Merge pull request #56848 from CaoShuFeng/duplicated-validation-psp

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. remove duplicated validation from podsecuritypolicy **Release note**: ```release-note NONE ```
2018-03-26 00:13:08 -07:00
parent 566e3445c4 16999f172d
commit c014cc2740
2 changed files with 2 additions and 17 deletions
--- a/pkg/security/podsecuritypolicy/provider.go
+++ b/pkg/security/podsecuritypolicy/provider.go
@@ -273,10 +273,6 @@ func (s *simpleProvider) ValidateContainerSecurityContext(pod *api.Pod, containe

 	allErrs = append(allErrs, s.strategies.CapabilitiesStrategy.Validate(pod, container, sc.Capabilities())...)

-	if !s.psp.Spec.HostNetwork && podSC.HostNetwork() {
-		allErrs = append(allErrs, field.Invalid(fldPath.Child("hostNetwork"), podSC.HostNetwork(), "Host network is not allowed to be used"))
-	}
-
 	containersPath := fldPath.Child("containers")
 	for idx, c := range pod.Spec.Containers {
 		idxPath := containersPath.Index(idx)
@@ -289,14 +285,6 @@ func (s *simpleProvider) ValidateContainerSecurityContext(pod *api.Pod, containe
 		allErrs = append(allErrs, s.hasInvalidHostPort(&c, idxPath)...)
 	}

-	if !s.psp.Spec.HostPID && podSC.HostPID() {
-		allErrs = append(allErrs, field.Invalid(fldPath.Child("hostPID"), podSC.HostPID(), "Host PID is not allowed to be used"))
-	}
-
-	if !s.psp.Spec.HostIPC && podSC.HostIPC() {
-		allErrs = append(allErrs, field.Invalid(fldPath.Child("hostIPC"), podSC.HostIPC(), "Host IPC is not allowed to be used"))
-	}
-
 	if s.psp.Spec.ReadOnlyRootFilesystem {
 		readOnly := sc.ReadOnlyRootFilesystem()
 		if readOnly == nil {