Commit 7e4b0477 authored by Slava Semushin's avatar Slava Semushin

Improve an error message when privileged containers are disallowed globally on the cluster.

parent bd100b3b
...@@ -3692,7 +3692,7 @@ func ValidateSecurityContext(sc *api.SecurityContext, fldPath *field.Path) field ...@@ -3692,7 +3692,7 @@ func ValidateSecurityContext(sc *api.SecurityContext, fldPath *field.Path) field
if sc.Privileged != nil { if sc.Privileged != nil {
if *sc.Privileged && !capabilities.Get().AllowPrivileged { if *sc.Privileged && !capabilities.Get().AllowPrivileged {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), "disallowed by policy")) allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), "disallowed by cluster policy"))
} }
} }
......
...@@ -8601,7 +8601,7 @@ func TestValidateSecurityContext(t *testing.T) { ...@@ -8601,7 +8601,7 @@ func TestValidateSecurityContext(t *testing.T) {
"request privileged when capabilities forbids": { "request privileged when capabilities forbids": {
sc: privRequestWithGlobalDeny, sc: privRequestWithGlobalDeny,
errorType: "FieldValueForbidden", errorType: "FieldValueForbidden",
errorDetail: "disallowed by policy", errorDetail: "disallowed by cluster policy",
}, },
"negative RunAsUser": { "negative RunAsUser": {
sc: negativeRunAsUser, sc: negativeRunAsUser,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment