Matthew Wong
b376b31ee0
Resolve potential devicePath symlink when MapVolume in containerized kubelet
2018-06-26 13:08:36 -04:00
Jan Safranek
74ba0878a1
Enhance ExistsPath check
...
It should return error when the check fails (e.g. no permissions, symlink link
loop etc.)
2018-05-23 10:21:20 +02:00
Jan Safranek
97b5299cd7
Add GetMode to mounter interface.
...
Kubelet must not call os.Lstat on raw volume paths when it runs in a container.
Mounter knows where the file really is.
2018-05-23 10:17:59 +02:00
Jan Safranek
598ca5accc
Add GetSELinuxSupport to mounter.
2018-05-17 13:36:37 +02:00
Yecheng Fu
3748197876
Add more volume types in e2e and fix part of them.
...
- Add dir-link/dir-bindmounted/dir-link-bindmounted/blockfs volume types for e2e
tests.
- Return error if we cannot resolve volume path.
- Add GetFSGroup/GetMountRefs methods for mount.Interface.
- Fix fsGroup related e2e tests partially.
2018-05-02 10:31:42 +08:00
Jan Safranek
5110db5087
Lock subPath volumes
...
Users must not be allowed to step outside the volume with subPath.
Therefore the final subPath directory must be "locked" somehow
and checked if it's inside volume.
On Windows, we lock the directories. On Linux, we bind-mount the final
subPath into /var/lib/kubelet/pods/<uid>/volume-subpaths/<container name>/<subPathName>,
it can't be changed to symlink user once it's bind-mounted.
2018-03-05 09:14:44 +01:00
Di Xu
48388fec7e
fix all the typos across the project
2018-02-11 11:04:14 +08:00
Jan Safranek
1dd32ce7eb
Add ExecMounter
2017-11-10 13:14:40 +01:00
