github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cb56558531
kubernetes/api/swagger-spec
History
Kubernetes Submit Queue 72c6251508 Merge pull request #47019 from jessfraz/allowPrivilegeEscalation 
Automatic merge from submit-queue (batch tested with PRs 49651, 49707, 49662, 47019, 49747)

Add support for `no_new_privs` via AllowPrivilegeEscalation

**What this PR does / why we need it**:
Implements kubernetes/community#639
Fixes #38417

Adds `AllowPrivilegeEscalation` and `DefaultAllowPrivilegeEscalation` to `PodSecurityPolicy`.
Adds `AllowPrivilegeEscalation` to container `SecurityContext`.

Adds the proposed behavior to `kuberuntime`, `dockershim`, and `rkt`. Adds a bunch of unit tests to ensure the desired default behavior and that when `DefaultAllowPrivilegeEscalation` is explicitly set.

Tests pass locally with docker and rkt runtimes. There are also a few integration tests with a `setuid` binary for sanity.

**Release note**:

```release-note
Adds AllowPrivilegeEscalation to control whether a process can gain more privileges than it's parent process
```
2017-07-31 16:56:58 -07:00
..
admissionregistration.k8s.io_v1alpha1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
admissionregistration.k8s.io.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
api.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
apis.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
apps_v1alpha1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
apps_v1beta1.json Merge pull request #47019 from jessfraz/allowPrivilegeEscalation 2017-07-31 16:56:58 -07:00
apps_v1beta2.json Merge pull request #47019 from jessfraz/allowPrivilegeEscalation 2017-07-31 16:56:58 -07:00
apps.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
authentication.k8s.io_v1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
authentication.k8s.io_v1beta1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
authentication.k8s.io.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
authorization.k8s.io_v1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
authorization.k8s.io_v1beta1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
authorization.k8s.io.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
autoscaling_v1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
autoscaling_v2alpha1.json Merge pull request #46961 from zjj2wry/api_describe 2017-06-16 12:19:08 -07:00
autoscaling.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
batch_v1.json allowPrivilegeEscalation: update docs 2017-07-24 13:55:13 -04:00
batch_v2alpha1.json allowPrivilegeEscalation: update docs 2017-07-24 13:55:13 -04:00
batch.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
BUILD Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
certificates.k8s.io_v1beta1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
certificates.k8s.io.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
extensions_v1beta1.json Merge pull request #47019 from jessfraz/allowPrivilegeEscalation 2017-07-31 16:56:58 -07:00
extensions.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
logs.json Update generated proto and swagger docs 2016-09-12 18:47:03 -07:00
networking.k8s.io_v1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
networking.k8s.io.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
policy_v1alpha1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
policy_v1beta1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
policy.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
rbac.authorization.k8s.io_v1alpha1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
rbac.authorization.k8s.io_v1beta1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
rbac.authorization.k8s.io.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
resourceListing.json Autogen 2017-07-20 14:16:43 -07:00
scheduling.k8s.io_v1alpha1.json autogenerated files 2017-07-18 17:47:57 -07:00
scheduling.k8s.io.json autogenerated files 2017-07-18 17:47:57 -07:00
settings.k8s.io_v1alpha1.json Add StorageOS volume plugin 2017-06-09 13:19:27 +01:00
settings.k8s.io.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
storage.authorization.k8s.io_v1beta1.json generated code for moving StorageClass 2016-09-06 08:41:17 -04:00
storage.k8s.io_v1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
storage.k8s.io_v1beta1.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
storage.k8s.io.json Update docs/ URLs to point to proper locations 2017-06-05 22:13:54 -07:00
v1.json Merge pull request #47019 from jessfraz/allowPrivilegeEscalation 2017-07-31 16:56:58 -07:00
version.json update autogenerated 2016-08-18 14:14:52 -07:00