scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-10-31 10:18:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

SafeSysctlWhitelist: add net.ipv4.ping_group_range

Browse Source 
sysctl value `net.ipv4.ping_group_range` can be used for allowing `ping`
command without `CAP_NET_RAW` capability.

e.g. `net.ipv4.ping_group_range="0 42"` to allow ping for users with
GID 0-GID 42.

This sysctl value was introduced in kernel 3.0 and has been namespaced
since its birth.

c319b4d76b (diff-5b536a7a92abed603bbb4caa61613270R57)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda
2019-11-20 07:26:02 +09:00
parent 384e45febd
commit 821362bd1e
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkg/security/podsecuritypolicy/sysctl/mustmatchpatterns.go
View File

@@ -34,6 +34,7 @@ func SafeSysctlWhitelist() []string {
"kernel.shm_rmid_forced",
"net.ipv4.ip_local_port_range",
"net.ipv4.tcp_syncookies",
"net.ipv4.ping_group_range",
}
}