github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Validate PSP allowedProcMountTypes

Browse Source
This commit is contained in:
Jordan Liggitt
2018-12-29 00:18:01 -05:00
parent 7c112762b0
commit cb76da9fd7
3 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/apis/core/validation/validation.go
View File

@@ -5234,8 +5234,8 @@ func ValidateSecurityContext(sc *core.SecurityContext, fldPath *field.Path) fiel
}
if sc.ProcMount != nil {
if err := IsValidProcMount(*sc.ProcMount); err != nil {
allErrs = append(allErrs, field.NotSupported(fldPath.Child("procMount"), *sc.ProcMount, []string{string(core.DefaultProcMount), string(core.UnmaskedProcMount)}))
if err := ValidateProcMountType(fldPath.Child("procMount"), *sc.ProcMount); err != nil {
allErrs = append(allErrs, err)
}
}
@@ -5336,13 +5336,12 @@ func IsDecremented(update, old *int32) bool {
return *update < *old
}
// IsValidProcMount tests that the argument is a valid ProcMountType.
func IsValidProcMount(procMountType core.ProcMountType) error {
// ValidateProcMountType tests that the argument is a valid ProcMountType.
func ValidateProcMountType(fldPath *field.Path, procMountType core.ProcMountType) *field.Error {
switch procMountType {
case core.DefaultProcMount:
case core.UnmaskedProcMount:
case core.DefaultProcMount, core.UnmaskedProcMount:
return nil
default:
return fmt.Errorf("unsupported ProcMount type %s", procMountType)
return field.NotSupported(fldPath, procMountType, []string{string(core.DefaultProcMount), string(core.UnmaskedProcMount)})
}
return nil
}