": "Whether this container has a read-only root filesystem. Default is false.",
|
||||||
|
"allowPrivilegeEscalation": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN",
|
||||||
}
|
}
|
||||||
|
|
||||||
func (SecurityContext) SwaggerDoc() map[string]string {
|
func (SecurityContext) SwaggerDoc() map[string]string {
|
||||||
|
@@ -5262,6 +5262,15 @@ func (in *SecurityContext) DeepCopyInto(out *SecurityContext) {
|
|||||||
**out = **in
|
**out = **in
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if in.AllowPrivilegeEscalation != nil {
|
||||||
|
in, out := &in.AllowPrivilegeEscalation, &out.AllowPrivilegeEscalation
|
||||||
|
if *in == nil {
|
||||||
|
*out = nil
|
||||||
|
} else {
|
||||||
|
*out = new(bool)
|
||||||
|
**out = **in
|
||||||
|
}
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -2005,6 +2005,26 @@ func (m *PodSecurityPolicySpec) MarshalTo(dAtA []byte) (int, error) {
|
|||||||
dAtA[i] = 0
|
dAtA[i] = 0
|
||||||
}
|
}
|
||||||
i++
|
i++
|
||||||
|
if m.DefaultAllowPrivilegeEscalation != nil {
|
||||||
|
dAtA[i] = 0x78
|
||||||
|
i++
|
||||||
|
if *m.DefaultAllowPrivilegeEscalation {
|
||||||
|
dAtA[i] = 1
|
||||||
|
} else {
|
||||||
|
dAtA[i] = 0
|
||||||
|
}
|
||||||
|
i++
|
||||||
|
}
|
||||||
|
dAtA[i] = 0x80
|
||||||
|
i++
|
||||||
|
dAtA[i] = 0x1
|
||||||
|
i++
|
||||||
|
if m.AllowPrivilegeEscalation {
|
||||||
|
dAtA[i] = 1
|
||||||
|
} else {
|
||||||
|
dAtA[i] = 0
|
||||||
|
}
|
||||||
|
i++
|
||||||
return i, nil
|
return i, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3267,6 +3287,10 @@ func (m *PodSecurityPolicySpec) Size() (n int) {
|
|||||||
l = m.FSGroup.Size()
|
l = m.FSGroup.Size()
|
||||||
n += 1 + l + sovGenerated(uint64(l))
|
n += 1 + l + sovGenerated(uint64(l))
|
||||||
n += 2
|
n += 2
|
||||||
|
if m.DefaultAllowPrivilegeEscalation != nil {
|
||||||
|
n += 2
|
||||||
|
}
|
||||||
|
n += 3
|
||||||
return n
|
return n
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4001,6 +4025,8 @@ func (this *PodSecurityPolicySpec) String() string {
|
|||||||
`SupplementalGroups:` + strings.Replace(strings.Replace(this.SupplementalGroups.String(), "SupplementalGroupsStrategyOptions", "SupplementalGroupsStrategyOptions", 1), `&`, ``, 1) + `,`,
|
`SupplementalGroups:` + strings.Replace(strings.Replace(this.SupplementalGroups.String(), "SupplementalGroupsStrategyOptions", "SupplementalGroupsStrategyOptions", 1), `&`, ``, 1) + `,`,
|
||||||
`FSGroup:` + strings.Replace(strings.Replace(this.FSGroup.String(), "FSGroupStrategyOptions", "FSGroupStrategyOptions", 1), `&`, ``, 1) + `,`,
|
`FSGroup:` + strings.Replace(strings.Replace(this.FSGroup.String(), "FSGroupStrategyOptions", "FSGroupStrategyOptions", 1), `&`, ``, 1) + `,`,
|
||||||
`ReadOnlyRootFilesystem:` + fmt.Sprintf("%v", this.ReadOnlyRootFilesystem) + `,`,
|
`ReadOnlyRootFilesystem:` + fmt.Sprintf("%v", this.ReadOnlyRootFilesystem) + `,`,
|
||||||
|
`DefaultAllowPrivilegeEscalation:` + valueToStringGenerated(this.DefaultAllowPrivilegeEscalation) + `,`,
|
||||||
|
`AllowPrivilegeEscalation:` + fmt.Sprintf("%v", this.AllowPrivilegeEscalation) + `,`,
|
||||||
`}`,
|
`}`,
|
||||||
}, "")
|
}, "")
|
||||||
return s
|
return s
|
||||||
@@ -9440,6 +9466,47 @@ func (m *PodSecurityPolicySpec) Unmarshal(dAtA []byte) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
m.ReadOnlyRootFilesystem = bool(v != 0)
|
m.ReadOnlyRootFilesystem = bool(v != 0)
|
||||||
|
case 15:
|
||||||
|
if wireType != 0 {
|
||||||
|
return fmt.Errorf("proto: wrong wireType = %d for field DefaultAllowPrivilegeEscalation", wireType)
|
||||||
|
}
|
||||||
|
var v int
|
||||||
|
for shift := uint(0); ; shift += 7 {
|
||||||
|
if shift >= 64 {
|
||||||
|
return ErrIntOverflowGenerated
|
||||||
|
}
|
||||||
|
if iNdEx >= l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
b := dAtA[iNdEx]
|
||||||
|
iNdEx++
|
||||||
|
v |= (int(b) & 0x7F) << shift
|
||||||
|
if b < 0x80 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
b := bool(v != 0)
|
||||||
|
m.DefaultAllowPrivilegeEscalation = &b
|
||||||
|
case 16:
|
||||||
|
if wireType != 0 {
|
||||||
|
return fmt.Errorf("proto: wrong wireType = %d for field AllowPrivilegeEscalation", wireType)
|
||||||
|
}
|
||||||
|
var v int
|
||||||
|
for shift := uint(0); ; shift += 7 {
|
||||||
|
if shift >= 64 {
|
||||||
|
return ErrIntOverflowGenerated
|
||||||
|
}
|
||||||
|
if iNdEx >= l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
b := dAtA[iNdEx]
|
||||||
|
iNdEx++
|
||||||
|
v |= (int(b) & 0x7F) << shift
|
||||||
|
if b < 0x80 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
m.AllowPrivilegeEscalation = bool(v != 0)
|
||||||
default:
|
default:
|
||||||
iNdEx = preIndex
|
iNdEx = preIndex
|
||||||
skippy, err := skipGenerated(dAtA[iNdEx:])
|
skippy, err := skipGenerated(dAtA[iNdEx:])
|
||||||
@@ -11892,217 +11959,220 @@ func init() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
var fileDescriptorGenerated = []byte{
|
var fileDescriptorGenerated = []byte{
|
||||||
// 3383 bytes of a gzipped FileDescriptorProto
|
// 3431 bytes of a gzipped FileDescriptorProto
|
||||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5b, 0x4d, 0x6c, 0x1b, 0xc7,
|
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5b, 0x4f, 0x6c, 0x1b, 0xc7,
|
||||||
0xf5, 0xf7, 0x8a, 0xa2, 0x44, 0x3e, 0x59, 0x92, 0x35, 0x72, 0x64, 0x46, 0x8e, 0x25, 0x67, 0x03,
|
0xd5, 0xf7, 0x8a, 0xa2, 0x44, 0x3d, 0x59, 0x92, 0x35, 0x72, 0x64, 0x46, 0x8e, 0x45, 0x67, 0x03,
|
||||||
0xf8, 0x6f, 0xe7, 0x6f, 0x93, 0xb1, 0x13, 0x27, 0x6e, 0x8c, 0xa6, 0x15, 0xa5, 0xd8, 0x56, 0x2a,
|
0xf8, 0xb3, 0xf3, 0xd9, 0x64, 0xec, 0xc4, 0x89, 0xbf, 0x18, 0x5f, 0xbe, 0x4f, 0x94, 0xfc, 0x47,
|
||||||
0xc9, 0xf4, 0x90, 0x52, 0x5a, 0xa3, 0x6e, 0xb3, 0x22, 0x47, 0xd4, 0x5a, 0xcb, 0xdd, 0xcd, 0xee,
|
0xa9, 0x24, 0xd3, 0x43, 0x4a, 0x69, 0x8d, 0xb8, 0xcd, 0x8a, 0x1c, 0x51, 0x6b, 0x2d, 0x77, 0x37,
|
||||||
0xac, 0x62, 0x5e, 0x8a, 0x9e, 0x02, 0x14, 0x68, 0xd1, 0xf6, 0x90, 0x22, 0xbd, 0x35, 0x97, 0x9e,
|
0xbb, 0xb3, 0x8a, 0x79, 0x29, 0x7a, 0x0a, 0x50, 0xa0, 0x45, 0xdb, 0x43, 0x8a, 0xf4, 0xd6, 0x5c,
|
||||||
0x5a, 0x34, 0xb7, 0xf6, 0x10, 0x14, 0x28, 0xd0, 0x02, 0x46, 0x91, 0x16, 0x39, 0xb5, 0xe9, 0x45,
|
0x7a, 0x6a, 0xd1, 0xdc, 0xda, 0x43, 0x50, 0xa0, 0x40, 0x0b, 0x18, 0x45, 0x5a, 0xe4, 0xd4, 0xe6,
|
||||||
0x68, 0x94, 0x63, 0xcf, 0x05, 0x0a, 0x1f, 0x8a, 0x62, 0x66, 0x67, 0xbf, 0x77, 0x45, 0x52, 0xb1,
|
0x24, 0x34, 0xca, 0xb1, 0xe7, 0x02, 0x85, 0x0f, 0x45, 0x31, 0xb3, 0xb3, 0xff, 0x77, 0x45, 0x52,
|
||||||
0x85, 0xa2, 0x37, 0x71, 0xde, 0x7b, 0xbf, 0xf7, 0x31, 0x33, 0x6f, 0xde, 0xcc, 0x5b, 0xc1, 0x8d,
|
0xb1, 0x85, 0xa2, 0x37, 0x71, 0xde, 0x7b, 0xbf, 0xf7, 0x67, 0x66, 0xde, 0xbc, 0x99, 0xb7, 0x82,
|
||||||
0x9d, 0x6b, 0x76, 0x59, 0x35, 0x2a, 0x3b, 0xce, 0x26, 0xb1, 0x74, 0x42, 0x89, 0x5d, 0xd9, 0x25,
|
0x9b, 0x3b, 0xd7, 0xec, 0xb2, 0x6a, 0x54, 0x76, 0x9c, 0x4d, 0x62, 0xe9, 0x84, 0x12, 0xbb, 0xb2,
|
||||||
0x7a, 0xcb, 0xb0, 0x2a, 0x82, 0xa0, 0x98, 0x6a, 0x85, 0x3c, 0xa0, 0x44, 0xb7, 0x55, 0x43, 0xb7,
|
0x4b, 0xf4, 0x96, 0x61, 0x55, 0x04, 0x41, 0x31, 0xd5, 0x0a, 0x79, 0x48, 0x89, 0x6e, 0xab, 0x86,
|
||||||
0x2b, 0xbb, 0x97, 0x37, 0x09, 0x55, 0x2e, 0x57, 0xda, 0x44, 0x27, 0x96, 0x42, 0x49, 0xab, 0x6c,
|
0x6e, 0x57, 0x76, 0x2f, 0x6f, 0x12, 0xaa, 0x5c, 0xae, 0xb4, 0x89, 0x4e, 0x2c, 0x85, 0x92, 0x56,
|
||||||
0x5a, 0x06, 0x35, 0xd0, 0x19, 0x97, 0xbd, 0xac, 0x98, 0x6a, 0x39, 0x60, 0x2f, 0x0b, 0xf6, 0xd9,
|
0xd9, 0xb4, 0x0c, 0x6a, 0xa0, 0x33, 0x2e, 0x7b, 0x59, 0x31, 0xd5, 0x72, 0xc0, 0x5e, 0x16, 0xec,
|
||||||
0x4b, 0x6d, 0x95, 0x6e, 0x3b, 0x9b, 0xe5, 0xa6, 0xd1, 0xa9, 0xb4, 0x8d, 0xb6, 0x51, 0xe1, 0x52,
|
0x73, 0x97, 0xda, 0x2a, 0xdd, 0x76, 0x36, 0xcb, 0x4d, 0xa3, 0x53, 0x69, 0x1b, 0x6d, 0xa3, 0xc2,
|
||||||
0x9b, 0xce, 0x16, 0xff, 0xc5, 0x7f, 0xf0, 0xbf, 0x5c, 0xb4, 0x59, 0x39, 0xa4, 0xbc, 0x69, 0x58,
|
0xa5, 0x36, 0x9d, 0x2d, 0xfe, 0x8b, 0xff, 0xe0, 0x7f, 0xb9, 0x68, 0x73, 0x72, 0x48, 0x79, 0xd3,
|
||||||
0xa4, 0xb2, 0x9b, 0xd0, 0x38, 0x7b, 0x21, 0xc4, 0x63, 0x1a, 0x9a, 0xda, 0xec, 0x66, 0x19, 0x37,
|
0xb0, 0x48, 0x65, 0x37, 0xa1, 0x71, 0xee, 0x42, 0x88, 0xc7, 0x34, 0x34, 0xb5, 0xd9, 0xcd, 0x32,
|
||||||
0xfb, 0x52, 0xc0, 0xda, 0x51, 0x9a, 0xdb, 0xaa, 0x4e, 0xac, 0x6e, 0xc5, 0xdc, 0x69, 0x73, 0x59,
|
0x6e, 0xee, 0x95, 0x80, 0xb5, 0xa3, 0x34, 0xb7, 0x55, 0x9d, 0x58, 0xdd, 0x8a, 0xb9, 0xd3, 0xe6,
|
||||||
0x8b, 0xd8, 0x86, 0x63, 0x35, 0xc9, 0x40, 0x52, 0x76, 0xa5, 0x43, 0xa8, 0x92, 0x66, 0x56, 0x25,
|
0xb2, 0x16, 0xb1, 0x0d, 0xc7, 0x6a, 0x92, 0x81, 0xa4, 0xec, 0x4a, 0x87, 0x50, 0x25, 0xcd, 0xac,
|
||||||
0x4b, 0xca, 0x72, 0x74, 0xaa, 0x76, 0x92, 0x6a, 0x5e, 0xee, 0x25, 0x60, 0x37, 0xb7, 0x49, 0x47,
|
0x4a, 0x96, 0x94, 0xe5, 0xe8, 0x54, 0xed, 0x24, 0xd5, 0xbc, 0xda, 0x4b, 0xc0, 0x6e, 0x6e, 0x93,
|
||||||
0x49, 0xc8, 0xbd, 0x98, 0x25, 0xe7, 0x50, 0x55, 0xab, 0xa8, 0x3a, 0xb5, 0xa9, 0x15, 0x17, 0x92,
|
0x8e, 0x92, 0x90, 0x7b, 0x39, 0x4b, 0xce, 0xa1, 0xaa, 0x56, 0x51, 0x75, 0x6a, 0x53, 0x2b, 0x2e,
|
||||||
0xcb, 0x00, 0x0b, 0xb5, 0xe5, 0x0d, 0x62, 0xb1, 0xe9, 0x41, 0x67, 0x61, 0x58, 0x57, 0x3a, 0xa4,
|
0x24, 0x97, 0x01, 0x16, 0x6a, 0xcb, 0x1b, 0xc4, 0x62, 0xd3, 0x83, 0xce, 0xc2, 0xb0, 0xae, 0x74,
|
||||||
0x24, 0x9d, 0x95, 0xce, 0x17, 0xab, 0xc7, 0x1f, 0xee, 0xcd, 0x1f, 0xdb, 0xdf, 0x9b, 0x1f, 0x5e,
|
0x48, 0x51, 0x3a, 0x2b, 0x9d, 0x1f, 0xab, 0x1e, 0x7f, 0xb4, 0x57, 0x3a, 0xb6, 0xbf, 0x57, 0x1a,
|
||||||
0x53, 0x3a, 0x04, 0x73, 0x8a, 0xfc, 0x53, 0x09, 0x9e, 0x5e, 0x74, 0x6c, 0x6a, 0x74, 0x56, 0x09,
|
0x5e, 0x53, 0x3a, 0x04, 0x73, 0x8a, 0xfc, 0x13, 0x09, 0x9e, 0x5d, 0x74, 0x6c, 0x6a, 0x74, 0x56,
|
||||||
0xb5, 0xd4, 0xe6, 0xa2, 0x63, 0x59, 0x44, 0xa7, 0x75, 0xaa, 0x50, 0xc7, 0xee, 0x2d, 0x8f, 0xee,
|
0x09, 0xb5, 0xd4, 0xe6, 0xa2, 0x63, 0x59, 0x44, 0xa7, 0x75, 0xaa, 0x50, 0xc7, 0xee, 0x2d, 0x8f,
|
||||||
0x42, 0x7e, 0x57, 0xd1, 0x1c, 0x52, 0x1a, 0x3a, 0x2b, 0x9d, 0x1f, 0xbb, 0x52, 0x2e, 0x07, 0xcb,
|
0xee, 0x41, 0x7e, 0x57, 0xd1, 0x1c, 0x52, 0x1c, 0x3a, 0x2b, 0x9d, 0x1f, 0xbf, 0x52, 0x2e, 0x07,
|
||||||
0xc4, 0x37, 0xba, 0x6c, 0xee, 0xb4, 0xf9, 0xba, 0xf1, 0x66, 0xa2, 0x7c, 0xc7, 0x51, 0x74, 0xaa,
|
0xcb, 0xc4, 0x37, 0xba, 0x6c, 0xee, 0xb4, 0xf9, 0xba, 0xf1, 0x66, 0xa2, 0x7c, 0xd7, 0x51, 0x74,
|
||||||
0xd2, 0x6e, 0xf5, 0xa4, 0x80, 0x3c, 0x2e, 0xf4, 0x6e, 0x30, 0x2c, 0xec, 0x42, 0xca, 0xdf, 0x81,
|
0xaa, 0xd2, 0x6e, 0xf5, 0xa4, 0x80, 0x3c, 0x2e, 0xf4, 0x6e, 0x30, 0x2c, 0xec, 0x42, 0xca, 0xdf,
|
||||||
0x33, 0x99, 0xa6, 0xad, 0xa8, 0x36, 0x45, 0xf7, 0x20, 0xaf, 0x52, 0xd2, 0xb1, 0x4b, 0xd2, 0xd9,
|
0x86, 0x33, 0x99, 0xa6, 0xad, 0xa8, 0x36, 0x45, 0xf7, 0x21, 0xaf, 0x52, 0xd2, 0xb1, 0x8b, 0xd2,
|
||||||
0xdc, 0xf9, 0xb1, 0x2b, 0xd7, 0xca, 0x07, 0xae, 0xd1, 0x72, 0x26, 0x58, 0x75, 0x5c, 0x98, 0x91,
|
0xd9, 0xdc, 0xf9, 0xf1, 0x2b, 0xd7, 0xca, 0x07, 0xae, 0xd1, 0x72, 0x26, 0x58, 0x75, 0x42, 0x98,
|
||||||
0x5f, 0x66, 0x70, 0xd8, 0x45, 0x95, 0x7f, 0x2c, 0x01, 0x0a, 0xcb, 0x34, 0x14, 0xab, 0x4d, 0x68,
|
0x91, 0x5f, 0x66, 0x70, 0xd8, 0x45, 0x95, 0x7f, 0x24, 0x01, 0x0a, 0xcb, 0x34, 0x14, 0xab, 0x4d,
|
||||||
0x1f, 0x41, 0xf9, 0xc6, 0x17, 0x0b, 0xca, 0xb4, 0x80, 0x1c, 0x73, 0x15, 0x46, 0x62, 0x62, 0xc2,
|
0x68, 0x1f, 0x41, 0xf9, 0xc6, 0x57, 0x0b, 0xca, 0x8c, 0x80, 0x1c, 0x77, 0x15, 0x46, 0x62, 0x62,
|
||||||
0x4c, 0xd2, 0x24, 0x1e, 0x8c, 0x8d, 0x68, 0x30, 0x2e, 0x0f, 0x10, 0x0c, 0x17, 0x25, 0x23, 0x0a,
|
0xc2, 0x6c, 0xd2, 0x24, 0x1e, 0x8c, 0x8d, 0x68, 0x30, 0x2e, 0x0f, 0x10, 0x0c, 0x17, 0x25, 0x23,
|
||||||
0xef, 0x0d, 0x41, 0x71, 0x49, 0x21, 0x1d, 0x43, 0xaf, 0x13, 0x8a, 0xde, 0x82, 0x02, 0xdb, 0x18,
|
0x0a, 0x1f, 0x0c, 0xc1, 0xd8, 0x92, 0x42, 0x3a, 0x86, 0x5e, 0x27, 0x14, 0xbd, 0x03, 0x05, 0xb6,
|
||||||
0x2d, 0x85, 0x2a, 0x3c, 0x00, 0x63, 0x57, 0x5e, 0x38, 0xc8, 0x3b, 0xbb, 0xcc, 0xb8, 0xcb, 0xbb,
|
0x31, 0x5a, 0x0a, 0x55, 0x78, 0x00, 0xc6, 0xaf, 0xbc, 0x74, 0x90, 0x77, 0x76, 0x99, 0x71, 0x97,
|
||||||
0x97, 0xcb, 0xb7, 0x37, 0xef, 0x93, 0x26, 0x5d, 0x25, 0x54, 0xa9, 0x22, 0xa1, 0x07, 0x82, 0x31,
|
0x77, 0x2f, 0x97, 0xef, 0x6c, 0x3e, 0x20, 0x4d, 0xba, 0x4a, 0xa8, 0x52, 0x45, 0x42, 0x0f, 0x04,
|
||||||
0xec, 0xa3, 0xa2, 0x35, 0x18, 0xb6, 0x4d, 0xd2, 0x14, 0xb1, 0xbb, 0xd8, 0xc3, 0x0d, 0xdf, 0xb2,
|
0x63, 0xd8, 0x47, 0x45, 0x6b, 0x30, 0x6c, 0x9b, 0xa4, 0x29, 0x62, 0x77, 0xb1, 0x87, 0x1b, 0xbe,
|
||||||
0xba, 0x49, 0x9a, 0xc1, 0x64, 0xb0, 0x5f, 0x98, 0xe3, 0xa0, 0x0d, 0x18, 0xb1, 0xf9, 0x2c, 0x97,
|
0x65, 0x75, 0x93, 0x34, 0x83, 0xc9, 0x60, 0xbf, 0x30, 0xc7, 0x41, 0x1b, 0x30, 0x62, 0xf3, 0x59,
|
||||||
0x72, 0x89, 0xd9, 0x38, 0x18, 0xd1, 0x5d, 0x1b, 0x13, 0x02, 0x73, 0xc4, 0xfd, 0x8d, 0x05, 0x9a,
|
0x2e, 0xe6, 0x12, 0xb3, 0x71, 0x30, 0xa2, 0xbb, 0x36, 0x26, 0x05, 0xe6, 0x88, 0xfb, 0x1b, 0x0b,
|
||||||
0xfc, 0x91, 0x04, 0xe3, 0x3e, 0x2f, 0x9f, 0x81, 0x6f, 0x26, 0x62, 0x53, 0xee, 0x2f, 0x36, 0x4c,
|
0x34, 0xf9, 0x13, 0x09, 0x26, 0x7c, 0x5e, 0x3e, 0x03, 0x6f, 0x27, 0x62, 0x53, 0xee, 0x2f, 0x36,
|
||||||
0x9a, 0x47, 0xe6, 0x84, 0xd0, 0x55, 0xf0, 0x46, 0x42, 0x71, 0x59, 0xf5, 0xe6, 0x77, 0x88, 0xcf,
|
0x4c, 0x9a, 0x47, 0xe6, 0x84, 0xd0, 0x55, 0xf0, 0x46, 0x42, 0x71, 0x59, 0xf5, 0xe6, 0x77, 0x88,
|
||||||
0xef, 0xf9, 0x7e, 0xdd, 0xc8, 0x98, 0xd6, 0x9f, 0x0c, 0x87, 0xcc, 0x67, 0xe1, 0x42, 0xf7, 0xa0,
|
0xcf, 0xef, 0xf9, 0x7e, 0xdd, 0xc8, 0x98, 0xd6, 0x1f, 0x0f, 0x87, 0xcc, 0x67, 0xe1, 0x42, 0xf7,
|
||||||
0x60, 0x13, 0x8d, 0x34, 0xa9, 0x61, 0x09, 0xf3, 0x5f, 0xec, 0xd3, 0x7c, 0x65, 0x93, 0x68, 0x75,
|
0xa1, 0x60, 0x13, 0x8d, 0x34, 0xa9, 0x61, 0x09, 0xf3, 0x5f, 0xee, 0xd3, 0x7c, 0x65, 0x93, 0x68,
|
||||||
0x21, 0x5a, 0x3d, 0xce, 0xec, 0xf7, 0x7e, 0x61, 0x1f, 0x12, 0xdd, 0x81, 0x02, 0x25, 0x1d, 0x53,
|
0x75, 0x21, 0x5a, 0x3d, 0xce, 0xec, 0xf7, 0x7e, 0x61, 0x1f, 0x12, 0xdd, 0x85, 0x02, 0x25, 0x1d,
|
||||||
0x53, 0xa8, 0xb7, 0x2f, 0x9e, 0x0b, 0xbb, 0xc0, 0x4e, 0x01, 0x06, 0x56, 0x33, 0x5a, 0x0d, 0xc1,
|
0x53, 0x53, 0xa8, 0xb7, 0x2f, 0x5e, 0x08, 0xbb, 0xc0, 0x4e, 0x01, 0x06, 0x56, 0x33, 0x5a, 0x0d,
|
||||||
0xc6, 0xa7, 0xd4, 0x0f, 0x89, 0x37, 0x8a, 0x7d, 0x18, 0xb4, 0x0b, 0x13, 0x8e, 0xd9, 0x62, 0x9c,
|
0xc1, 0xc6, 0xa7, 0xd4, 0x0f, 0x89, 0x37, 0x8a, 0x7d, 0x18, 0xb4, 0x0b, 0x93, 0x8e, 0xd9, 0x62,
|
||||||
0x94, 0xe5, 0xc0, 0x76, 0x57, 0x4c, 0xf1, 0xcb, 0xfd, 0xc6, 0x66, 0x3d, 0x22, 0x5d, 0x9d, 0x11,
|
0x9c, 0x94, 0xe5, 0xc0, 0x76, 0x57, 0x4c, 0xf1, 0xab, 0xfd, 0xc6, 0x66, 0x3d, 0x22, 0x5d, 0x9d,
|
||||||
0xba, 0x26, 0xa2, 0xe3, 0x38, 0xa6, 0x05, 0x2d, 0xc0, 0x64, 0x47, 0xd5, 0x31, 0x51, 0x5a, 0xdd,
|
0x15, 0xba, 0x26, 0xa3, 0xe3, 0x38, 0xa6, 0x05, 0x2d, 0xc0, 0x54, 0x47, 0xd5, 0x31, 0x51, 0x5a,
|
||||||
0x3a, 0x69, 0x1a, 0x7a, 0xcb, 0x2e, 0x0d, 0x9f, 0x95, 0xce, 0xe7, 0xab, 0xa7, 0x04, 0xc0, 0xe4,
|
0xdd, 0x3a, 0x69, 0x1a, 0x7a, 0xcb, 0x2e, 0x0e, 0x9f, 0x95, 0xce, 0xe7, 0xab, 0xa7, 0x04, 0xc0,
|
||||||
0x6a, 0x94, 0x8c, 0xe3, 0xfc, 0xe8, 0x0d, 0x40, 0x9e, 0x1b, 0x37, 0xdd, 0x14, 0xae, 0x1a, 0x7a,
|
0xd4, 0x6a, 0x94, 0x8c, 0xe3, 0xfc, 0xe8, 0x4d, 0x40, 0x9e, 0x1b, 0xb7, 0xdc, 0x14, 0xae, 0x1a,
|
||||||
0x29, 0x7f, 0x56, 0x3a, 0x9f, 0xab, 0xce, 0x0a, 0x14, 0xd4, 0x48, 0x70, 0xe0, 0x14, 0x29, 0xb4,
|
0x7a, 0x31, 0x7f, 0x56, 0x3a, 0x9f, 0xab, 0xce, 0x09, 0x14, 0xd4, 0x48, 0x70, 0xe0, 0x14, 0x29,
|
||||||
0x02, 0x27, 0x2d, 0xb2, 0xab, 0x32, 0x1f, 0x6f, 0xa9, 0x36, 0x35, 0xac, 0xee, 0x8a, 0xda, 0x51,
|
0xb4, 0x02, 0x27, 0x2d, 0xb2, 0xab, 0x32, 0x1f, 0x6f, 0xab, 0x36, 0x35, 0xac, 0xee, 0x8a, 0xda,
|
||||||
0x69, 0x69, 0x84, 0xdb, 0x54, 0xda, 0xdf, 0x9b, 0x3f, 0x89, 0x53, 0xe8, 0x38, 0x55, 0x4a, 0xfe,
|
0x51, 0x69, 0x71, 0x84, 0xdb, 0x54, 0xdc, 0xdf, 0x2b, 0x9d, 0xc4, 0x29, 0x74, 0x9c, 0x2a, 0x25,
|
||||||
0x30, 0x0f, 0x93, 0xb1, 0x3d, 0x80, 0x36, 0x60, 0xa6, 0xe9, 0x26, 0xcc, 0x35, 0xa7, 0xb3, 0x49,
|
0x7f, 0x9c, 0x87, 0xa9, 0xd8, 0x1e, 0x40, 0x1b, 0x30, 0xdb, 0x74, 0x13, 0xe6, 0x9a, 0xd3, 0xd9,
|
||||||
0xac, 0x7a, 0x73, 0x9b, 0xb4, 0x1c, 0x8d, 0xb4, 0xf8, 0x42, 0xc9, 0x57, 0xe7, 0x84, 0xc5, 0x33,
|
0x24, 0x56, 0xbd, 0xb9, 0x4d, 0x5a, 0x8e, 0x46, 0x5a, 0x7c, 0xa1, 0xe4, 0xab, 0xf3, 0xc2, 0xe2,
|
||||||
0x8b, 0xa9, 0x5c, 0x38, 0x43, 0x9a, 0x45, 0x41, 0xe7, 0x43, 0xab, 0xaa, 0x6d, 0xfb, 0x98, 0x43,
|
0xd9, 0xc5, 0x54, 0x2e, 0x9c, 0x21, 0xcd, 0xa2, 0xa0, 0xf3, 0xa1, 0x55, 0xd5, 0xb6, 0x7d, 0xcc,
|
||||||
0x1c, 0xd3, 0x8f, 0xc2, 0x5a, 0x82, 0x03, 0xa7, 0x48, 0x31, 0x1b, 0x5b, 0xc4, 0x56, 0x2d, 0xd2,
|
0x21, 0x8e, 0xe9, 0x47, 0x61, 0x2d, 0xc1, 0x81, 0x53, 0xa4, 0x98, 0x8d, 0x2d, 0x62, 0xab, 0x16,
|
||||||
0x8a, 0xdb, 0x98, 0x8b, 0xda, 0xb8, 0x94, 0xca, 0x85, 0x33, 0xa4, 0xd1, 0x55, 0x18, 0x73, 0xb5,
|
0x69, 0xc5, 0x6d, 0xcc, 0x45, 0x6d, 0x5c, 0x4a, 0xe5, 0xc2, 0x19, 0xd2, 0xe8, 0x2a, 0x8c, 0xbb,
|
||||||
0xf1, 0xf9, 0x13, 0x13, 0xed, 0xa7, 0xe8, 0xb5, 0x80, 0x84, 0xc3, 0x7c, 0xcc, 0x35, 0x63, 0xd3,
|
0xda, 0xf8, 0xfc, 0x89, 0x89, 0xf6, 0x53, 0xf4, 0x5a, 0x40, 0xc2, 0x61, 0x3e, 0xe6, 0x9a, 0xb1,
|
||||||
0x26, 0xd6, 0x2e, 0x69, 0x65, 0x4f, 0xf0, 0xed, 0x04, 0x07, 0x4e, 0x91, 0x62, 0xae, 0xb9, 0x2b,
|
0x69, 0x13, 0x6b, 0x97, 0xb4, 0xb2, 0x27, 0xf8, 0x4e, 0x82, 0x03, 0xa7, 0x48, 0x31, 0xd7, 0xdc,
|
||||||
0x30, 0xe1, 0xda, 0x48, 0xd4, 0xb5, 0xf5, 0x54, 0x2e, 0x9c, 0x21, 0xcd, 0xd6, 0xb1, 0x6b, 0xf2,
|
0x15, 0x98, 0x70, 0x6d, 0x24, 0xea, 0xda, 0x7a, 0x2a, 0x17, 0xce, 0x90, 0x66, 0xeb, 0xd8, 0x35,
|
||||||
0xc2, 0xae, 0xa2, 0x6a, 0xca, 0xa6, 0x46, 0x4a, 0xa3, 0xd1, 0x75, 0xbc, 0x16, 0x25, 0xe3, 0x38,
|
0x79, 0x61, 0x57, 0x51, 0x35, 0x65, 0x53, 0x23, 0xc5, 0xd1, 0xe8, 0x3a, 0x5e, 0x8b, 0x92, 0x71,
|
||||||
0x3f, 0xba, 0x09, 0x53, 0xee, 0xd0, 0xba, 0xae, 0xf8, 0x20, 0x05, 0x0e, 0xf2, 0xb4, 0x00, 0x99,
|
0x9c, 0x1f, 0xdd, 0x82, 0x69, 0x77, 0x68, 0x5d, 0x57, 0x7c, 0x90, 0x02, 0x07, 0x79, 0x56, 0x80,
|
||||||
0x5a, 0x8b, 0x33, 0xe0, 0xa4, 0x0c, 0x7a, 0x15, 0x26, 0x9a, 0x86, 0xa6, 0xf1, 0xf5, 0xb8, 0x68,
|
0x4c, 0xaf, 0xc5, 0x19, 0x70, 0x52, 0x06, 0xbd, 0x0e, 0x93, 0x4d, 0x43, 0xd3, 0xf8, 0x7a, 0x5c,
|
||||||
0x38, 0x3a, 0x2d, 0x15, 0x79, 0xac, 0x10, 0xdb, 0x8f, 0x8b, 0x11, 0x0a, 0x8e, 0x71, 0xca, 0x7f,
|
0x34, 0x1c, 0x9d, 0x16, 0xc7, 0x78, 0xac, 0x10, 0xdb, 0x8f, 0x8b, 0x11, 0x0a, 0x8e, 0x71, 0xca,
|
||||||
0x94, 0xe0, 0x54, 0xc6, 0x9e, 0x46, 0x5f, 0x81, 0x61, 0xda, 0x35, 0xbd, 0xd3, 0xfa, 0xff, 0xbd,
|
0x7f, 0x90, 0xe0, 0x54, 0xc6, 0x9e, 0x46, 0xff, 0x07, 0xc3, 0xb4, 0x6b, 0x7a, 0xa7, 0xf5, 0x7f,
|
||||||
0x03, 0xa2, 0xd1, 0x35, 0xc9, 0xa3, 0xbd, 0xf9, 0xd3, 0x19, 0x62, 0x8c, 0x8c, 0xb9, 0x20, 0xd2,
|
0x7b, 0x07, 0x44, 0xa3, 0x6b, 0x92, 0xc7, 0x7b, 0xa5, 0xd3, 0x19, 0x62, 0x8c, 0x8c, 0xb9, 0x20,
|
||||||
0x61, 0xdc, 0x62, 0xea, 0xf4, 0xb6, 0xcb, 0x22, 0x92, 0xd7, 0xd5, 0x1e, 0x39, 0x06, 0x87, 0x65,
|
0xd2, 0x61, 0xc2, 0x62, 0xea, 0xf4, 0xb6, 0xcb, 0x22, 0x92, 0xd7, 0xd5, 0x1e, 0x39, 0x06, 0x87,
|
||||||
0x82, 0x64, 0x3c, 0xb5, 0xbf, 0x37, 0x3f, 0x1e, 0xa1, 0xe1, 0x28, 0xbc, 0xfc, 0xfe, 0x10, 0xc0,
|
0x65, 0x82, 0x64, 0x3c, 0xbd, 0xbf, 0x57, 0x9a, 0x88, 0xd0, 0x70, 0x14, 0x5e, 0xfe, 0x70, 0x08,
|
||||||
0x12, 0x31, 0x35, 0xa3, 0xdb, 0x21, 0xfa, 0x51, 0x1c, 0xb8, 0xb7, 0x23, 0x07, 0xee, 0xa5, 0x5e,
|
0x60, 0x89, 0x98, 0x9a, 0xd1, 0xed, 0x10, 0xfd, 0x28, 0x0e, 0xdc, 0x3b, 0x91, 0x03, 0xf7, 0x52,
|
||||||
0xb9, 0xd3, 0x37, 0x2d, 0xf3, 0xc4, 0x7d, 0x33, 0x76, 0xe2, 0x56, 0xfa, 0x87, 0x3c, 0xf8, 0xc8,
|
0xaf, 0xdc, 0xe9, 0x9b, 0x96, 0x79, 0xe2, 0xbe, 0x15, 0x3b, 0x71, 0x2b, 0xfd, 0x43, 0x1e, 0x7c,
|
||||||
0xfd, 0x6b, 0x0e, 0xa6, 0x03, 0xe6, 0x45, 0x43, 0x6f, 0xa9, 0x7c, 0x7f, 0x5c, 0x8f, 0xcc, 0xf1,
|
0xe4, 0xfe, 0x25, 0x07, 0x33, 0x01, 0xf3, 0xa2, 0xa1, 0xb7, 0x54, 0xbe, 0x3f, 0xae, 0x47, 0xe6,
|
||||||
0xff, 0xc5, 0xe6, 0xf8, 0x54, 0x8a, 0x48, 0x68, 0x7e, 0x57, 0x7c, 0x6b, 0x87, 0xb8, 0xf8, 0x4b,
|
0xf8, 0xbf, 0x62, 0x73, 0x7c, 0x2a, 0x45, 0x24, 0x34, 0xbf, 0x2b, 0xbe, 0xb5, 0x43, 0x5c, 0xfc,
|
||||||
0x51, 0xe5, 0x8f, 0xf6, 0xe6, 0x53, 0x2e, 0x2b, 0x65, 0x1f, 0x29, 0x6a, 0x22, 0x3a, 0x07, 0x23,
|
0x95, 0xa8, 0xf2, 0xc7, 0x7b, 0xa5, 0x94, 0xcb, 0x4a, 0xd9, 0x47, 0x8a, 0x9a, 0x88, 0xce, 0xc1,
|
||||||
0x16, 0x51, 0x6c, 0x43, 0xe7, 0x89, 0xa2, 0x18, 0xb8, 0x82, 0xf9, 0x28, 0x16, 0x54, 0x74, 0x01,
|
0x88, 0x45, 0x14, 0xdb, 0xd0, 0x79, 0xa2, 0x18, 0x0b, 0x5c, 0xc1, 0x7c, 0x14, 0x0b, 0x2a, 0xba,
|
||||||
0x46, 0x3b, 0xc4, 0xb6, 0x95, 0x36, 0xe1, 0x39, 0xa1, 0x58, 0x9d, 0x14, 0x8c, 0xa3, 0xab, 0xee,
|
0x00, 0xa3, 0x1d, 0x62, 0xdb, 0x4a, 0x9b, 0xf0, 0x9c, 0x30, 0x56, 0x9d, 0x12, 0x8c, 0xa3, 0xab,
|
||||||
0x30, 0xf6, 0xe8, 0xe8, 0x3e, 0x4c, 0x68, 0x8a, 0x2d, 0x16, 0x68, 0x43, 0xed, 0x10, 0xbe, 0xeb,
|
0xee, 0x30, 0xf6, 0xe8, 0xe8, 0x01, 0x4c, 0x6a, 0x8a, 0x2d, 0x16, 0x68, 0x43, 0xed, 0x10, 0xbe,
|
||||||
0xc7, 0xae, 0x3c, 0xdf, 0xdf, 0x3a, 0x60, 0x12, 0xc1, 0xc9, 0xb6, 0x12, 0x41, 0xc2, 0x31, 0x64,
|
0xeb, 0xc7, 0xaf, 0xbc, 0xd8, 0xdf, 0x3a, 0x60, 0x12, 0xc1, 0xc9, 0xb6, 0x12, 0x41, 0xc2, 0x31,
|
||||||
0xb4, 0x0b, 0x88, 0x8d, 0x34, 0x2c, 0x45, 0xb7, 0xdd, 0x40, 0x31, 0x7d, 0xa3, 0x03, 0xeb, 0xf3,
|
0x64, 0xb4, 0x0b, 0x88, 0x8d, 0x34, 0x2c, 0x45, 0xb7, 0xdd, 0x40, 0x31, 0x7d, 0xa3, 0x03, 0xeb,
|
||||||
0x33, 0xdc, 0x4a, 0x02, 0x0d, 0xa7, 0x68, 0x90, 0x7f, 0x2b, 0xc1, 0x44, 0x30, 0x4d, 0x47, 0x50,
|
0xf3, 0x33, 0xdc, 0x4a, 0x02, 0x0d, 0xa7, 0x68, 0x90, 0x7f, 0x23, 0xc1, 0x64, 0x30, 0x4d, 0x47,
|
||||||
0x4d, 0xad, 0x45, 0xab, 0xa9, 0x0b, 0x7d, 0x2f, 0xd1, 0x8c, 0x72, 0xea, 0x5f, 0x43, 0x80, 0x02,
|
0x50, 0x4d, 0xad, 0x45, 0xab, 0xa9, 0x0b, 0x7d, 0x2f, 0xd1, 0x8c, 0x72, 0xea, 0x1f, 0x43, 0x80,
|
||||||
0x26, 0xb6, 0xc1, 0x37, 0x95, 0xe6, 0x4e, 0x1f, 0x77, 0x85, 0xf7, 0x24, 0x40, 0x22, 0x3d, 0x2f,
|
0x02, 0x26, 0xb6, 0xc1, 0x37, 0x95, 0xe6, 0x4e, 0x1f, 0x77, 0x85, 0x0f, 0x24, 0x40, 0x22, 0x3d,
|
||||||
0xe8, 0xba, 0x41, 0x79, 0xc6, 0xf7, 0xcc, 0x5a, 0xee, 0xdb, 0x2c, 0x4f, 0x63, 0x79, 0x3d, 0x81,
|
0x2f, 0xe8, 0xba, 0x41, 0x79, 0xc6, 0xf7, 0xcc, 0x5a, 0xee, 0xdb, 0x2c, 0x4f, 0x63, 0x79, 0x3d,
|
||||||
0xf5, 0xba, 0x4e, 0xad, 0x6e, 0x30, 0x23, 0x49, 0x06, 0x9c, 0x62, 0x00, 0x52, 0x00, 0x2c, 0x81,
|
0x81, 0x75, 0x43, 0xa7, 0x56, 0x37, 0x98, 0x91, 0x24, 0x03, 0x4e, 0x31, 0x00, 0x29, 0x00, 0x96,
|
||||||
0xd9, 0x30, 0xc4, 0x46, 0xbe, 0xd4, 0x47, 0xce, 0x63, 0x02, 0x8b, 0x86, 0xbe, 0xa5, 0xb6, 0x83,
|
0xc0, 0x6c, 0x18, 0x62, 0x23, 0x5f, 0xea, 0x23, 0xe7, 0x31, 0x81, 0x45, 0x43, 0xdf, 0x52, 0xdb,
|
||||||
0xb4, 0x83, 0x7d, 0x20, 0x1c, 0x02, 0x9d, 0x7d, 0x1d, 0x4e, 0x65, 0x58, 0x8b, 0x4e, 0x40, 0x6e,
|
0x41, 0xda, 0xc1, 0x3e, 0x10, 0x0e, 0x81, 0xce, 0xdd, 0x80, 0x53, 0x19, 0xd6, 0xa2, 0x13, 0x90,
|
||||||
0x87, 0x74, 0xdd, 0xb0, 0x61, 0xf6, 0x27, 0x3a, 0x19, 0xbe, 0x53, 0x15, 0xc5, 0x75, 0xe8, 0xd5,
|
0xdb, 0x21, 0x5d, 0x37, 0x6c, 0x98, 0xfd, 0x89, 0x4e, 0x86, 0xef, 0x54, 0x63, 0xe2, 0x3a, 0xf4,
|
||||||
0xa1, 0x6b, 0x92, 0xfc, 0x51, 0x3e, 0xbc, 0x76, 0x78, 0x29, 0x7b, 0x1e, 0x0a, 0x16, 0x31, 0x35,
|
0xfa, 0xd0, 0x35, 0x49, 0xfe, 0x24, 0x1f, 0x5e, 0x3b, 0xbc, 0x94, 0x3d, 0x0f, 0x05, 0x8b, 0x98,
|
||||||
0xb5, 0xa9, 0xd8, 0xa2, 0x42, 0xe1, 0x55, 0x29, 0x16, 0x63, 0xd8, 0xa7, 0x46, 0x8a, 0xde, 0xa1,
|
0x9a, 0xda, 0x54, 0x6c, 0x51, 0xa1, 0xf0, 0xaa, 0x14, 0x8b, 0x31, 0xec, 0x53, 0x23, 0x45, 0xef,
|
||||||
0x27, 0x5b, 0xf4, 0xe6, 0x1e, 0x4f, 0xd1, 0xfb, 0x6d, 0x28, 0xd8, 0x5e, 0xb9, 0x3b, 0xcc, 0x21,
|
0xd0, 0xd3, 0x2d, 0x7a, 0x73, 0x4f, 0xa6, 0xe8, 0xfd, 0x16, 0x14, 0x6c, 0xaf, 0xdc, 0x1d, 0xe6,
|
||||||
0x2f, 0x0f, 0x90, 0x5f, 0x45, 0xa5, 0xeb, 0x2b, 0xf0, 0x6b, 0x5c, 0x1f, 0x34, 0xad, 0xba, 0xcd,
|
0x90, 0x97, 0x07, 0xc8, 0xaf, 0xa2, 0xd2, 0xf5, 0x15, 0xf8, 0x35, 0xae, 0x0f, 0x9a, 0x56, 0xdd,
|
||||||
0x0f, 0x58, 0xdd, 0x3e, 0xd6, 0x8a, 0x94, 0xe5, 0x54, 0x53, 0x71, 0x6c, 0xd2, 0xe2, 0x89, 0xa8,
|
0xe6, 0x07, 0xac, 0x6e, 0x9f, 0x68, 0x45, 0xca, 0x72, 0xaa, 0xa9, 0x38, 0x36, 0x69, 0xf1, 0x44,
|
||||||
0x10, 0xe4, 0xd4, 0x1a, 0x1f, 0xc5, 0x82, 0x8a, 0xee, 0x45, 0x96, 0x6c, 0xe1, 0x30, 0x4b, 0x76,
|
0x54, 0x08, 0x72, 0x6a, 0x8d, 0x8f, 0x62, 0x41, 0x45, 0xf7, 0x23, 0x4b, 0xb6, 0x70, 0x98, 0x25,
|
||||||
0x22, 0x7b, 0xb9, 0xa2, 0x75, 0x38, 0x65, 0x5a, 0x46, 0xdb, 0x22, 0xb6, 0xbd, 0x44, 0x94, 0x96,
|
0x3b, 0x99, 0xbd, 0x5c, 0xd1, 0x3a, 0x9c, 0x32, 0x2d, 0xa3, 0x6d, 0x11, 0xdb, 0x5e, 0x22, 0x4a,
|
||||||
0xa6, 0xea, 0xc4, 0x8b, 0x4f, 0x91, 0xfb, 0x75, 0x7a, 0x7f, 0x6f, 0xfe, 0x54, 0x2d, 0x9d, 0x05,
|
0x4b, 0x53, 0x75, 0xe2, 0xc5, 0x67, 0x8c, 0xfb, 0x75, 0x7a, 0x7f, 0xaf, 0x74, 0xaa, 0x96, 0xce,
|
||||||
0x67, 0xc9, 0xca, 0x0f, 0x87, 0xe1, 0x44, 0xfc, 0x04, 0xcc, 0xa8, 0x1e, 0xa5, 0x43, 0x55, 0x8f,
|
0x82, 0xb3, 0x64, 0xe5, 0x47, 0xc3, 0x70, 0x22, 0x7e, 0x02, 0x66, 0x54, 0x8f, 0xd2, 0xa1, 0xaa,
|
||||||
0x17, 0x43, 0x9b, 0xc1, 0x2d, 0xad, 0xfd, 0xd9, 0x4f, 0xd9, 0x10, 0x0b, 0x30, 0x29, 0xb2, 0x81,
|
0xc7, 0x8b, 0xa1, 0xcd, 0xe0, 0x96, 0xd6, 0xfe, 0xec, 0xa7, 0x6c, 0x88, 0x05, 0x98, 0x12, 0xd9,
|
||||||
0x47, 0x14, 0xf5, 0xb3, 0x3f, 0xfb, 0xeb, 0x51, 0x32, 0x8e, 0xf3, 0xb3, 0x9a, 0x30, 0x28, 0xf5,
|
0xc0, 0x23, 0x8a, 0xfa, 0xd9, 0x9f, 0xfd, 0xf5, 0x28, 0x19, 0xc7, 0xf9, 0x59, 0x4d, 0x18, 0x94,
|
||||||
0x3c, 0x90, 0xe1, 0x68, 0x4d, 0xb8, 0x10, 0x67, 0xc0, 0x49, 0x19, 0xb4, 0x0a, 0xd3, 0x8e, 0x9e,
|
0x7a, 0x1e, 0xc8, 0x70, 0xb4, 0x26, 0x5c, 0x88, 0x33, 0xe0, 0xa4, 0x0c, 0x5a, 0x85, 0x19, 0x47,
|
||||||
0x84, 0x72, 0x57, 0xe3, 0x69, 0x01, 0x35, 0xbd, 0x9e, 0x64, 0xc1, 0x69, 0x72, 0x68, 0x0b, 0xa0,
|
0x4f, 0x42, 0xb9, 0xab, 0xf1, 0xb4, 0x80, 0x9a, 0x59, 0x4f, 0xb2, 0xe0, 0x34, 0x39, 0xb4, 0x05,
|
||||||
0xe9, 0x1d, 0xdb, 0x76, 0x69, 0x84, 0x67, 0xd8, 0x2b, 0x7d, 0xef, 0x1d, 0xff, 0xc4, 0x0f, 0xf2,
|
0xd0, 0xf4, 0x8e, 0x6d, 0xbb, 0x38, 0xc2, 0x33, 0xec, 0x95, 0xbe, 0xf7, 0x8e, 0x7f, 0xe2, 0x07,
|
||||||
0x9a, 0x3f, 0x64, 0xe3, 0x10, 0x32, 0xba, 0x0e, 0xe3, 0x16, 0xbf, 0x10, 0x78, 0x06, 0xbb, 0x45,
|
0x79, 0xcd, 0x1f, 0xb2, 0x71, 0x08, 0x19, 0x5d, 0x87, 0x09, 0x8b, 0x5f, 0x08, 0x3c, 0x83, 0xdd,
|
||||||
0xf5, 0x53, 0x42, 0x6c, 0x1c, 0x87, 0x89, 0x38, 0xca, 0x9b, 0x52, 0x07, 0x17, 0xfa, 0xae, 0x83,
|
0xa2, 0xfa, 0x19, 0x21, 0x36, 0x81, 0xc3, 0x44, 0x1c, 0xe5, 0x4d, 0xa9, 0x83, 0x0b, 0x7d, 0xd7,
|
||||||
0x7f, 0x27, 0x85, 0x0f, 0x21, 0xbf, 0x04, 0x7e, 0x35, 0x52, 0x1e, 0x9d, 0x8b, 0x95, 0x47, 0x33,
|
0xc1, 0xbf, 0x95, 0xc2, 0x87, 0x90, 0x5f, 0x02, 0xbf, 0x1e, 0x29, 0x8f, 0xce, 0xc5, 0xca, 0xa3,
|
||||||
0x49, 0x89, 0x50, 0x75, 0x64, 0xa4, 0x57, 0xbf, 0x2f, 0x0f, 0x54, 0xfd, 0x06, 0x87, 0x67, 0xef,
|
0xd9, 0xa4, 0x44, 0xa8, 0x3a, 0x32, 0xd2, 0xab, 0xdf, 0x57, 0x07, 0xaa, 0x7e, 0x83, 0xc3, 0xb3,
|
||||||
0xf2, 0xf7, 0x03, 0x09, 0x66, 0x6e, 0xd4, 0x6f, 0x5a, 0x86, 0x63, 0x7a, 0xe6, 0xdc, 0x36, 0xdd,
|
0x77, 0xf9, 0xfb, 0x91, 0x04, 0xb3, 0x37, 0xeb, 0xb7, 0x2c, 0xc3, 0x31, 0x3d, 0x73, 0xee, 0x98,
|
||||||
0xb8, 0xbe, 0x02, 0xc3, 0x96, 0xa3, 0x79, 0x7e, 0x3c, 0xe7, 0xf9, 0x81, 0x1d, 0x8d, 0xf9, 0x31,
|
0x6e, 0x5c, 0x5f, 0x83, 0x61, 0xcb, 0xd1, 0x3c, 0x3f, 0x5e, 0xf0, 0xfc, 0xc0, 0x8e, 0xc6, 0xfc,
|
||||||
0x1d, 0x93, 0x72, 0x9d, 0x60, 0x02, 0x68, 0x0d, 0x46, 0x2c, 0x45, 0x6f, 0x13, 0xef, 0x58, 0x3d,
|
0x98, 0x89, 0x49, 0xb9, 0x4e, 0x30, 0x01, 0xb4, 0x06, 0x23, 0x96, 0xa2, 0xb7, 0x89, 0x77, 0xac,
|
||||||
0xd7, 0xc3, 0xfa, 0xe5, 0x25, 0xcc, 0xd8, 0x43, 0xc5, 0x1b, 0x97, 0xc6, 0x02, 0x45, 0xfe, 0x81,
|
0x9e, 0xeb, 0x61, 0xfd, 0xf2, 0x12, 0x66, 0xec, 0xa1, 0xe2, 0x8d, 0x4b, 0x63, 0x81, 0x22, 0x7f,
|
||||||
0x04, 0x93, 0xb7, 0x1a, 0x8d, 0xda, 0xb2, 0xce, 0x77, 0x74, 0x4d, 0xa1, 0xdb, 0xec, 0xa4, 0x37,
|
0x5f, 0x82, 0xa9, 0xdb, 0x8d, 0x46, 0x6d, 0x59, 0xe7, 0x3b, 0xba, 0xa6, 0xd0, 0x6d, 0x76, 0xd2,
|
||||||
0x15, 0xba, 0x1d, 0x3f, 0xe9, 0x19, 0x0d, 0x73, 0x0a, 0xfa, 0x3a, 0x8c, 0xb2, 0x4c, 0x42, 0xf4,
|
0x9b, 0x0a, 0xdd, 0x8e, 0x9f, 0xf4, 0x8c, 0x86, 0x39, 0x05, 0x7d, 0x1d, 0x46, 0x59, 0x26, 0x21,
|
||||||
0x56, 0x9f, 0xa5, 0xb6, 0x80, 0xaf, 0xba, 0x42, 0x41, 0x85, 0x28, 0x06, 0xb0, 0x07, 0x27, 0xef,
|
0x7a, 0xab, 0xcf, 0x52, 0x5b, 0xc0, 0x57, 0x5d, 0xa1, 0xa0, 0x42, 0x14, 0x03, 0xd8, 0x83, 0x93,
|
||||||
0xc0, 0xc9, 0x90, 0x39, 0x2c, 0x1e, 0xfc, 0xcd, 0x10, 0xd5, 0x21, 0xcf, 0x34, 0x7b, 0x4f, 0x82,
|
0x77, 0xe0, 0x64, 0xc8, 0x1c, 0x16, 0x0f, 0xfe, 0x66, 0x88, 0xea, 0x90, 0x67, 0x9a, 0xbd, 0x27,
|
||||||
0xbd, 0x5e, 0xbe, 0x62, 0x2e, 0x05, 0x95, 0x0e, 0xfb, 0x65, 0x63, 0x17, 0x4b, 0x5e, 0x85, 0xf1,
|
0xc1, 0x5e, 0x2f, 0x5f, 0x31, 0x97, 0x82, 0x4a, 0x87, 0xfd, 0xb2, 0xb1, 0x8b, 0x25, 0xaf, 0xc2,
|
||||||
0x5b, 0x86, 0x4d, 0x6b, 0x86, 0x45, 0x79, 0x58, 0xd0, 0x19, 0xc8, 0x75, 0x54, 0x5d, 0x9c, 0xb3,
|
0xc4, 0x6d, 0xc3, 0xa6, 0x35, 0xc3, 0xa2, 0x3c, 0x2c, 0xe8, 0x0c, 0xe4, 0x3a, 0xaa, 0x2e, 0xce,
|
||||||
0x63, 0x42, 0x26, 0xc7, 0xce, 0x08, 0x36, 0xce, 0xc9, 0xca, 0x03, 0x91, 0x79, 0x02, 0xb2, 0xf2,
|
0xd9, 0x71, 0x21, 0x93, 0x63, 0x67, 0x04, 0x1b, 0xe7, 0x64, 0xe5, 0xa1, 0xc8, 0x3c, 0x01, 0x59,
|
||||||
0x00, 0xb3, 0x71, 0xf9, 0x26, 0x8c, 0x8a, 0x70, 0x87, 0x81, 0x72, 0x07, 0x03, 0xe5, 0x52, 0x80,
|
0x79, 0x88, 0xd9, 0xb8, 0x7c, 0x0b, 0x46, 0x45, 0xb8, 0xc3, 0x40, 0xb9, 0x83, 0x81, 0x72, 0x29,
|
||||||
0x7e, 0x38, 0x04, 0xa3, 0xc2, 0xfa, 0x23, 0xb8, 0x34, 0xad, 0x44, 0x2e, 0x4d, 0xcf, 0xf7, 0x37,
|
0x40, 0x3f, 0x18, 0x82, 0x51, 0x61, 0xfd, 0x11, 0x5c, 0x9a, 0x56, 0x22, 0x97, 0xa6, 0x17, 0xfb,
|
||||||
0x93, 0x99, 0x37, 0xa6, 0x46, 0xec, 0xc6, 0x74, 0xb1, 0x4f, 0xbc, 0x83, 0xaf, 0x4b, 0x1f, 0x4a,
|
0x9b, 0xc9, 0xcc, 0x1b, 0x53, 0x23, 0x76, 0x63, 0xba, 0xd8, 0x27, 0xde, 0xc1, 0xd7, 0xa5, 0x8f,
|
||||||
0x30, 0x11, 0x5d, 0x43, 0xe8, 0x2a, 0x8c, 0xb1, 0xf3, 0x41, 0x6d, 0x92, 0xb5, 0xa0, 0x2c, 0xf5,
|
0x25, 0x98, 0x8c, 0xae, 0x21, 0x74, 0x15, 0xc6, 0xd9, 0xf9, 0xa0, 0x36, 0xc9, 0x5a, 0x50, 0x96,
|
||||||
0x1f, 0x33, 0xea, 0x01, 0x09, 0x87, 0xf9, 0x50, 0xdb, 0x17, 0x63, 0xd3, 0x2e, 0x9c, 0xce, 0x0e,
|
0xfa, 0x8f, 0x19, 0xf5, 0x80, 0x84, 0xc3, 0x7c, 0xa8, 0xed, 0x8b, 0xb1, 0x69, 0x17, 0x4e, 0x67,
|
||||||
0xa9, 0x43, 0x55, 0xad, 0xec, 0x36, 0x28, 0xca, 0xcb, 0x3a, 0xbd, 0x6d, 0xd5, 0xa9, 0xa5, 0xea,
|
0x87, 0xd4, 0xa1, 0xaa, 0x56, 0x76, 0x1b, 0x14, 0xe5, 0x65, 0x9d, 0xde, 0xb1, 0xea, 0xd4, 0x52,
|
||||||
0xed, 0x84, 0x22, 0xbe, 0x86, 0xc2, 0xc8, 0xf2, 0x6f, 0x24, 0x18, 0x13, 0x26, 0x1f, 0xc1, 0x25,
|
0xf5, 0x76, 0x42, 0x11, 0x5f, 0x43, 0x61, 0x64, 0xf9, 0xd7, 0x12, 0x8c, 0x0b, 0x93, 0x8f, 0xe0,
|
||||||
0xe0, 0x6b, 0xd1, 0x4b, 0xc0, 0xb9, 0x3e, 0xf7, 0x63, 0xfa, 0x0d, 0xe0, 0xe7, 0x81, 0xe9, 0x6c,
|
0x12, 0xf0, 0xb5, 0xe8, 0x25, 0xe0, 0x5c, 0x9f, 0xfb, 0x31, 0xfd, 0x06, 0xf0, 0xb3, 0xc0, 0x74,
|
||||||
0x07, 0xb2, 0x84, 0xb0, 0x6d, 0xd8, 0x34, 0x9e, 0x10, 0xd8, 0xde, 0xc1, 0x9c, 0x82, 0x1c, 0x38,
|
0xb6, 0x03, 0x59, 0x42, 0xd8, 0x36, 0x6c, 0x1a, 0x4f, 0x08, 0x6c, 0xef, 0x60, 0x4e, 0x41, 0x0e,
|
||||||
0xa1, 0xc6, 0xb6, 0xac, 0x08, 0x6d, 0xa5, 0x3f, 0x4b, 0x7c, 0xb1, 0x6a, 0x49, 0xc0, 0x9f, 0x88,
|
0x9c, 0x50, 0x63, 0x5b, 0x56, 0x84, 0xb6, 0xd2, 0x9f, 0x25, 0xbe, 0x58, 0xb5, 0x28, 0xe0, 0x4f,
|
||||||
0x53, 0x70, 0x42, 0x85, 0x4c, 0x20, 0xc1, 0x85, 0xee, 0xc0, 0xf0, 0x36, 0xa5, 0x66, 0xca, 0xbb,
|
0xc4, 0x29, 0x38, 0xa1, 0x42, 0x26, 0x90, 0xe0, 0x42, 0x77, 0x61, 0x78, 0x9b, 0x52, 0x33, 0xe5,
|
||||||
0x6f, 0x8f, 0x44, 0x11, 0x98, 0x50, 0xe0, 0xde, 0x35, 0x1a, 0x35, 0xcc, 0xa1, 0xe4, 0x7f, 0x07,
|
0xdd, 0xb7, 0x47, 0xa2, 0x08, 0x4c, 0x28, 0x70, 0xef, 0x1a, 0x8d, 0x1a, 0xe6, 0x50, 0xf2, 0x3f,
|
||||||
0xf1, 0xa8, 0xbb, 0x6b, 0xdc, 0x4f, 0x7f, 0xd2, 0x61, 0xd2, 0xdf, 0x58, 0x5a, 0xea, 0x43, 0xb7,
|
0x83, 0x78, 0xd4, 0xdd, 0x35, 0xee, 0xa7, 0x3f, 0xe9, 0x30, 0xe9, 0x6f, 0x3c, 0x2d, 0xf5, 0xa1,
|
||||||
0x20, 0x47, 0xb5, 0x7e, 0x6f, 0x71, 0x02, 0xb1, 0xb1, 0x52, 0x0f, 0xf2, 0x47, 0x63, 0xa5, 0x8e,
|
0xdb, 0x90, 0xa3, 0x5a, 0xbf, 0xb7, 0x38, 0x81, 0xd8, 0x58, 0xa9, 0x07, 0xf9, 0xa3, 0xb1, 0x52,
|
||||||
0x19, 0x04, 0xba, 0x0d, 0x79, 0x76, 0x58, 0xb0, 0x2d, 0x98, 0xeb, 0x7f, 0x4b, 0x33, 0xff, 0x83,
|
0xc7, 0x0c, 0x02, 0xdd, 0x81, 0x3c, 0x3b, 0x2c, 0xd8, 0x16, 0xcc, 0xf5, 0xbf, 0xa5, 0x99, 0xff,
|
||||||
0x05, 0xc1, 0x7e, 0xd9, 0xd8, 0xc5, 0x91, 0xdf, 0x86, 0xf1, 0xc8, 0x3e, 0x45, 0x6f, 0xc1, 0x71,
|
0xc1, 0x82, 0x60, 0xbf, 0x6c, 0xec, 0xe2, 0xc8, 0xef, 0xc2, 0x44, 0x64, 0x9f, 0xa2, 0x77, 0xe0,
|
||||||
0xcd, 0x50, 0x5a, 0x55, 0x45, 0x53, 0xf4, 0x26, 0xf1, 0x1e, 0xd9, 0xcf, 0xa5, 0x5d, 0x08, 0x56,
|
0xb8, 0x66, 0x28, 0xad, 0xaa, 0xa2, 0x29, 0x7a, 0x93, 0x78, 0x8f, 0xec, 0xe7, 0xd2, 0x2e, 0x04,
|
||||||
0x42, 0x7c, 0x62, 0x97, 0xfb, 0xad, 0xb2, 0x30, 0x0d, 0x47, 0x10, 0x65, 0x05, 0x20, 0xf0, 0x11,
|
0x2b, 0x21, 0x3e, 0xb1, 0xcb, 0xfd, 0x56, 0x59, 0x98, 0x86, 0x23, 0x88, 0xb2, 0x02, 0x10, 0xf8,
|
||||||
0xcd, 0x43, 0x9e, 0xad, 0x33, 0x37, 0xfd, 0x17, 0xab, 0x45, 0x66, 0x21, 0x5b, 0x7e, 0x36, 0x76,
|
0x88, 0x4a, 0x90, 0x67, 0xeb, 0xcc, 0x4d, 0xff, 0x63, 0xd5, 0x31, 0x66, 0x21, 0x5b, 0x7e, 0x36,
|
||||||
0xc7, 0xd1, 0x15, 0x00, 0x9b, 0x34, 0x2d, 0x42, 0x79, 0x32, 0x70, 0x9f, 0x3f, 0xfc, 0xb4, 0x57,
|
0x76, 0xc7, 0xd1, 0x15, 0x00, 0x9b, 0x34, 0x2d, 0x42, 0x79, 0x32, 0x70, 0x9f, 0x3f, 0xfc, 0xb4,
|
||||||
0xf7, 0x29, 0x38, 0xc4, 0x25, 0xff, 0x41, 0x82, 0xf1, 0x35, 0x42, 0xdf, 0x31, 0xac, 0x9d, 0x1a,
|
0x57, 0xf7, 0x29, 0x38, 0xc4, 0x25, 0xff, 0x5e, 0x82, 0x89, 0x35, 0x42, 0xdf, 0x33, 0xac, 0x9d,
|
||||||
0x6f, 0xca, 0x1e, 0x41, 0xb2, 0xc5, 0x91, 0x64, 0xfb, 0x42, 0x8f, 0x99, 0x89, 0x58, 0x97, 0x95,
|
0x1a, 0x6f, 0xca, 0x1e, 0x41, 0xb2, 0xc5, 0x91, 0x64, 0xfb, 0x52, 0x8f, 0x99, 0x89, 0x58, 0x97,
|
||||||
0x72, 0x99, 0x1f, 0xa5, 0x08, 0x67, 0x78, 0xef, 0xae, 0x43, 0xde, 0x34, 0x2c, 0xea, 0x1d, 0x9c,
|
0x95, 0x72, 0x99, 0x1f, 0xc5, 0x08, 0x67, 0x78, 0xef, 0xae, 0x43, 0xde, 0x34, 0x2c, 0xea, 0x1d,
|
||||||
0x03, 0x69, 0x64, 0x79, 0x2c, 0x74, 0x74, 0x32, 0x18, 0xec, 0xa2, 0x31, 0x3f, 0xb6, 0x2c, 0xa3,
|
0x9c, 0x03, 0x69, 0x64, 0x79, 0x2c, 0x74, 0x74, 0x32, 0x18, 0xec, 0xa2, 0x31, 0x3f, 0xb6, 0x2c,
|
||||||
0x23, 0x56, 0xeb, 0x60, 0xa8, 0x84, 0x58, 0x81, 0x1f, 0x37, 0x2c, 0xa3, 0x83, 0x39, 0x96, 0xfc,
|
0xa3, 0x23, 0x56, 0xeb, 0x60, 0xa8, 0x84, 0x58, 0x81, 0x1f, 0x37, 0x2d, 0xa3, 0x83, 0x39, 0x96,
|
||||||
0x7b, 0x09, 0xa6, 0x22, 0x9c, 0x47, 0x90, 0x37, 0xef, 0x44, 0xf3, 0xe6, 0xc5, 0x41, 0x1c, 0xc9,
|
0xfc, 0x3b, 0x09, 0xa6, 0x23, 0x9c, 0x47, 0x90, 0x37, 0xef, 0x46, 0xf3, 0xe6, 0xc5, 0x41, 0x1c,
|
||||||
0xc8, 0x9e, 0xff, 0x8c, 0xbb, 0xc1, 0x1c, 0x46, 0x5b, 0x30, 0x66, 0x1a, 0xad, 0xfa, 0x63, 0xe8,
|
0xc9, 0xc8, 0x9e, 0x7f, 0x8f, 0xbb, 0xc1, 0x1c, 0x46, 0x5b, 0x30, 0x6e, 0x1a, 0xad, 0xfa, 0x13,
|
||||||
0x4a, 0x4d, 0xb2, 0x63, 0xa7, 0x16, 0x60, 0xe1, 0x30, 0x30, 0x7a, 0x00, 0x53, 0xba, 0xd2, 0x21,
|
0xe8, 0x4a, 0x4d, 0xb1, 0x63, 0xa7, 0x16, 0x60, 0xe1, 0x30, 0x30, 0x7a, 0x08, 0xd3, 0xba, 0xd2,
|
||||||
0xb6, 0xa9, 0x34, 0x49, 0xfd, 0x31, 0x3c, 0x07, 0x3c, 0xc5, 0x9f, 0xbd, 0xe3, 0x88, 0x38, 0xa9,
|
0x21, 0xb6, 0xa9, 0x34, 0x49, 0xfd, 0x09, 0x3c, 0x07, 0x3c, 0xc3, 0x9f, 0xbd, 0xe3, 0x88, 0x38,
|
||||||
0x44, 0xfe, 0x45, 0xc2, 0x6f, 0xc3, 0xa2, 0xe8, 0x26, 0x14, 0x78, 0x3b, 0xbf, 0x69, 0x68, 0xde,
|
0xa9, 0x44, 0xfe, 0x79, 0xc2, 0x6f, 0xc3, 0xa2, 0xe8, 0x16, 0x14, 0x78, 0x3b, 0xbf, 0x69, 0x68,
|
||||||
0xc3, 0x35, 0x9b, 0x8a, 0x9a, 0x18, 0x7b, 0xb4, 0x37, 0x7f, 0x3a, 0xe5, 0x4d, 0xd2, 0x23, 0x63,
|
0xde, 0xc3, 0x35, 0x9b, 0x8a, 0x9a, 0x18, 0x7b, 0xbc, 0x57, 0x3a, 0x9d, 0xf2, 0x26, 0xe9, 0x91,
|
||||||
0x5f, 0x18, 0xad, 0xc1, 0xb0, 0xf9, 0x45, 0x4e, 0x6c, 0x9e, 0xd4, 0xf9, 0x31, 0xcd, 0x71, 0xe4,
|
0xb1, 0x2f, 0x8c, 0xd6, 0x60, 0xd8, 0xfc, 0x2a, 0x27, 0x36, 0x4f, 0xea, 0xfc, 0x98, 0xe6, 0x38,
|
||||||
0xcf, 0xe3, 0xe6, 0xf2, 0xd4, 0x7e, 0xff, 0xb1, 0x4d, 0x93, 0x5f, 0x21, 0x64, 0x4e, 0xd5, 0x26,
|
0xf2, 0x97, 0x71, 0x73, 0x79, 0x6a, 0x7f, 0xf0, 0xc4, 0xa6, 0xc9, 0xaf, 0x10, 0x32, 0xa7, 0x6a,
|
||||||
0x8c, 0x8a, 0x13, 0x4d, 0xac, 0xbe, 0x57, 0x06, 0x59, 0x7d, 0xe1, 0xac, 0xed, 0xd7, 0xd3, 0xde,
|
0x13, 0x46, 0xc5, 0x89, 0x26, 0x56, 0xdf, 0x6b, 0x83, 0xac, 0xbe, 0x70, 0xd6, 0xf6, 0xeb, 0x69,
|
||||||
0xa0, 0x07, 0x2c, 0xff, 0x49, 0x82, 0x29, 0x6e, 0x40, 0xd3, 0xb1, 0x54, 0xda, 0x3d, 0xb2, 0x3c,
|
0x6f, 0xd0, 0x03, 0x96, 0xff, 0x28, 0xc1, 0x34, 0x37, 0xa0, 0xe9, 0x58, 0x2a, 0xed, 0x1e, 0x59,
|
||||||
0xb7, 0x11, 0xc9, 0x73, 0x2f, 0xf5, 0x70, 0x2c, 0x61, 0x61, 0x66, 0xae, 0xfb, 0x58, 0x82, 0xa7,
|
0x9e, 0xdb, 0x88, 0xe4, 0xb9, 0x57, 0x7a, 0x38, 0x96, 0xb0, 0x30, 0x33, 0xd7, 0x7d, 0x2a, 0xc1,
|
||||||
0x12, 0xdc, 0x47, 0x90, 0x27, 0xd6, 0xa3, 0x79, 0xe2, 0x85, 0x41, 0x1d, 0xca, 0xc8, 0x15, 0x7f,
|
0x33, 0x09, 0xee, 0x23, 0xc8, 0x13, 0xeb, 0xd1, 0x3c, 0xf1, 0xd2, 0xa0, 0x0e, 0x65, 0x55, 0x5a,
|
||||||
0x2b, 0xa6, 0xb8, 0xc3, 0x17, 0xe2, 0x15, 0x00, 0xd3, 0x52, 0x77, 0x55, 0x8d, 0xb4, 0x45, 0x6f,
|
0xe3, 0x29, 0xee, 0xf0, 0x85, 0x78, 0x05, 0xc0, 0xb4, 0xd4, 0x5d, 0x55, 0x23, 0x6d, 0xd1, 0x9b,
|
||||||
0xb2, 0x10, 0x84, 0xbc, 0xe6, 0x53, 0x70, 0x88, 0x0b, 0xd9, 0x30, 0xd3, 0x22, 0x5b, 0x8a, 0xa3,
|
0x2c, 0x04, 0x21, 0xaf, 0xf9, 0x14, 0x1c, 0xe2, 0x42, 0x36, 0xcc, 0xb6, 0xc8, 0x96, 0xe2, 0x68,
|
||||||
0xd1, 0x85, 0x56, 0x6b, 0x51, 0x31, 0x95, 0x4d, 0x55, 0x53, 0xa9, 0x2a, 0x2e, 0x8b, 0xc5, 0xea,
|
0x74, 0xa1, 0xd5, 0x5a, 0x54, 0x4c, 0x65, 0x53, 0xd5, 0x54, 0xaa, 0x8a, 0xcb, 0xe2, 0x58, 0xf5,
|
||||||
0x75, 0xb7, 0x67, 0x98, 0xc6, 0xf1, 0x68, 0x6f, 0xfe, 0x4c, 0x5a, 0x6f, 0xc0, 0x63, 0xe9, 0xe2,
|
0xba, 0xdb, 0x33, 0x4c, 0xe3, 0x78, 0xbc, 0x57, 0x3a, 0x93, 0xd6, 0x1b, 0xf0, 0x58, 0xba, 0x38,
|
||||||
0x0c, 0x68, 0xd4, 0x85, 0x92, 0x45, 0xde, 0x76, 0x54, 0x8b, 0xb4, 0x96, 0x2c, 0xc3, 0x8c, 0xa8,
|
0x03, 0x1a, 0x75, 0xa1, 0x68, 0x91, 0x77, 0x1d, 0xd5, 0x22, 0xad, 0x25, 0xcb, 0x30, 0x23, 0x6a,
|
||||||
0xcd, 0x71, 0xb5, 0x5f, 0xde, 0xdf, 0x9b, 0x2f, 0xe1, 0x0c, 0x9e, 0xde, 0x8a, 0x33, 0xe1, 0xd1,
|
0x73, 0x5c, 0xed, 0xff, 0xee, 0xef, 0x95, 0x8a, 0x38, 0x83, 0xa7, 0xb7, 0xe2, 0x4c, 0x78, 0xf4,
|
||||||
0x7d, 0x98, 0x56, 0x34, 0xcd, 0x78, 0x87, 0x44, 0x9d, 0x1d, 0xe6, 0x5a, 0xaf, 0xed, 0xef, 0xcd,
|
0x00, 0x66, 0x14, 0x4d, 0x33, 0xde, 0x23, 0x51, 0x67, 0x87, 0xb9, 0xd6, 0x6b, 0xfb, 0x7b, 0xa5,
|
||||||
0x4f, 0x2f, 0x24, 0xc9, 0xbd, 0x15, 0xa6, 0x81, 0xa2, 0x0a, 0x8c, 0xee, 0x1a, 0x9a, 0xd3, 0x21,
|
0x99, 0x85, 0x24, 0xb9, 0xb7, 0xc2, 0x34, 0x50, 0x54, 0x81, 0xd1, 0x5d, 0x43, 0x73, 0x3a, 0xc4,
|
||||||
0x76, 0x29, 0xcf, 0xf1, 0x59, 0x62, 0x1c, 0xdd, 0x70, 0x87, 0x1e, 0xed, 0xcd, 0x8f, 0xdc, 0xa8,
|
0x2e, 0xe6, 0x39, 0x3e, 0x4b, 0x8c, 0xa3, 0x1b, 0xee, 0xd0, 0xe3, 0xbd, 0xd2, 0xc8, 0xcd, 0x3a,
|
||||||
0xf3, 0x6b, 0xba, 0xc7, 0xc5, 0xee, 0x27, 0xac, 0x34, 0x11, 0x7b, 0x96, 0xbf, 0x17, 0x16, 0x82,
|
0xbf, 0xa6, 0x7b, 0x5c, 0xec, 0x7e, 0xc2, 0x4a, 0x13, 0xb1, 0x67, 0xf9, 0x7b, 0x61, 0x21, 0x48,
|
||||||
0xa4, 0x70, 0x2b, 0x20, 0xe1, 0x30, 0x1f, 0xba, 0x07, 0xc5, 0x6d, 0x71, 0x27, 0xb5, 0x4b, 0xa3,
|
0x0a, 0xb7, 0x03, 0x12, 0x0e, 0xf3, 0xa1, 0xfb, 0x30, 0xb6, 0x2d, 0xee, 0xa4, 0x76, 0x71, 0xb4,
|
||||||
0x7d, 0x1d, 0x4a, 0x91, 0x3b, 0x6c, 0x75, 0x4a, 0xa8, 0x28, 0x7a, 0xc3, 0x36, 0x0e, 0x10, 0xd1,
|
0xaf, 0x43, 0x29, 0x72, 0x87, 0xad, 0x4e, 0x0b, 0x15, 0x63, 0xde, 0xb0, 0x8d, 0x03, 0x44, 0x74,
|
||||||
0x05, 0x18, 0xe5, 0x3f, 0x96, 0x97, 0xf8, 0x63, 0x4c, 0x21, 0x48, 0x1d, 0xb7, 0xdc, 0x61, 0xec,
|
0x01, 0x46, 0xf9, 0x8f, 0xe5, 0x25, 0xfe, 0x18, 0x53, 0x08, 0x52, 0xc7, 0x6d, 0x77, 0x18, 0x7b,
|
||||||
0xd1, 0x3d, 0xd6, 0xe5, 0xda, 0x22, 0x7f, 0x14, 0x8c, 0xb1, 0x2e, 0xd7, 0x16, 0xb1, 0x47, 0x47,
|
0x74, 0x8f, 0x75, 0xb9, 0xb6, 0xc8, 0x1f, 0x05, 0x63, 0xac, 0xcb, 0xb5, 0x45, 0xec, 0xd1, 0xd1,
|
||||||
0x6f, 0xc1, 0xa8, 0x4d, 0x56, 0x54, 0xdd, 0x79, 0x50, 0x82, 0xbe, 0x5a, 0x8a, 0xf5, 0xd7, 0x39,
|
0x3b, 0x30, 0x6a, 0x93, 0x15, 0x55, 0x77, 0x1e, 0x16, 0xa1, 0xaf, 0x96, 0x62, 0xfd, 0x06, 0xe7,
|
||||||
0x77, 0xec, 0x59, 0x24, 0xd0, 0x20, 0xe8, 0xd8, 0x83, 0x45, 0xdb, 0x50, 0xb4, 0x1c, 0x7d, 0xc1,
|
0x8e, 0x3d, 0x8b, 0x04, 0x1a, 0x04, 0x1d, 0x7b, 0xb0, 0x68, 0x1b, 0xc6, 0x2c, 0x47, 0x5f, 0xb0,
|
||||||
0x5e, 0xb7, 0x89, 0x55, 0x1a, 0xe3, 0x3a, 0x7a, 0x65, 0x4b, 0xec, 0xf1, 0xc7, 0xb5, 0xf8, 0x11,
|
0xd7, 0x6d, 0x62, 0x15, 0xc7, 0xb9, 0x8e, 0x5e, 0xd9, 0x12, 0x7b, 0xfc, 0x71, 0x2d, 0x7e, 0x84,
|
||||||
0xf2, 0x39, 0x70, 0x00, 0x8e, 0xbe, 0x2f, 0x01, 0xb2, 0x1d, 0xd3, 0xd4, 0x48, 0x87, 0xe8, 0x54,
|
0x7c, 0x0e, 0x1c, 0x80, 0xa3, 0xef, 0x49, 0x80, 0x6c, 0xc7, 0x34, 0x35, 0xd2, 0x21, 0x3a, 0x55,
|
||||||
0xd1, 0xf8, 0x4b, 0x8c, 0x5d, 0x3a, 0xce, 0x75, 0x7e, 0xb5, 0x97, 0x5f, 0x09, 0xc1, 0xb8, 0x72,
|
0x34, 0xfe, 0x12, 0x63, 0x17, 0x8f, 0x73, 0x9d, 0xff, 0xdf, 0xcb, 0xaf, 0x84, 0x60, 0x5c, 0xb9,
|
||||||
0xff, 0xc9, 0x33, 0xc9, 0x8a, 0x53, 0xf4, 0xb2, 0xd0, 0x6e, 0xd9, 0xfc, 0xef, 0xd2, 0x78, 0x5f,
|
0xff, 0xe4, 0x99, 0x64, 0xc5, 0x29, 0x7a, 0x59, 0x68, 0xb7, 0x6c, 0xfe, 0x77, 0x71, 0xa2, 0xaf,
|
||||||
0xa1, 0x4d, 0x7f, 0x71, 0x0a, 0x42, 0x2b, 0xe8, 0xd8, 0x83, 0x45, 0x1b, 0x30, 0x63, 0x11, 0xa5,
|
0xd0, 0xa6, 0xbf, 0x38, 0x05, 0xa1, 0x15, 0x74, 0xec, 0xc1, 0xa2, 0x0d, 0x98, 0xb5, 0x88, 0xd2,
|
||||||
0x75, 0x5b, 0xd7, 0xba, 0xd8, 0x30, 0xe8, 0x0d, 0x55, 0x23, 0x76, 0xd7, 0xa6, 0xa4, 0x53, 0x9a,
|
0xba, 0xa3, 0x6b, 0x5d, 0x6c, 0x18, 0xf4, 0xa6, 0xaa, 0x11, 0xbb, 0x6b, 0x53, 0xd2, 0x29, 0x4e,
|
||||||
0xe0, 0xd3, 0xee, 0xb7, 0xe4, 0x71, 0x2a, 0x17, 0xce, 0x90, 0xe6, 0xdd, 0x5f, 0xf1, 0x16, 0x78,
|
0xf2, 0x69, 0xf7, 0x5b, 0xf2, 0x38, 0x95, 0x0b, 0x67, 0x48, 0xa3, 0x0e, 0x94, 0xbc, 0x94, 0xc1,
|
||||||
0x34, 0x9f, 0x5b, 0x0d, 0xd6, 0xfd, 0x0d, 0x4c, 0x7b, 0x6c, 0xdd, 0xdf, 0x10, 0xe4, 0xc1, 0xcf,
|
0xf6, 0x93, 0x9f, 0xb3, 0x6e, 0xd8, 0x4d, 0x45, 0x73, 0x5f, 0x81, 0xa7, 0xb8, 0x82, 0x17, 0xf6,
|
||||||
0x19, 0xff, 0x18, 0x82, 0xe9, 0x80, 0xb9, 0xef, 0xee, 0x6f, 0x8a, 0xc8, 0x13, 0xeb, 0xfe, 0xa6,
|
0xf7, 0x4a, 0xa5, 0xa5, 0x83, 0x59, 0x71, 0x2f, 0x2c, 0xf4, 0x36, 0x14, 0x95, 0x2c, 0x3d, 0x27,
|
||||||
0xb7, 0x4f, 0x73, 0x4f, 0xba, 0x7d, 0xfa, 0x04, 0xba, 0xce, 0xbc, 0x23, 0x1b, 0x84, 0xee, 0xbf,
|
0xb8, 0x9e, 0xb3, 0xc2, 0x91, 0x62, 0xa6, 0x92, 0x4c, 0x04, 0xde, 0xca, 0x16, 0x0f, 0x9b, 0x47,
|
||||||
0xaf, 0x23, 0x1b, 0xd8, 0x96, 0x51, 0x25, 0xfc, 0x6a, 0x28, 0xec, 0xc0, 0xff, 0x7c, 0x5b, 0xf0,
|
0xf3, 0xed, 0xd8, 0x60, 0xad, 0xec, 0xc0, 0xb4, 0x27, 0xd6, 0xca, 0x0e, 0x41, 0x1e, 0xfc, 0x36,
|
||||||
0x8b, 0x7f, 0x93, 0x26, 0x7f, 0x9c, 0x83, 0x13, 0xf1, 0xdd, 0x18, 0xe9, 0x1e, 0x49, 0x3d, 0xbb,
|
0xf3, 0xb7, 0x21, 0x98, 0x09, 0x98, 0xfb, 0x6e, 0x65, 0xa7, 0x88, 0x3c, 0xb5, 0x56, 0x76, 0x7a,
|
||||||
0x47, 0x35, 0x38, 0xb9, 0xe5, 0x68, 0x5a, 0x97, 0x87, 0x21, 0xd4, 0x42, 0x72, 0x5f, 0x7f, 0x9f,
|
0x2f, 0x38, 0xf7, 0xb4, 0x7b, 0xc1, 0x4f, 0xa1, 0x85, 0xce, 0xdb, 0xcb, 0x41, 0xe8, 0xfe, 0xfd,
|
||||||
0x11, 0x92, 0x27, 0x6f, 0xa4, 0xf0, 0xe0, 0x54, 0xc9, 0x8c, 0x4e, 0x58, 0xee, 0x50, 0x9d, 0xb0,
|
0xda, 0xcb, 0x81, 0x6d, 0x19, 0x25, 0xcf, 0x2f, 0x87, 0xc2, 0x0e, 0xfc, 0xc7, 0xf7, 0x38, 0xbf,
|
||||||
0x44, 0x63, 0x66, 0x78, 0x80, 0xc6, 0x4c, 0x6a, 0x57, 0x2b, 0x7f, 0x88, 0xae, 0xd6, 0x61, 0xda,
|
0xfa, 0x07, 0x76, 0xf2, 0xa7, 0x39, 0x38, 0x11, 0xdf, 0x8d, 0x91, 0x56, 0x98, 0xd4, 0xb3, 0x15,
|
||||||
0x50, 0x29, 0x49, 0xac, 0x57, 0x1b, 0x4a, 0x7e, 0x06, 0x66, 0x85, 0x18, 0xe5, 0x1d, 0x22, 0x9d,
|
0x56, 0x83, 0x93, 0x5b, 0x8e, 0xa6, 0x75, 0x79, 0x18, 0x42, 0xfd, 0x30, 0xf7, 0x29, 0xfb, 0x39,
|
||||||
0x5a, 0x86, 0xa6, 0x11, 0x6b, 0xc9, 0xe9, 0x74, 0xba, 0xf2, 0x6b, 0x30, 0x11, 0xed, 0x7d, 0xba,
|
0x21, 0x79, 0xf2, 0x66, 0x0a, 0x0f, 0x4e, 0x95, 0xcc, 0x68, 0xeb, 0xe5, 0x0e, 0xd5, 0xd6, 0x4b,
|
||||||
0x33, 0xed, 0xb6, 0x5f, 0xc5, 0x1b, 0x7c, 0x68, 0xa6, 0xdd, 0x71, 0xec, 0x73, 0xc8, 0xef, 0x4a,
|
0x74, 0x99, 0x86, 0x07, 0xe8, 0x32, 0xa5, 0xb6, 0xe8, 0xf2, 0x87, 0x68, 0xd1, 0x1d, 0xa6, 0xa7,
|
||||||
0x30, 0x93, 0xfe, 0x8d, 0x13, 0xd2, 0x60, 0xa2, 0xa3, 0x3c, 0x08, 0x7f, 0x10, 0x26, 0x1d, 0xf2,
|
0x96, 0x92, 0xc4, 0x7a, 0xf5, 0xd4, 0xe4, 0xe7, 0x60, 0x4e, 0x88, 0x51, 0xde, 0xee, 0xd2, 0xa9,
|
||||||
0xfa, 0xc9, 0x9b, 0x5e, 0xab, 0x11, 0x2c, 0x1c, 0xc3, 0x66, 0x57, 0xd2, 0x53, 0x19, 0xed, 0xa6,
|
0x65, 0x68, 0x1a, 0xb1, 0x96, 0x9c, 0x4e, 0xa7, 0x2b, 0xbf, 0x01, 0x93, 0xd1, 0x46, 0xae, 0x3b,
|
||||||
0xa3, 0xb5, 0x04, 0xdd, 0x85, 0x42, 0x47, 0x79, 0x50, 0x77, 0xac, 0x36, 0x39, 0xf4, 0x85, 0x9b,
|
0xd3, 0x6e, 0x2f, 0x59, 0x34, 0x14, 0x42, 0x33, 0xed, 0x8e, 0x63, 0x9f, 0x43, 0x7e, 0x5f, 0x82,
|
||||||
0x67, 0x8c, 0x55, 0x81, 0x82, 0x7d, 0x3c, 0xf9, 0x03, 0x09, 0x4a, 0x59, 0xb5, 0x19, 0xba, 0x1a,
|
0xd9, 0xf4, 0x0f, 0xb6, 0x90, 0x06, 0x93, 0x1d, 0xe5, 0x61, 0xf8, 0xeb, 0x36, 0xe9, 0x90, 0x77,
|
||||||
0x69, 0x8c, 0x3d, 0x1b, 0x6b, 0x8c, 0x4d, 0x25, 0xe4, 0x9e, 0x50, 0x5b, 0xec, 0x97, 0x12, 0xcc,
|
0x69, 0xde, 0xc1, 0x5b, 0x8d, 0x60, 0xe1, 0x18, 0x36, 0xbb, 0x5f, 0x9f, 0xca, 0xe8, 0x9d, 0x1d,
|
||||||
0xa4, 0xd7, 0xa8, 0xe8, 0xc5, 0x88, 0x85, 0xf3, 0x31, 0x0b, 0x27, 0x63, 0x52, 0xc2, 0xbe, 0x6f,
|
0xad, 0x25, 0xe8, 0x1e, 0x14, 0x3a, 0xca, 0xc3, 0xba, 0x63, 0xb5, 0xc9, 0xa1, 0x5f, 0x0f, 0x78,
|
||||||
0xc1, 0x84, 0xa8, 0x64, 0x05, 0x8c, 0x88, 0xaa, 0x9c, 0x96, 0x2b, 0x05, 0x84, 0x57, 0xb9, 0xf1,
|
0xc6, 0x58, 0x15, 0x28, 0xd8, 0xc7, 0x93, 0x3f, 0x92, 0xa0, 0x98, 0x55, 0x68, 0xa2, 0xab, 0x91,
|
||||||
0xf9, 0x8a, 0x8e, 0xe1, 0x18, 0x9a, 0xfc, 0xbd, 0x21, 0xc8, 0xd7, 0x9b, 0x8a, 0x46, 0x8e, 0xa0,
|
0x2e, 0xdf, 0xf3, 0xb1, 0x2e, 0xdf, 0x74, 0x42, 0xee, 0x29, 0xf5, 0xf8, 0x7e, 0x21, 0xc1, 0x6c,
|
||||||
0xcc, 0x7a, 0x23, 0x52, 0x66, 0xf5, 0xfa, 0x78, 0x9b, 0x5b, 0x95, 0x59, 0x61, 0xe1, 0x58, 0x85,
|
0x7a, 0xc1, 0x8d, 0x5e, 0x8e, 0x58, 0x58, 0x8a, 0x59, 0x38, 0x15, 0x93, 0x12, 0xf6, 0x7d, 0x13,
|
||||||
0xf5, 0x7c, 0x5f, 0x68, 0x07, 0x17, 0x57, 0x5f, 0x82, 0xa2, 0xaf, 0x74, 0xb0, 0x9c, 0x2f, 0xff,
|
0x26, 0x45, 0x59, 0x2e, 0x60, 0x44, 0x54, 0xe5, 0xb4, 0x5c, 0x29, 0x20, 0xbc, 0x32, 0x94, 0xcf,
|
||||||
0x6c, 0x08, 0xc6, 0x42, 0x2a, 0x06, 0x3c, 0x31, 0xb6, 0x22, 0x27, 0x6d, 0x3f, 0xff, 0xc6, 0x11,
|
0x57, 0x74, 0x0c, 0xc7, 0xd0, 0xe4, 0xef, 0x0e, 0x41, 0xbe, 0xde, 0x54, 0x34, 0x72, 0x04, 0x65,
|
||||||
0xd2, 0x55, 0xf6, 0xce, 0x56, 0xf7, 0x1b, 0xa7, 0xe0, 0xab, 0x96, 0xe4, 0x91, 0xfb, 0x1a, 0x4c,
|
0xd6, 0x9b, 0x91, 0x32, 0xab, 0xd7, 0x97, 0xe8, 0xdc, 0xaa, 0xcc, 0x0a, 0x0b, 0xc7, 0x2a, 0xac,
|
||||||
0x50, 0xfe, 0x6f, 0x0e, 0xfe, 0x33, 0x55, 0x8e, 0xaf, 0x45, 0xff, 0xcb, 0xb8, 0x46, 0x84, 0x8a,
|
0x17, 0xfb, 0x42, 0x3b, 0xb8, 0xb8, 0xfa, 0x1f, 0x18, 0xf3, 0x95, 0x0e, 0x96, 0xf3, 0xe5, 0x9f,
|
||||||
0x63, 0xdc, 0xb3, 0xd7, 0x61, 0x3c, 0xa2, 0x6c, 0xa0, 0x4f, 0x94, 0x7e, 0x2d, 0xc1, 0xb3, 0x3d,
|
0x0e, 0xc1, 0x78, 0x48, 0xc5, 0x80, 0x27, 0xc6, 0x56, 0xe4, 0xa4, 0xed, 0xe7, 0x7f, 0x52, 0x42,
|
||||||
0x6f, 0x39, 0xa8, 0x1a, 0xd9, 0x24, 0xe5, 0xd8, 0x26, 0x99, 0xcb, 0x06, 0x78, 0x82, 0xad, 0xee,
|
0xba, 0xca, 0xde, 0xd9, 0xea, 0x7e, 0xb0, 0x15, 0x7c, 0xa2, 0x93, 0x3c, 0x72, 0xdf, 0x80, 0x49,
|
||||||
0x77, 0x87, 0x00, 0x35, 0xb6, 0x55, 0xab, 0x55, 0x53, 0x2c, 0xda, 0xc5, 0xe2, 0x7f, 0x55, 0x8e,
|
0xca, 0xff, 0x67, 0xc3, 0x7f, 0x73, 0xcb, 0xf1, 0xb5, 0xe8, 0x7f, 0xe6, 0xd7, 0x88, 0x50, 0x71,
|
||||||
0x60, 0xc3, 0x5c, 0x85, 0xb1, 0x16, 0xb1, 0x9b, 0x96, 0xca, 0x83, 0x23, 0xaa, 0x73, 0xff, 0x25,
|
0x8c, 0x7b, 0xee, 0x3a, 0x4c, 0x44, 0x94, 0x0d, 0xf4, 0xbd, 0xd5, 0xaf, 0x24, 0x78, 0xbe, 0xe7,
|
||||||
0x60, 0x29, 0x20, 0xe1, 0x30, 0x1f, 0x7a, 0x13, 0x0a, 0xbb, 0xee, 0x3f, 0x3f, 0x79, 0x8d, 0x9c,
|
0x95, 0x0d, 0x55, 0x23, 0x9b, 0xa4, 0x1c, 0xdb, 0x24, 0xf3, 0xd9, 0x00, 0x4f, 0xb1, 0x6f, 0xff,
|
||||||
0x5e, 0x85, 0x64, 0xf0, 0xef, 0x52, 0xc1, 0xfa, 0x11, 0x03, 0x36, 0xf6, 0xc1, 0xe4, 0xf7, 0x25,
|
0xfe, 0x10, 0xa0, 0xc6, 0xb6, 0x6a, 0xb5, 0x6a, 0x8a, 0x45, 0xbb, 0x58, 0xfc, 0xe3, 0xcd, 0x11,
|
||||||
0x98, 0x49, 0x06, 0x62, 0x89, 0x99, 0xfa, 0xe4, 0x83, 0xf1, 0x0c, 0x0c, 0x73, 0x74, 0x16, 0x85,
|
0x6c, 0x98, 0xab, 0x30, 0xde, 0x22, 0x76, 0xd3, 0x52, 0x79, 0x70, 0x44, 0x75, 0xee, 0x3f, 0x6b,
|
||||||
0xe3, 0xee, 0xa3, 0x2c, 0xd3, 0x8c, 0xf9, 0xa8, 0xfc, 0x17, 0x09, 0x66, 0xd3, 0x4d, 0x3b, 0x82,
|
0x2c, 0x05, 0x24, 0x1c, 0xe6, 0x43, 0x6f, 0x41, 0x61, 0xd7, 0xfd, 0x4f, 0x2e, 0xaf, 0x2b, 0xd5,
|
||||||
0xb2, 0xfd, 0x6e, 0xb4, 0x6c, 0xef, 0x75, 0xd1, 0x4e, 0xb7, 0x33, 0xa3, 0x84, 0xff, 0x73, 0x6a,
|
0xab, 0x90, 0x0c, 0xfe, 0xf7, 0x2b, 0x58, 0x3f, 0x62, 0xc0, 0xc6, 0x3e, 0x98, 0xfc, 0xa1, 0x04,
|
||||||
0xcc, 0x8f, 0xc0, 0xa9, 0x8d, 0xa8, 0x53, 0x97, 0x07, 0x76, 0x2a, 0xdd, 0xa1, 0xea, 0xa5, 0x87,
|
0xb3, 0xc9, 0x40, 0x2c, 0x31, 0x53, 0x9f, 0x7e, 0x30, 0x9e, 0x83, 0x61, 0x8e, 0xce, 0xa2, 0x70,
|
||||||
0x9f, 0xcd, 0x1d, 0xfb, 0xe4, 0xb3, 0xb9, 0x63, 0x9f, 0x7e, 0x36, 0x77, 0xec, 0xbb, 0xfb, 0x73,
|
0xdc, 0x7d, 0x61, 0x66, 0x9a, 0x31, 0x1f, 0x95, 0xff, 0x2c, 0xc1, 0x5c, 0xba, 0x69, 0x47, 0x50,
|
||||||
0xd2, 0xc3, 0xfd, 0x39, 0xe9, 0x93, 0xfd, 0x39, 0xe9, 0xd3, 0xfd, 0x39, 0xe9, 0xef, 0xfb, 0x73,
|
0xb6, 0xdf, 0x8b, 0x96, 0xed, 0xbd, 0x5e, 0x0d, 0xd2, 0xed, 0xcc, 0x28, 0xe1, 0xff, 0x94, 0x1a,
|
||||||
0xd2, 0x8f, 0x3e, 0x9f, 0x3b, 0x76, 0x77, 0x54, 0xe0, 0xfe, 0x27, 0x00, 0x00, 0xff, 0xff, 0x27,
|
0xf3, 0x23, 0x70, 0x6a, 0x23, 0xea, 0xd4, 0xe5, 0x81, 0x9d, 0x4a, 0x77, 0xa8, 0x7a, 0xe9, 0xd1,
|
||||||
0x77, 0x47, 0x4b, 0xbc, 0x39, 0x00, 0x00,
|
0x17, 0xf3, 0xc7, 0x3e, 0xfb, 0x62, 0xfe, 0xd8, 0xe7, 0x5f, 0xcc, 0x1f, 0xfb, 0xce, 0xfe, 0xbc,
|
||||||
|
0xf4, 0x68, 0x7f, 0x5e, 0xfa, 0x6c, 0x7f, 0x5e, 0xfa, 0x7c, 0x7f, 0x5e, 0xfa, 0xeb, 0xfe, 0xbc,
|
||||||
|
0xf4, 0xc3, 0x2f, 0xe7, 0x8f, 0xdd, 0x1b, 0x15, 0xb8, 0xff, 0x0a, 0x00, 0x00, 0xff, 0xff, 0xc0,
|
||||||
|
0x14, 0x27, 0xd4, 0x89, 0x3a, 0x00, 0x00,
|
||||||
}
|
}
|
||||||
|
@@ -723,6 +723,16 @@ message PodSecurityPolicySpec {
|
|||||||
// will not be forced to.
|
// will not be forced to.
|
||||||
// +optional
|
// +optional
|
||||||
optional bool readOnlyRootFilesystem = 14;
|
optional bool readOnlyRootFilesystem = 14;
|
||||||
|
|
||||||
|
// DefaultAllowPrivilegeEscalation controls the default setting for whether a
|
||||||
|
// process can gain more privileges than it's parent process.
|
||||||
|
// +optional
|
||||||
|
optional bool defaultAllowPrivilegeEscalation = 15;
|
||||||
|
|
||||||
|
// AllowPrivilegeEscalation determines if a pod can request to allow
|
||||||
|
// privilege escalation.
|
||||||
|
// +optional
|
||||||
|
optional bool allowPrivilegeEscalation = 16;
|
||||||
}
|
}
|
||||||
|
|
||||||
// ReplicaSet represents the configuration of a ReplicaSet.
|
// ReplicaSet represents the configuration of a ReplicaSet.
|
||||||
|
@@ -14751,7 +14751,7 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) {
|
|||||||
} else {
|
} else {
|
||||||
yysep2 := !z.EncBinary()
|
yysep2 := !z.EncBinary()
|
||||||
yy2arr2 := z.EncBasicHandle().StructToArray
|
yy2arr2 := z.EncBasicHandle().StructToArray
|
||||||
var yyq2 [14]bool
|
var yyq2 [16]bool
|
||||||
_, _, _ = yysep2, yyq2, yy2arr2
|
_, _, _ = yysep2, yyq2, yy2arr2
|
||||||
const yyr2 bool = false
|
const yyr2 bool = false
|
||||||
yyq2[0] = x.Privileged != false
|
yyq2[0] = x.Privileged != false
|
||||||
@@ -14764,9 +14764,11 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) {
|
|||||||
yyq2[7] = x.HostPID != false
|
yyq2[7] = x.HostPID != false
|
||||||
yyq2[8] = x.HostIPC != false
|
yyq2[8] = x.HostIPC != false
|
||||||
yyq2[13] = x.ReadOnlyRootFilesystem != false
|
yyq2[13] = x.ReadOnlyRootFilesystem != false
|
||||||
|
yyq2[14] = x.DefaultAllowPrivilegeEscalation != nil
|
||||||
|
yyq2[15] = x.AllowPrivilegeEscalation != false
|
||||||
var yynn2 int
|
var yynn2 int
|
||||||
if yyr2 || yy2arr2 {
|
if yyr2 || yy2arr2 {
|
||||||
r.EncodeArrayStart(14)
|
r.EncodeArrayStart(16)
|
||||||
} else {
|
} else {
|
||||||
yynn2 = 4
|
yynn2 = 4
|
||||||
for _, b := range yyq2 {
|
for _, b := range yyq2 {
|
||||||
@@ -15111,6 +15113,66 @@ func (x *PodSecurityPolicySpec) CodecEncodeSelf(e *codec1978.Encoder) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if yyq2[14] {
|
||||||
|
if x.DefaultAllowPrivilegeEscalation == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
yy54 := *x.DefaultAllowPrivilegeEscalation
|
||||||
|
yym55 := z.EncBinary()
|
||||||
|
_ = yym55
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
r.EncodeBool(bool(yy54))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
r.EncodeNil()
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if yyq2[14] {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string("defaultAllowPrivilegeEscalation"))
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
if x.DefaultAllowPrivilegeEscalation == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
yy56 := *x.DefaultAllowPrivilegeEscalation
|
||||||
|
yym57 := z.EncBinary()
|
||||||
|
_ = yym57
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
r.EncodeBool(bool(yy56))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if yyq2[15] {
|
||||||
|
yym59 := z.EncBinary()
|
||||||
|
_ = yym59
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
r.EncodeBool(bool(x.AllowPrivilegeEscalation))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
r.EncodeBool(false)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if yyq2[15] {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string("allowPrivilegeEscalation"))
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
yym60 := z.EncBinary()
|
||||||
|
_ = yym60
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
r.EncodeBool(bool(x.AllowPrivilegeEscalation))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
if yyr2 || yy2arr2 {
|
if yyr2 || yy2arr2 {
|
||||||
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
} else {
|
} else {
|
||||||
@@ -15320,6 +15382,34 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromMap(l int, d *codec1978.Decod
|
|||||||
*((*bool)(yyv26)) = r.DecodeBool()
|
*((*bool)(yyv26)) = r.DecodeBool()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
case "defaultAllowPrivilegeEscalation":
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
if x.DefaultAllowPrivilegeEscalation != nil {
|
||||||
|
x.DefaultAllowPrivilegeEscalation = nil
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if x.DefaultAllowPrivilegeEscalation == nil {
|
||||||
|
x.DefaultAllowPrivilegeEscalation = new(bool)
|
||||||
|
}
|
||||||
|
yym29 := z.DecBinary()
|
||||||
|
_ = yym29
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*bool)(x.DefaultAllowPrivilegeEscalation)) = r.DecodeBool()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
case "allowPrivilegeEscalation":
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.AllowPrivilegeEscalation = false
|
||||||
|
} else {
|
||||||
|
yyv30 := &x.AllowPrivilegeEscalation
|
||||||
|
yym31 := z.DecBinary()
|
||||||
|
_ = yym31
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*bool)(yyv30)) = r.DecodeBool()
|
||||||
|
}
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
z.DecStructFieldNotFound(-1, yys3)
|
z.DecStructFieldNotFound(-1, yys3)
|
||||||
} // end switch yys3
|
} // end switch yys3
|
||||||
@@ -15331,16 +15421,16 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
var h codecSelfer1234
|
var h codecSelfer1234
|
||||||
z, r := codec1978.GenHelperDecoder(d)
|
z, r := codec1978.GenHelperDecoder(d)
|
||||||
_, _, _ = h, z, r
|
_, _, _ = h, z, r
|
||||||
var yyj28 int
|
var yyj32 int
|
||||||
var yyb28 bool
|
var yyb32 bool
|
||||||
var yyhl28 bool = l >= 0
|
var yyhl32 bool = l >= 0
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -15348,21 +15438,21 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
if r.TryDecodeAsNil() {
|
if r.TryDecodeAsNil() {
|
||||||
x.Privileged = false
|
x.Privileged = false
|
||||||
} else {
|
} else {
|
||||||
yyv29 := &x.Privileged
|
yyv33 := &x.Privileged
|
||||||
yym30 := z.DecBinary()
|
yym34 := z.DecBinary()
|
||||||
_ = yym30
|
_ = yym34
|
||||||
if false {
|
if false {
|
||||||
} else {
|
} else {
|
||||||
*((*bool)(yyv29)) = r.DecodeBool()
|
*((*bool)(yyv33)) = r.DecodeBool()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -15370,51 +15460,7 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
if r.TryDecodeAsNil() {
|
if r.TryDecodeAsNil() {
|
||||||
x.DefaultAddCapabilities = nil
|
x.DefaultAddCapabilities = nil
|
||||||
} else {
|
} else {
|
||||||
yyv31 := &x.DefaultAddCapabilities
|
yyv35 := &x.DefaultAddCapabilities
|
||||||
yym32 := z.DecBinary()
|
|
||||||
_ = yym32
|
|
||||||
if false {
|
|
||||||
} else {
|
|
||||||
h.decSlicev1_Capability((*[]pkg4_v1.Capability)(yyv31), d)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
yyj28++
|
|
||||||
if yyhl28 {
|
|
||||||
yyb28 = yyj28 > l
|
|
||||||
} else {
|
|
||||||
yyb28 = r.CheckBreak()
|
|
||||||
}
|
|
||||||
if yyb28 {
|
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
|
||||||
if r.TryDecodeAsNil() {
|
|
||||||
x.RequiredDropCapabilities = nil
|
|
||||||
} else {
|
|
||||||
yyv33 := &x.RequiredDropCapabilities
|
|
||||||
yym34 := z.DecBinary()
|
|
||||||
_ = yym34
|
|
||||||
if false {
|
|
||||||
} else {
|
|
||||||
h.decSlicev1_Capability((*[]pkg4_v1.Capability)(yyv33), d)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
yyj28++
|
|
||||||
if yyhl28 {
|
|
||||||
yyb28 = yyj28 > l
|
|
||||||
} else {
|
|
||||||
yyb28 = r.CheckBreak()
|
|
||||||
}
|
|
||||||
if yyb28 {
|
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
|
||||||
if r.TryDecodeAsNil() {
|
|
||||||
x.AllowedCapabilities = nil
|
|
||||||
} else {
|
|
||||||
yyv35 := &x.AllowedCapabilities
|
|
||||||
yym36 := z.DecBinary()
|
yym36 := z.DecBinary()
|
||||||
_ = yym36
|
_ = yym36
|
||||||
if false {
|
if false {
|
||||||
@@ -15422,13 +15468,57 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
h.decSlicev1_Capability((*[]pkg4_v1.Capability)(yyv35), d)
|
h.decSlicev1_Capability((*[]pkg4_v1.Capability)(yyv35), d)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.RequiredDropCapabilities = nil
|
||||||
|
} else {
|
||||||
|
yyv37 := &x.RequiredDropCapabilities
|
||||||
|
yym38 := z.DecBinary()
|
||||||
|
_ = yym38
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
h.decSlicev1_Capability((*[]pkg4_v1.Capability)(yyv37), d)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
yyj32++
|
||||||
|
if yyhl32 {
|
||||||
|
yyb32 = yyj32 > l
|
||||||
|
} else {
|
||||||
|
yyb32 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb32 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.AllowedCapabilities = nil
|
||||||
|
} else {
|
||||||
|
yyv39 := &x.AllowedCapabilities
|
||||||
|
yym40 := z.DecBinary()
|
||||||
|
_ = yym40
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
h.decSlicev1_Capability((*[]pkg4_v1.Capability)(yyv39), d)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
yyj32++
|
||||||
|
if yyhl32 {
|
||||||
|
yyb32 = yyj32 > l
|
||||||
|
} else {
|
||||||
|
yyb32 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb32 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -15436,21 +15526,21 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
if r.TryDecodeAsNil() {
|
if r.TryDecodeAsNil() {
|
||||||
x.Volumes = nil
|
x.Volumes = nil
|
||||||
} else {
|
} else {
|
||||||
yyv37 := &x.Volumes
|
yyv41 := &x.Volumes
|
||||||
yym38 := z.DecBinary()
|
yym42 := z.DecBinary()
|
||||||
_ = yym38
|
_ = yym42
|
||||||
if false {
|
if false {
|
||||||
} else {
|
} else {
|
||||||
h.decSliceFSType((*[]FSType)(yyv37), d)
|
h.decSliceFSType((*[]FSType)(yyv41), d)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -15458,51 +15548,7 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
if r.TryDecodeAsNil() {
|
if r.TryDecodeAsNil() {
|
||||||
x.HostNetwork = false
|
x.HostNetwork = false
|
||||||
} else {
|
} else {
|
||||||
yyv39 := &x.HostNetwork
|
yyv43 := &x.HostNetwork
|
||||||
yym40 := z.DecBinary()
|
|
||||||
_ = yym40
|
|
||||||
if false {
|
|
||||||
} else {
|
|
||||||
*((*bool)(yyv39)) = r.DecodeBool()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
yyj28++
|
|
||||||
if yyhl28 {
|
|
||||||
yyb28 = yyj28 > l
|
|
||||||
} else {
|
|
||||||
yyb28 = r.CheckBreak()
|
|
||||||
}
|
|
||||||
if yyb28 {
|
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
|
||||||
if r.TryDecodeAsNil() {
|
|
||||||
x.HostPorts = nil
|
|
||||||
} else {
|
|
||||||
yyv41 := &x.HostPorts
|
|
||||||
yym42 := z.DecBinary()
|
|
||||||
_ = yym42
|
|
||||||
if false {
|
|
||||||
} else {
|
|
||||||
h.decSliceHostPortRange((*[]HostPortRange)(yyv41), d)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
yyj28++
|
|
||||||
if yyhl28 {
|
|
||||||
yyb28 = yyj28 > l
|
|
||||||
} else {
|
|
||||||
yyb28 = r.CheckBreak()
|
|
||||||
}
|
|
||||||
if yyb28 {
|
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
|
||||||
if r.TryDecodeAsNil() {
|
|
||||||
x.HostPID = false
|
|
||||||
} else {
|
|
||||||
yyv43 := &x.HostPID
|
|
||||||
yym44 := z.DecBinary()
|
yym44 := z.DecBinary()
|
||||||
_ = yym44
|
_ = yym44
|
||||||
if false {
|
if false {
|
||||||
@@ -15510,13 +15556,57 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
*((*bool)(yyv43)) = r.DecodeBool()
|
*((*bool)(yyv43)) = r.DecodeBool()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.HostPorts = nil
|
||||||
|
} else {
|
||||||
|
yyv45 := &x.HostPorts
|
||||||
|
yym46 := z.DecBinary()
|
||||||
|
_ = yym46
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
h.decSliceHostPortRange((*[]HostPortRange)(yyv45), d)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
yyj32++
|
||||||
|
if yyhl32 {
|
||||||
|
yyb32 = yyj32 > l
|
||||||
|
} else {
|
||||||
|
yyb32 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb32 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.HostPID = false
|
||||||
|
} else {
|
||||||
|
yyv47 := &x.HostPID
|
||||||
|
yym48 := z.DecBinary()
|
||||||
|
_ = yym48
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*bool)(yyv47)) = r.DecodeBool()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
yyj32++
|
||||||
|
if yyhl32 {
|
||||||
|
yyb32 = yyj32 > l
|
||||||
|
} else {
|
||||||
|
yyb32 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb32 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -15524,21 +15614,21 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
if r.TryDecodeAsNil() {
|
if r.TryDecodeAsNil() {
|
||||||
x.HostIPC = false
|
x.HostIPC = false
|
||||||
} else {
|
} else {
|
||||||
yyv45 := &x.HostIPC
|
yyv49 := &x.HostIPC
|
||||||
yym46 := z.DecBinary()
|
yym50 := z.DecBinary()
|
||||||
_ = yym46
|
_ = yym50
|
||||||
if false {
|
if false {
|
||||||
} else {
|
} else {
|
||||||
*((*bool)(yyv45)) = r.DecodeBool()
|
*((*bool)(yyv49)) = r.DecodeBool()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -15546,16 +15636,16 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
if r.TryDecodeAsNil() {
|
if r.TryDecodeAsNil() {
|
||||||
x.SELinux = SELinuxStrategyOptions{}
|
x.SELinux = SELinuxStrategyOptions{}
|
||||||
} else {
|
} else {
|
||||||
yyv47 := &x.SELinux
|
yyv51 := &x.SELinux
|
||||||
yyv47.CodecDecodeSelf(d)
|
yyv51.CodecDecodeSelf(d)
|
||||||
}
|
}
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -15563,16 +15653,16 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
if r.TryDecodeAsNil() {
|
if r.TryDecodeAsNil() {
|
||||||
x.RunAsUser = RunAsUserStrategyOptions{}
|
x.RunAsUser = RunAsUserStrategyOptions{}
|
||||||
} else {
|
} else {
|
||||||
yyv48 := &x.RunAsUser
|
yyv52 := &x.RunAsUser
|
||||||
yyv48.CodecDecodeSelf(d)
|
yyv52.CodecDecodeSelf(d)
|
||||||
}
|
}
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -15580,16 +15670,16 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
if r.TryDecodeAsNil() {
|
if r.TryDecodeAsNil() {
|
||||||
x.SupplementalGroups = SupplementalGroupsStrategyOptions{}
|
x.SupplementalGroups = SupplementalGroupsStrategyOptions{}
|
||||||
} else {
|
} else {
|
||||||
yyv49 := &x.SupplementalGroups
|
yyv53 := &x.SupplementalGroups
|
||||||
yyv49.CodecDecodeSelf(d)
|
yyv53.CodecDecodeSelf(d)
|
||||||
}
|
}
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -15597,16 +15687,16 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
if r.TryDecodeAsNil() {
|
if r.TryDecodeAsNil() {
|
||||||
x.FSGroup = FSGroupStrategyOptions{}
|
x.FSGroup = FSGroupStrategyOptions{}
|
||||||
} else {
|
} else {
|
||||||
yyv50 := &x.FSGroup
|
yyv54 := &x.FSGroup
|
||||||
yyv50.CodecDecodeSelf(d)
|
yyv54.CodecDecodeSelf(d)
|
||||||
}
|
}
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -15614,26 +15704,74 @@ func (x *PodSecurityPolicySpec) codecDecodeSelfFromArray(l int, d *codec1978.Dec
|
|||||||
if r.TryDecodeAsNil() {
|
if r.TryDecodeAsNil() {
|
||||||
x.ReadOnlyRootFilesystem = false
|
x.ReadOnlyRootFilesystem = false
|
||||||
} else {
|
} else {
|
||||||
yyv51 := &x.ReadOnlyRootFilesystem
|
yyv55 := &x.ReadOnlyRootFilesystem
|
||||||
yym52 := z.DecBinary()
|
yym56 := z.DecBinary()
|
||||||
_ = yym52
|
_ = yym56
|
||||||
if false {
|
if false {
|
||||||
} else {
|
} else {
|
||||||
*((*bool)(yyv51)) = r.DecodeBool()
|
*((*bool)(yyv55)) = r.DecodeBool()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
yyj32++
|
||||||
|
if yyhl32 {
|
||||||
|
yyb32 = yyj32 > l
|
||||||
|
} else {
|
||||||
|
yyb32 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb32 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
if x.DefaultAllowPrivilegeEscalation != nil {
|
||||||
|
x.DefaultAllowPrivilegeEscalation = nil
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if x.DefaultAllowPrivilegeEscalation == nil {
|
||||||
|
x.DefaultAllowPrivilegeEscalation = new(bool)
|
||||||
|
}
|
||||||
|
yym58 := z.DecBinary()
|
||||||
|
_ = yym58
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*bool)(x.DefaultAllowPrivilegeEscalation)) = r.DecodeBool()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
yyj32++
|
||||||
|
if yyhl32 {
|
||||||
|
yyb32 = yyj32 > l
|
||||||
|
} else {
|
||||||
|
yyb32 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb32 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.AllowPrivilegeEscalation = false
|
||||||
|
} else {
|
||||||
|
yyv59 := &x.AllowPrivilegeEscalation
|
||||||
|
yym60 := z.DecBinary()
|
||||||
|
_ = yym60
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*bool)(yyv59)) = r.DecodeBool()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for {
|
for {
|
||||||
yyj28++
|
yyj32++
|
||||||
if yyhl28 {
|
if yyhl32 {
|
||||||
yyb28 = yyj28 > l
|
yyb32 = yyj32 > l
|
||||||
} else {
|
} else {
|
||||||
yyb28 = r.CheckBreak()
|
yyb32 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb28 {
|
if yyb32 {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
z.DecStructFieldNotFound(yyj28-1, "")
|
z.DecStructFieldNotFound(yyj32-1, "")
|
||||||
}
|
}
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
}
|
}
|
||||||
@@ -21422,7 +21560,7 @@ func (x codecSelfer1234) decSlicePodSecurityPolicy(v *[]PodSecurityPolicy, d *co
|
|||||||
|
|
||||||
yyrg1 := len(yyv1) > 0
|
yyrg1 := len(yyv1) > 0
|
||||||
yyv21 := yyv1
|
yyv21 := yyv1
|
||||||
yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 560)
|
yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 576)
|
||||||
if yyrt1 {
|
if yyrt1 {
|
||||||
if yyrl1 <= cap(yyv1) {
|
if yyrl1 <= cap(yyv1) {
|
||||||
yyv1 = yyv1[:yyrl1]
|
yyv1 = yyv1[:yyrl1]
|
||||||
|
@@ -954,6 +954,14 @@ type PodSecurityPolicySpec struct {
|
|||||||
// will not be forced to.
|
// will not be forced to.
|
||||||
// +optional
|
// +optional
|
||||||
ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,14,opt,name=readOnlyRootFilesystem"`
|
ReadOnlyRootFilesystem bool `json:"readOnlyRootFilesystem,omitempty" protobuf:"varint,14,opt,name=readOnlyRootFilesystem"`
|
||||||
|
// DefaultAllowPrivilegeEscalation controls the default setting for whether a
|
||||||
|
// process can gain more privileges than it's parent process.
|
||||||
|
// +optional
|
||||||
|
DefaultAllowPrivilegeEscalation *bool `json:"defaultAllowPrivilegeEscalation,omitempty" protobuf:"varint,15,opt,name=defaultAllowPrivilegeEscalation"`
|
||||||
|
// AllowPrivilegeEscalation determines if a pod can request to allow
|
||||||
|
// privilege escalation.
|
||||||
|
// +optional
|
||||||
|
AllowPrivilegeEscalation bool `json:"allowPrivilegeEscalation,omitempty" protobuf:"varint,16,opt,name=allowPrivilegeEscalation"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// FS Type gives strong typing to different file systems that are used by volumes.
|
// FS Type gives strong typing to different file systems that are used by volumes.
|
||||||
|
@@ -425,6 +425,8 @@ var map_PodSecurityPolicySpec = map[string]string{
|
|||||||
"supplementalGroups": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
|
"supplementalGroups": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.",
|
||||||
"fsGroup": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
|
"fsGroup": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.",
|
||||||
"readOnlyRootFilesystem": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
|
"readOnlyRootFilesystem": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.",
|
||||||
|
"defaultAllowPrivilegeEscalation": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than it's parent process.",
|
||||||
|
"allowPrivilegeEscalation": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation.",
|
||||||
}
|
}
|
||||||
|
|
||||||
func (PodSecurityPolicySpec) SwaggerDoc() map[string]string {
|
func (PodSecurityPolicySpec) SwaggerDoc() map[string]string {
|
||||||
|
@@ -1321,6 +1321,15 @@ func (in *PodSecurityPolicySpec) DeepCopyInto(out *PodSecurityPolicySpec) {
|
|||||||
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
|
in.RunAsUser.DeepCopyInto(&out.RunAsUser)
|
||||||
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
|
in.SupplementalGroups.DeepCopyInto(&out.SupplementalGroups)
|
||||||
in.FSGroup.DeepCopyInto(&out.FSGroup)
|
in.FSGroup.DeepCopyInto(&out.FSGroup)
|
||||||
|
if in.DefaultAllowPrivilegeEscalation != nil {
|
||||||
|
in, out := &in.DefaultAllowPrivilegeEscalation, &out.DefaultAllowPrivilegeEscalation
|
||||||
|
if *in == nil {
|
||||||
|
*out = nil
|
||||||
|
} else {
|
||||||
|
*out = new(bool)
|
||||||
|
**out = **in
|
||||||
|
}
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -118,6 +118,7 @@ go_test(
|
|||||||
"//test/e2e_node/services:go_default_library",
|
"//test/e2e_node/services:go_default_library",
|
||||||
"//test/e2e_node/system:go_default_library",
|
"//test/e2e_node/system:go_default_library",
|
||||||
"//test/utils:go_default_library",
|
"//test/utils:go_default_library",
|
||||||
|
"//vendor/github.com/blang/semver:go_default_library",
|
||||||
"//vendor/github.com/coreos/go-systemd/util:go_default_library",
|
"//vendor/github.com/coreos/go-systemd/util:go_default_library",
|
||||||
"//vendor/github.com/davecgh/go-spew/spew:go_default_library",
|
"//vendor/github.com/davecgh/go-spew/spew:go_default_library",
|
||||||
"//vendor/github.com/golang/glog:go_default_library",
|
"//vendor/github.com/golang/glog:go_default_library",
|
||||||
|
@@ -53,6 +53,7 @@ var NodeImageWhiteList = sets.NewString(
|
|||||||
"gcr.io/google_containers/nginx-slim:0.7",
|
"gcr.io/google_containers/nginx-slim:0.7",
|
||||||
"gcr.io/google_containers/serve_hostname:v1.4",
|
"gcr.io/google_containers/serve_hostname:v1.4",
|
||||||
"gcr.io/google_containers/netexec:1.7",
|
"gcr.io/google_containers/netexec:1.7",
|
||||||
|
"gcr.io/google_containers/nonewprivs:1.2",
|
||||||
framework.GetPauseImageNameForHostArch(),
|
framework.GetPauseImageNameForHostArch(),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@@ -28,6 +28,7 @@ import (
|
|||||||
"k8s.io/apimachinery/pkg/util/uuid"
|
"k8s.io/apimachinery/pkg/util/uuid"
|
||||||
"k8s.io/kubernetes/test/e2e/framework"
|
"k8s.io/kubernetes/test/e2e/framework"
|
||||||
|
|
||||||
|
"github.com/blang/semver"
|
||||||
. "github.com/onsi/ginkgo"
|
. "github.com/onsi/ginkgo"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -375,4 +376,87 @@ var _ = framework.KubeDescribe("Security Context", func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
Context("when creating containers with AllowPrivilegeEscalation", func() {
|
||||||
|
|
||||||
|
BeforeEach(func() {
|
||||||
|
if framework.TestContext.ContainerRuntime == "docker" {
|
||||||
|
// parse the docker version
|
||||||
|
out, err := exec.Command("docker", "-v").CombinedOutput()
|
||||||
|
if err != nil {
|
||||||
|
framework.Failf("checking docker version failed output %s: %v", string(out), err)
|
||||||
|
}
|
||||||
|
parts := strings.Split(string(out), ",")
|
||||||
|
parts = strings.Split(parts[0], " ")
|
||||||
|
dversion := parts[len(parts)-1]
|
||||||
|
version, err := semver.New(dversion)
|
||||||
|
if err != nil {
|
||||||
|
framework.Failf("parsing docker version %q failed: %v", dversion, err)
|
||||||
|
}
|
||||||
|
if version.LT(semver.Version{Major: 1, Minor: 11}) {
|
||||||
|
// make sure its >= 1.11 thats when "no-new-privileges" was added
|
||||||
|
framework.Skipf("Skipping no_new_privs tests, docker version is < 1.11 it is %s", version.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
makeAllowPrivilegeEscalationPod := func(podName string, allowPrivilegeEscalation *bool, uid int64) *v1.Pod {
|
||||||
|
return &v1.Pod{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: podName,
|
||||||
|
},
|
||||||
|
Spec: v1.PodSpec{
|
||||||
|
RestartPolicy: v1.RestartPolicyNever,
|
||||||
|
Containers: []v1.Container{
|
||||||
|
{
|
||||||
|
Image: "gcr.io/google_containers/nonewprivs:1.2",
|
||||||
|
Name: podName,
|
||||||
|
SecurityContext: &v1.SecurityContext{
|
||||||
|
AllowPrivilegeEscalation: allowPrivilegeEscalation,
|
||||||
|
RunAsUser: &uid,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
createAndMatchOutput := func(podName, output string, allowPrivilegeEscalation *bool, uid int64) error {
|
||||||
|
podClient.Create(makeAllowPrivilegeEscalationPod(podName,
|
||||||
|
allowPrivilegeEscalation,
|
||||||
|
uid,
|
||||||
|
))
|
||||||
|
|
||||||
|
podClient.WaitForSuccess(podName, framework.PodStartTimeout)
|
||||||
|
|
||||||
|
if err := podClient.MatchContainerOutput(podName, podName, output); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
It("should allow privilege escalation when not explicitly set and uid != 0", func() {
|
||||||
|
podName := "alpine-nnp-nil-" + string(uuid.NewUUID())
|
||||||
|
if err := createAndMatchOutput(podName, "Effective uid: 0", nil, 1000); err != nil {
|
||||||
|
framework.Failf("Match output for pod %q failed: %v", podName, err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
It("should not allow privilege escalation when false", func() {
|
||||||
|
podName := "alpine-nnp-false-" + string(uuid.NewUUID())
|
||||||
|
apeFalse := false
|
||||||
|
if err := createAndMatchOutput(podName, "Effective uid: 1000", &apeFalse, 1000); err != nil {
|
||||||
|
framework.Failf("Match output for pod %q failed: %v", podName, err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
It("should allow privilege escalation when true", func() {
|
||||||
|
podName := "alpine-nnp-true-" + string(uuid.NewUUID())
|
||||||
|
apeTrue := true
|
||||||
|
if err := createAndMatchOutput(podName, "Effective uid: 0", &apeTrue, 1000); err != nil {
|
||||||
|
framework.Failf("Match output for pod %q failed: %v", podName, err)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
})
|
})
|
||||||
|
1
test/images/nonewprivs/.gitignore
vendored
Normal file
1
test/images/nonewprivs/.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
|||||||
|
nnp
|
20
test/images/nonewprivs/Dockerfile
Normal file
20
test/images/nonewprivs/Dockerfile
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
# Copyright 2017 The Kubernetes Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
FROM alpine:latest
|
||||||
|
|
||||||
|
COPY nnp /usr/local/bin/nnp
|
||||||
|
RUN chmod +s /usr/local/bin/nnp
|
||||||
|
|
||||||
|
CMD ["nnp"]
|
33
test/images/nonewprivs/Makefile
Normal file
33
test/images/nonewprivs/Makefile
Normal file
@@ -0,0 +1,33 @@
|
|||||||
|
# Copyright 2017 The Kubernetes Authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
.PHONY: all image push clean
|
||||||
|
|
||||||
|
TAG = 1.2
|
||||||
|
PREFIX = gcr.io/google_containers
|
||||||
|
|
||||||
|
|
||||||
|
all: push
|
||||||
|
|
||||||
|
nnp: nnp.c
|
||||||
|
gcc -static -o $@ $@.c
|
||||||
|
|
||||||
|
image: nnp
|
||||||
|
docker build --pull -t $(PREFIX)/nonewprivs:$(TAG) .
|
||||||
|
|
||||||
|
push: image
|
||||||
|
gcloud docker -- push $(PREFIX)/nonewprivs:$(TAG)
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -f nnp
|
22
test/images/nonewprivs/nnp.c
Normal file
22
test/images/nonewprivs/nnp.c
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
// Copyright 2017 The Kubernetes Authors.
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
|
||||||
|
int main(int argc, char *argv[]){
|
||||||
|
printf("Effective uid: %d\n", geteuid());
|
||||||
|
return 0;
|
||||||
|
}
|
Reference in New Issue
Block a user