github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
114,278 Commits 1 Branch 31 Tags 1,019 MiB
b0dce923f1
Commit Graph

17 Commits

Author SHA1 Message Date
Freddie
a31820bac9 rebased 2023-02-19 13:53:47 +05:30
Tim Allclair
5f2b12e0d4 Move AppArmor profile validation to the API validation pkg 2022-02-15 16:17:37 -08:00
Tim Allclair
f780889d4c Forbid empty AppArmor localhost profile 2022-02-15 14:46:51 -08:00
yanghesong
6905fef761 Remove runtime in validate 
Validate is useless as dockershim is removed

Signed-off-by: yanghesong <hesong.yang@foxmail.com>
 2022-01-09 09:11:49 +08:00
Sascha Grunert
1f8c21166e
Remove AppArmor loaded profile validation 
In general it could be possible that init containers deploy security
profiles. The existing AppArmor pre-validation would block the complete
workload without this patch being applied. If we now schedule a
workload which contains an unconfined init container, then we will skip
the validation. The underlying container runtime will fail if the
profile is not available after the execution of the init container.

This synchronizes the overall behavior with seccomp.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2021-03-12 10:19:44 +01:00
Andrew Sy Kim
2e56866c97 move apparmor annotation constants to k8s.io/api/core/v1 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2020-04-06 10:22:04 -04:00
Christoph Blecker
97b2992dc1
Update gofmt for go1.11 2018-10-05 12:59:38 -07:00
Di Xu
5e96f7cae9 enable to specific unconfined AppArmor profile 2017-09-28 10:06:36 +08:00
Chao Xu
60604f8818 run hack/update-all 2017-06-22 11:31:03 -07:00
Chao Xu
f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00
Clayton Coleman
9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
Chao Xu
4f3d0e3bde more dependencies packages: 
pkg/metrics
pkg/credentialprovider
pkg/security
pkg/securitycontext
pkg/serviceaccount
pkg/storage
pkg/fieldpath
 2016-11-23 15:53:09 -08:00
Jess Frazelle
d51962e1bb
vet fixes 
Signed-off-by: Jess Frazelle <me@jessfraz.com>
 2016-10-13 21:12:15 -07:00
Tim St. Clair
a5b7212453
Promote AppArmor annotations to beta 2016-08-25 15:40:32 -07:00
Tim St. Clair
f94df59791
Remove apparmor dependency on pkg/kubelet/lifecycle 2016-08-21 20:59:11 -07:00
Tim St. Clair
3c7896719b
Implement AppArmor Kubelet support 2016-08-15 13:25:17 -07:00
Tim St. Clair
bdc306bbfe
Add AppArmor validation logic 
The validation checks the prerequisites described in the [AppArmor
proposal](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/apparmor.md#prerequisites)
 2016-08-11 10:31:25 -07:00