github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c984245f9bf23ed2fea8d5276fa08efbb71ad324
kubernetes/pkg/api
History
Kubernetes Submit Queue 72c6251508 Merge pull request #47019 from jessfraz/allowPrivilegeEscalation 
Automatic merge from submit-queue (batch tested with PRs 49651, 49707, 49662, 47019, 49747)

Add support for `no_new_privs` via AllowPrivilegeEscalation

**What this PR does / why we need it**:
Implements kubernetes/community#639
Fixes #38417

Adds `AllowPrivilegeEscalation` and `DefaultAllowPrivilegeEscalation` to `PodSecurityPolicy`.
Adds `AllowPrivilegeEscalation` to container `SecurityContext`.

Adds the proposed behavior to `kuberuntime`, `dockershim`, and `rkt`. Adds a bunch of unit tests to ensure the desired default behavior and that when `DefaultAllowPrivilegeEscalation` is explicitly set.

Tests pass locally with docker and rkt runtimes. There are also a few integration tests with a `setuid` binary for sanity.

**Release note**:

```release-note
Adds AllowPrivilegeEscalation to control whether a process can gain more privileges than it's parent process
```
2017-07-31 16:56:58 -07:00
..
endpoints
autogenerated
2017-04-14 10:40:57 -07:00
errors
Update bazel
2017-02-02 15:19:04 +01:00
events
autogenerated
2017-04-14 10:40:57 -07:00
helper
Removes alpha feature gate for affinity annotations. Beta fields should be used.
2017-06-23 10:02:14 -05:00
install
run hack/update-all
2017-06-22 11:31:03 -07:00
meta
add back just enough empty packages to allow heapster cycles to succeed
2017-01-17 08:07:30 -05:00
persistentvolume
Remove myself from a bunch of places
2017-07-20 12:10:46 +02:00
pod
Remove myself from a bunch of places
2017-07-20 12:10:46 +02:00
ref
deepcopy: add interface deepcopy funcs
2017-07-18 09:28:47 +02:00
resource
move pkg/api/v1/ref.go and pkg/api/v1/resource.go to subpackages. move some functions in resource.go to pkg/api/v1/node and pkg/api/v1/pod
2017-04-17 11:38:11 -07:00
service
'Global' -> 'Cluster' for traffic policy
2017-06-01 16:17:38 -07:00
testapi
autogenerated files
2017-07-18 17:47:57 -07:00
testing
Unify fuzzers and roundtrip tests
2017-07-20 12:31:00 +02:00
unversioned
deepcopy: add interface deepcopy funcs
2017-07-18 09:28:47 +02:00
util
add unit test for groupversion
2017-02-03 17:37:42 +08:00
v1
Merge pull request #47019 from jessfraz/allowPrivilegeEscalation
2017-07-31 16:56:58 -07:00
validation
Merge pull request #49286 from kargakis/remote-myself-from-some-places
2017-07-25 06:41:08 -07:00
annotation_key_constants.go
Removes alpha feature gate for affinity annotations. Beta fields should be used.
2017-06-23 10:02:14 -05:00
BUILD
Unify fuzzers and roundtrip tests
2017-07-20 12:31:00 +02:00
conversion_test.go
Unify fuzzers and roundtrip tests
2017-07-20 12:31:00 +02:00
copy_test.go
Unify fuzzers and roundtrip tests
2017-07-20 12:31:00 +02:00
deep_copy_test.go
Remove the temporary fix for pre-1.0 mirror pods
2017-02-02 10:37:19 -08:00
defaulting_test.go
Bump ReplicaSet to apps/v1beta2
2017-07-26 09:51:41 -07:00
doc.go
Use Go canonical import paths
2016-07-16 13:48:21 -04:00
field_constants.go
json.go
Change taint/toleration annotations to api fields.
2017-02-22 09:27:42 -05:00
meta_test.go
API
2017-02-28 23:05:40 -08:00
node_example.json
Change minion to node
2016-09-28 10:53:30 -07:00
objectreference.go
move ref.go to its own subpackage
2017-04-13 10:02:43 -07:00
OWNERS
Remove myself from a bunch of places
2017-07-20 12:10:46 +02:00
register.go
apimachinery: move unversioned registration to metav1
2017-05-29 11:53:45 +02:00
replication_controller_example.json
Initial Quobyte support
2016-08-18 17:13:50 +02:00
resource.go
Add EmptyDir Volume and local storage for container overlay Isolation
2017-06-05 12:05:48 -07:00
serialization_proto_test.go
Unify fuzzers and roundtrip tests
2017-07-20 12:31:00 +02:00
serialization_test.go
Unify fuzzers and roundtrip tests
2017-07-20 12:31:00 +02:00
taint_test.go
move ref.go to its own subpackage
2017-04-13 10:02:43 -07:00
taint.go
move ref.go to its own subpackage
2017-04-13 10:02:43 -07:00
toleration.go
move ref.go to its own subpackage
2017-04-13 10:02:43 -07:00
types.go
Merge pull request #47019 from jessfraz/allowPrivilegeEscalation
2017-07-31 16:56:58 -07:00
unstructured_test.go
Unify fuzzers and roundtrip tests
2017-07-20 12:31:00 +02:00
zz_generated.deepcopy.go
allowPrivilegeEscalation: update code generation
2017-07-24 13:55:16 -04:00