mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-11-05 20:58:17 +00:00
a241daf3f2
Automatic merge from submit-queue Add seccomp and apparmor support. This PR adds seccomp and apparmor support in new CRI. This a WIP because I'm still adding unit test for some of the functions. Sent this PR here for design discussion. This PR is similar with https://github.com/kubernetes/kubernetes/pull/33450. The differences are: * This PR passes seccomp and apparmor configuration via annotations; * This PR keeps the seccomp handling logic in docker shim because current seccomp implementation is very docker specific, and @timstclair told me that even the json seccomp profile file is defined by docker. Notice that this PR almost passes related annotations in `api.Pod` to the runtime directly instead of introducing new CRI annotation. @yujuhong @feiskyer @timstclair