upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-04-26 16:50:51 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/pkg/security/podsecuritypolicy
History
Akihiro Suda 821362bd1e SafeSysctlWhitelist: add net.ipv4.ping_group_range 
sysctl value `net.ipv4.ping_group_range` can be used for allowing `ping`
command without `CAP_NET_RAW` capability.

e.g. `net.ipv4.ping_group_range="0 42"` to allow ping for users with
GID 0-GID 42.

This sysctl value was introduced in kernel 3.0 and has been namespaced
since its birth.

c319b4d76b (diff-5b536a7a92abed603bbb4caa61613270R57)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-11-20 07:26:02 +09:00
..
apparmor
capabilities
group
seccomp optimize comments on exported constants (#83875) 2019-10-16 22:25:30 -07:00
selinux
sysctl SafeSysctlWhitelist: add net.ipv4.ping_group_range 2019-11-20 07:26:02 +09:00
user
util
BUILD Update BUILD files for container helper 2019-06-21 08:32:04 +00:00
doc.go
factory.go
OWNERS
provider.go Restore early return for podSpecHasContainer 2019-06-26 14:17:13 +08:00
provider_test.go Optimizing some format problems (#82983) 2019-11-01 10:21:25 -07:00
types.go Refactor PSP provider 2019-03-25 11:46:36 -07:00