scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-01 18:58:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

CRI: move apparmor annotations to container security context

Browse Source
This commit is contained in:
Pengfei Ni
2017-05-01 20:55:16 +08:00
parent 08606b530b
commit ac76766a92
10 changed files with 363 additions and 321 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/kubelet/dockershim/docker_sandbox.go
View File

@@ -475,7 +475,9 @@ func (ds *dockerService) applySandboxLinuxOptions(hc *dockercontainer.HostConfig
}
hc.CgroupParent = cgroupParent
// Apply security context.
applySandboxSecurityContext(lc, createConfig.Config, hc, ds.network, separator)
if err = applySandboxSecurityContext(lc, createConfig.Config, hc, ds.network, separator); err != nil {
return err
}
return nil
}
@@ -541,7 +543,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
}
// Set security options.
securityOpts, err := getSandboxSecurityOpts(c, ds.seccompProfileRoot, securityOptSep)
securityOpts, err := getSeccompSecurityOpts(sandboxContainerName, c, ds.seccompProfileRoot, securityOptSep)
if err != nil {
return nil, fmt.Errorf("failed to generate sandbox security options for sandbox %q: %v", c.Metadata.Name, err)
}