mirror of
https://github.com/kubernetes/kubernetes.git
synced 2026-02-20 08:21:57 -05:00
72c6251508
Automatic merge from submit-queue (batch tested with PRs 49651, 49707, 49662, 47019, 49747) Add support for `no_new_privs` via AllowPrivilegeEscalation **What this PR does / why we need it**: Implements kubernetes/community#639 Fixes #38417 Adds `AllowPrivilegeEscalation` and `DefaultAllowPrivilegeEscalation` to `PodSecurityPolicy`. Adds `AllowPrivilegeEscalation` to container `SecurityContext`. Adds the proposed behavior to `kuberuntime`, `dockershim`, and `rkt`. Adds a bunch of unit tests to ensure the desired default behavior and that when `DefaultAllowPrivilegeEscalation` is explicitly set. Tests pass locally with docker and rkt runtimes. There are also a few integration tests with a `setuid` binary for sanity. **Release note**: ```release-note Adds AllowPrivilegeEscalation to control whether a process can gain more privileges than it's parent process ``` |
||
|---|---|---|
| .. | ||
| admissionregistration.k8s.io/v1alpha1 | ||
| apps | ||
| authentication.k8s.io | ||
| authorization.k8s.io | ||
| autoscaling | ||
| batch | ||
| certificates.k8s.io/v1beta1 | ||
| extensions/v1beta1 | ||
| networking.k8s.io/v1 | ||
| policy/v1beta1 | ||
| rbac.authorization.k8s.io | ||
| scheduling.k8s.io/v1alpha1 | ||
| settings.k8s.io/v1alpha1 | ||
| storage.k8s.io | ||
| v1 | ||