mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 18:43:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase: update kubernetes to latest

Browse Source 
updating the kubernetes release to the
latest in main go.mod

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna
2024-08-19 10:01:33 +02:00
committed by mergify[bot]
parent 63c4c05b35
commit 5a66991bb3
2173 changed files with 98906 additions and 61334 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
vendor/k8s.io/pod-security-admission/policy/check_procMount.go generated vendored
View File

@ -35,6 +35,9 @@ spec.initContainers[*].securityContext.procMount
**Allowed Values:** undefined/null, "Default"
However, if the pod is in a user namespace (`hostUsers: false`), and the
UserNamespacesPodSecurityStandards feature is enabled, all values are allowed.
*/
func init() {
@ -58,6 +61,14 @@ func CheckProcMount() Check {
}
func procMount_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult {
// TODO: When we remove the UserNamespacesPodSecurityStandards feature gate (and GA this relaxation),
// create a new policy version.
// Note: pod validation will check for well formed procMount type, so avoid double validation and allow everything
// here.
if relaxPolicyForUserNamespacePod(podSpec) {
return CheckResult{Allowed: true}
}
var badContainers []string
forbiddenProcMountTypes := sets.NewString()
visitContainers(podSpec, func(container *corev1.Container) {

21
vendor/k8s.io/pod-security-admission/policy/check_seLinuxOptions.go generated vendored
View File

@ -64,17 +64,30 @@ func CheckSELinuxOptions() Check {
Versions: []VersionedCheck{
{
MinimumVersion: api.MajorMinorVersion(1, 0),
CheckPod: seLinuxOptions_1_0,
CheckPod: seLinuxOptions1_0,
},
{
MinimumVersion: api.MajorMinorVersion(1, 31),
CheckPod: seLinuxOptions1_31,
},
},
}
}
var (
selinux_allowed_types_1_0 = sets.NewString("", "container_t", "container_init_t", "container_kvm_t")
selinuxAllowedTypes1_0 = sets.New("", "container_t", "container_init_t", "container_kvm_t")
selinuxAllowedTypes1_31 = sets.New("", "container_t", "container_init_t", "container_kvm_t", "container_engine_t")
)
func seLinuxOptions_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult {
func seLinuxOptions1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult {
return seLinuxOptions(podMetadata, podSpec, selinuxAllowedTypes1_0)
}
func seLinuxOptions1_31(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec) CheckResult {
return seLinuxOptions(podMetadata, podSpec, selinuxAllowedTypes1_31)
}
func seLinuxOptions(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec, allowedTypes sets.Set[string]) CheckResult {
var (
// sources that set bad seLinuxOptions
badSetters []string
@ -89,7 +102,7 @@ func seLinuxOptions_1_0(podMetadata *metav1.ObjectMeta, podSpec *corev1.PodSpec)
validSELinuxOptions := func(opts *corev1.SELinuxOptions) bool {
valid := true
if !selinux_allowed_types_1_0.Has(opts.Type) {
if !allowedTypes.Has(opts.Type) {
valid = false
badTypes.Insert(opts.Type)
}