github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
91c557f504
kubernetes/pkg/kubelet/kuberuntime
History
Jan Safranek 5110db5087 Lock subPath volumes 
Users must not be allowed to step outside the volume with subPath.
Therefore the final subPath directory must be "locked" somehow
and checked if it's inside volume.

On Windows, we lock the directories. On Linux, we bind-mount the final
subPath into /var/lib/kubelet/pods/<uid>/volume-subpaths/<container name>/<subPathName>,
it can't be changed to symlink user once it's bind-mounted.
2018-03-05 09:14:44 +01:00
..
logs Merge pull request #59713 from hanxiaoshuai/fix0211 2018-02-22 23:17:38 -08:00
BUILD Update unit tests and bazel files 2018-02-28 09:56:46 +08:00
doc.go cmd/kubelet 2016-11-23 15:53:09 -08:00
fake_kuberuntime_manager.go Fix incorrect localhost seccomp profile path 2017-11-22 02:49:23 +00:00
helpers_linux.go Setup windows container config to kubelet CRI 2018-02-28 09:56:41 +08:00
helpers_test.go Set shared PID namespace mode based on PodSpec 2018-02-22 03:51:35 +01:00
helpers_unsupported.go Setup windows container config to kubelet CRI 2018-02-28 09:56:41 +08:00
helpers_windows.go Setup windows container config to kubelet CRI 2018-02-28 09:56:41 +08:00
helpers.go Setup windows container config to kubelet CRI 2018-02-28 09:56:41 +08:00
instrumented_services_test.go Increment CRI version from v1alpha1 to v1alpha2 2018-02-07 09:06:26 +01:00
instrumented_services.go Increment CRI version from v1alpha1 to v1alpha2 2018-02-07 09:06:26 +01:00
kuberuntime_container_linux_test.go Lock subPath volumes 2018-03-05 09:14:44 +01:00
kuberuntime_container_linux.go Setup windows container config to kubelet CRI 2018-02-28 09:56:41 +08:00
kuberuntime_container_test.go Update unit tests and bazel files 2018-02-28 09:56:46 +08:00
kuberuntime_container_unsupported.go Setup windows container config to kubelet CRI 2018-02-28 09:56:41 +08:00
kuberuntime_container_windows.go Setup windows container config to kubelet CRI 2018-02-28 09:56:41 +08:00
kuberuntime_container.go Lock subPath volumes 2018-03-05 09:14:44 +01:00
kuberuntime_gc_test.go Increment CRI version from v1alpha1 to v1alpha2 2018-02-07 09:06:26 +01:00
kuberuntime_gc.go Increment CRI version from v1alpha1 to v1alpha2 2018-02-07 09:06:26 +01:00
kuberuntime_image_test.go Increment CRI version from v1alpha1 to v1alpha2 2018-02-07 09:06:26 +01:00
kuberuntime_image.go Increment CRI version from v1alpha1 to v1alpha2 2018-02-07 09:06:26 +01:00
kuberuntime_logs.go Make CRI logs parsing to a library 2017-11-07 10:07:16 +08:00
kuberuntime_manager_test.go Lock subPath volumes 2018-03-05 09:14:44 +01:00
kuberuntime_manager.go fix all the typos across the project 2018-02-11 11:04:14 +08:00
kuberuntime_sandbox_test.go Increment CRI version from v1alpha1 to v1alpha2 2018-02-07 09:06:26 +01:00
kuberuntime_sandbox.go Increment CRI version from v1alpha1 to v1alpha2 2018-02-07 09:06:26 +01:00
labels_test.go Add Annotations from the deviceplugin to the runtime 2018-02-03 19:53:20 +01:00
labels.go fix all the typos across the project 2018-02-11 11:04:14 +08:00
legacy_test.go Move legacy log symlink to kuberuntime 2017-05-05 11:48:08 -07:00
legacy.go Move legacy log symlink to kuberuntime 2017-05-05 11:48:08 -07:00
security_context_test.go security_context_test.go(TestVerifyRunAsNonRoot): add more test cases. 2017-12-20 18:02:52 +01:00
security_context.go Increment CRI version from v1alpha1 to v1alpha2 2018-02-07 09:06:26 +01:00