- Will not allow if a container (init or not) sets the proc mount type to anything other than `Default`
- Include fixture for proc mount baseline generation and the consequent genreated test data
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
This is to check if runc 1.0.0 (to be released shortly) works with k8s.
The commands used were (roughly):
hack/pin-dependency.sh github.com/opencontainers/runc v1.0.0
hack/lint-dependencies.sh
# Follow its recommendations.
hack/pin-dependency.sh github.com/cilium/ebpf v0.6.1
hack/pin-dependency.sh github.com/opencontainers/selinux v1.8.2
hack/pin-dependency.sh github.com/sirupsen/logrus v1.8.1
# Recheck.
hack/lint-dependencies.sh
GO111MODULE=on go mod edit -dropreplace github.com/willf/bitset
hack/update-vendor.sh
# Recheck.
hack/lint-dependencies.sh
hack/update-internal-modules.sh
# Recheck.
hack/lint-dependencies.sh
[v2: rebased, updated runc 3a0234e1fe2e82 -> 2f8e8e9d977500]
[v3: testing master + runc pr 3019]
[v4: updated to 93a01cd4d0b7a0f08a]
[v5: updated to f093cca13d3cf8a484]
[v6: rebased]
[v7: updated to runc v1.0.0]
[v8: rebased]
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Applies to baseline policy. Since host ports is
a niche feature, usage of any host ports is
forbidden for either app container or init container
Refactored two fixtures into one for non-host ports in app container and init container
Fixes based on PR feedback
- remove no-op if check,
- use correct Int32 list for hostPort
- remove ensureHostPorts func
Removed redundant fixtures as per PR feedback
Removed minimal valid pod
Updates after gofmt
graduate IngressClassNamespacedParams to beta
add fuzzer patch to fix tests
Destroy the created runtimeclass resources at the end of the test case.
addressing comments
dont ensure security context
Go 1.16's embed directive doesn't allow embeding files from parent
directories. Hence, moving the translations data to inside the i18n package.
Logically speaking as well, kubectl related artifacts should be inside
the kubectl package.
Signed-off-by: Nabarun Pal <pal.nabarun95@gmail.com>
Original:
> This handler will lookup the owner of the given Deployment, and if it is owned by a Foo resource will enqueue that Foo resource for processing.
Fixed:
> This handler will lookup the owner of the given Deployment, and if it is owned by a Foo resource then the handler will enqueue that Foo resource for processing.
