Commit 8a98983a authored by Kubernetes Submit Queue's avatar Kubernetes Submit Queue Committed by GitHub

Merge pull request #49180 from feiskyer/seccomp

Automatic merge from submit-queue (batch tested with PRs 48981, 47316, 49180) Add seccomp profile in sandbox security context **What this PR does / why we need it**: PR #46332 adds seccomp profile to container security context, but not sandbox. This PR adds seccomp profile in sandbox security context. Without this, we couldn't honour "seccomp.security.alpha.kubernetes.io/pod" for sandbox. **Which issue this PR fixes** fixes #49179. **Special notes for your reviewer**: **Release note**: ```release-note NONE ``` /cc @yujuhong
parents c0287ce4 d0205c8b
...@@ -200,6 +200,12 @@ message LinuxSandboxSecurityContext { ...@@ -200,6 +200,12 @@ message LinuxSandboxSecurityContext {
// This allows a sandbox to take additional security precautions if no // This allows a sandbox to take additional security precautions if no
// privileged containers are expected to be run. // privileged containers are expected to be run.
bool privileged = 6; bool privileged = 6;
// Seccomp profile for the sandbox, candidate values are:
// * runtime/default: the default profile for the container runtime
// * unconfined: unconfined profile, ie, no seccomp sandboxing
// * localhost/<full-path-to-profile>: the profile installed on the node.
// <full-path-to-profile> is the full path of the profile.
string seccomp_profile_path = 7;
} }
// LinuxPodSandboxConfig holds platform-specific configurations for Linux // LinuxPodSandboxConfig holds platform-specific configurations for Linux
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment