github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5110db5087
kubernetes/pkg/volume
History
Jan Safranek 5110db5087 Lock subPath volumes 
Users must not be allowed to step outside the volume with subPath.
Therefore the final subPath directory must be "locked" somehow
and checked if it's inside volume.

On Windows, we lock the directories. On Linux, we bind-mount the final
subPath into /var/lib/kubelet/pods/<uid>/volume-subpaths/<container name>/<subPathName>,
it can't be changed to symlink user once it's bind-mounted.
2018-03-05 09:14:44 +01:00
..
aws_ebs update bazel 2018-02-27 20:23:36 +08:00
azure_dd update bazel 2018-02-27 20:23:36 +08:00
azure_file add remount logic for azure file plugin 2018-03-01 07:46:07 +00:00
cephfs update import 2018-02-27 20:23:35 +08:00
cinder update bazel 2018-02-27 20:23:36 +08:00
configmap Fix nested volume mounts for read-only API data volumes 2018-02-27 07:41:39 -07:00
csi Added MountDevice/UnmountDevice pass-through to NodeStageVolume/NodeUnstageVolume for CSI Volume Plugin. Added related unit tests. Vendored CSI Spec to HEAD 2018-02-26 14:50:32 -08:00
downwardapi Fix nested volume mounts for read-only API data volumes 2018-02-27 07:41:39 -07:00
empty_dir Use consts defined in api instead of defining another ones. 2018-02-28 00:40:58 +08:00
fc update bazel 2018-02-27 20:23:36 +08:00
flexvolume update import 2018-02-27 20:23:35 +08:00
flocker update bazel 2018-02-27 20:23:36 +08:00
gce_pd Merge pull request #60337 from verult/repd-feature-gate 2018-02-27 12:05:33 -08:00
git_repo update import 2018-02-27 20:23:35 +08:00
glusterfs update bazel 2018-02-27 20:23:36 +08:00
host_path Lock subPath volumes 2018-03-05 09:14:44 +01:00
iscsi update bazel 2018-02-27 20:23:36 +08:00
local Add a few "+build linux" tags where appropriate. 2018-02-27 13:53:32 -08:00
nfs update bazel 2018-02-27 20:23:36 +08:00
photon_pd update bazel 2018-02-27 20:23:36 +08:00
portworx update bazel 2018-02-27 20:23:36 +08:00
projected Fix nested volume mounts for read-only API data volumes 2018-02-27 07:41:39 -07:00
quobyte update bazel 2018-02-27 20:23:36 +08:00
rbd update bazel 2018-02-27 20:23:36 +08:00
scaleio update bazel 2018-02-27 20:23:36 +08:00
secret Fix nested volume mounts for read-only API data volumes 2018-02-27 07:41:39 -07:00
storageos update bazel 2018-02-27 20:23:36 +08:00
testing update bazel 2018-02-27 20:23:36 +08:00
util Lock subPath volumes 2018-03-05 09:14:44 +01:00
validation Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
vsphere_volume update bazel 2018-02-27 20:23:36 +08:00
BUILD update bazel 2018-02-27 20:23:36 +08:00
doc.go Use Go canonical import paths 2016-07-16 13:48:21 -04:00
metrics_cached.go
metrics_du_test.go switch from package syscall to x/sys/unix 2017-07-21 12:14:42 +02:00
metrics_du.go update import 2018-02-27 20:23:35 +08:00
metrics_errors.go Disambiguate unsupported metrics from metrics errors 2016-09-15 10:05:30 +10:00
metrics_nil_test.go
metrics_nil.go Disambiguate unsupported metrics from metrics errors 2016-09-15 10:05:30 +10:00
metrics_statfs_test.go add volume timestamps 2017-03-02 15:01:59 -08:00
metrics_statfs.go update import 2018-02-27 20:23:35 +08:00
OWNERS Update volume OWNERS to reflect active sig-storage reviewers 2017-10-26 13:26:33 -07:00
plugins_test.go correct the expected value in plugintest 2018-02-25 15:14:55 +08:00
plugins.go update import 2018-02-27 20:23:35 +08:00
volume_linux.go Fixes cross platform build failure 2017-08-26 09:58:51 -04:00
volume_unsupported.go Fixes cross platform build failure 2017-08-26 09:58:51 -04:00
volume.go BlockVolumesSupport: CRI, VolumeManager and OperationExecutor changes 2017-11-20 14:10:26 -05:00