• Kubernetes Submit Queue's avatar
    Merge pull request #47073 from Q-Lee/psp-run-as-non-root · 60c1c1e8
    Kubernetes Submit Queue authored
    Automatic merge from submit-queue (batch tested with PRs 47073, 47457, 47479)
    
    PodSecurityPolicy should respect and validate user-supplied RunAsNonR…
    
    **What this PR does / why we need it**: PodSecurityPolicies overwrite and then fail to validate the RunAsNonRoot field in the container security context.
    
    **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #47071
    
    **Special notes for your reviewer**: gce/gke don't use this in 1.6. You'll need to speak up if you think this is important enough to patch. It should almost certainly go into 1.7.
    
    **Release note**:
    
    
    ```release-note
    PodSecurityPolicy now recognizes pods that specify `runAsNonRoot: false` in their security context and does not overwrite the specified value
    ```
    60c1c1e8
Name
Last commit
Last update
..
apparmor Loading commit data...
capabilities Loading commit data...
group Loading commit data...
seccomp Loading commit data...
selinux Loading commit data...
sysctl Loading commit data...
user Loading commit data...
util Loading commit data...
BUILD Loading commit data...
doc.go Loading commit data...
factory.go Loading commit data...
provider.go Loading commit data...
provider_test.go Loading commit data...
types.go Loading commit data...