github-personal/kubernetes
1
0
Fork 0
mirror of https://github.com/outbackdingo/kubernetes.git synced 2026-01-28 02:19:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
131,921 Commits 1 Branch 0 Tags
master
Commit Graph

19 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
1a1181677c Merge pull request #131018 from saschagrunert/default-masked-paths 
Mask Linux thermal interrupt info in /proc and /sys.
 2025-07-15 10:56:23 -07:00
PatrickLaabs
c530b02257 chore: depr. pointer pkg replacement for pkg/security and plugin/pkg 2025-07-08 11:22:07 +02:00
Sascha Grunert
65b8fba34b Mask Linux thermal interrupt info in /proc and /sys. 
On Linux, mask "/proc/interrupts" and "/sys/devices/system/cpu/cpu<x>/thermal_throttle"
inside containers by default. Privileged containers or containers started
with --security-opt="systempaths=unconfined" are not affected.

Mitigates potential Thermal Side-Channel Vulnerability Exploit
(https://github.com/moby/moby/security/advisories/GHSA-6fw5-f8r9-fgfm).

Also: improve integration test TestCreateWithCustomMaskedPaths() to ensure
default masked paths don't apply to privileged containers.

Refers to https://github.com/moby/moby/pull/49560

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
 2025-03-24 12:53:50 +01:00
Shihang Zhang
3db7275b54 set proper file permission for projected service account volume 2020-05-04 18:25:23 -07:00
WanLinghao
e9edbf1d52 Clean unused code in pkg/securitycontext/util.go 2019-02-11 10:30:47 +08:00
Jess Frazelle
30dcca6233 ProcMount: add api options and feature gate 
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
 2018-08-30 11:40:02 -04:00
Mayank Kumar
eecef462c8 remove unused code in securitycontext 2018-03-29 23:32:48 -07:00
Slava Semushin
3a461afaf5 pkg/securitycontext/util_test.go(TestAddNoNewPrivileges): update tests. 
- remove irrelevant test cases
- add test case for AllowPrivilegeEscalation: nil
- explicitly specify input and expected outcome
 2018-01-08 15:46:39 +01:00
Jess Frazelle
0ad51ed763 AllowPrivilegeEscalation: add validations for caps and privileged 
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
 2017-09-25 13:22:02 -04:00
Jess Frazelle
0f349cc61f allowPrivilegeEscalation: modify api types & add functionality 
Signed-off-by: Jess Frazelle <acidburn@google.com>
 2017-07-24 12:52:41 -04:00
Chao Xu
f4989a45a5 run root-rewrite-v1-..., compile 2017-06-22 10:25:57 -07:00
mbohlool
c91a12d205 Remove all references to types.UnixUserID and types.UnixGroupID 2017-06-21 04:09:07 -07:00
Jamie Hannaford
9440a68744 Use dedicated Unix User and Group ID types 2017-05-05 14:07:38 +02:00
Chao Xu
4f3d0e3bde more dependencies packages: 
pkg/metrics
pkg/credentialprovider
pkg/security
pkg/securitycontext
pkg/serviceaccount
pkg/storage
pkg/fieldpath
 2016-11-23 15:53:09 -08:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Paul Morie
6f940a1a78 Reduce LOC in security context tests 2016-04-28 20:39:28 -04:00
Paul Weil
e490c20c22 add non-root directive to SC and kubelet checking 2015-08-10 13:30:34 -04:00
Mike Danese
8e33cbfa28 rewrite go imports 2015-08-05 17:30:03 -07:00
Paul Morie
5394aa979f Make emptyDir volumes work for non-root UIDs 2015-07-29 18:36:51 -04:00