diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2022-09-09 15:06:01 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-09 15:06:01 +0200 |
| commit | 8a2ab7c387928782d8a1893c99974638054a0ad0 (patch) | |
| tree | 92c9b196a37fff53638c5ea54a8a001e7b45e243 /pkg/k8s.io | |
| parent | b0b36430b88da32b63774bc6a9a1f330252b0fd6 (diff) | |
| parent | 9a286f7126f918677089a92b67cc38a1eb74da11 (diff) | |
| download | podman-8a2ab7c387928782d8a1893c99974638054a0ad0.tar.gz podman-8a2ab7c387928782d8a1893c99974638054a0ad0.tar.bz2 podman-8a2ab7c387928782d8a1893c99974638054a0ad0.zip | |
Merge pull request #15692 from giuseppe/pod-spec-userns
kube: plug HostUsers in the pod spec
Diffstat (limited to 'pkg/k8s.io')
| -rw-r--r-- | pkg/k8s.io/api/core/v1/types.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/pkg/k8s.io/api/core/v1/types.go b/pkg/k8s.io/api/core/v1/types.go index d47178878..6f20cd351 100644 --- a/pkg/k8s.io/api/core/v1/types.go +++ b/pkg/k8s.io/api/core/v1/types.go @@ -1984,6 +1984,18 @@ type PodSpec struct { // Default to false. // +optional SetHostnameAsFQDN *bool `json:"setHostnameAsFQDN,omitempty"` + // Use the host's user namespace. + // Optional: Default to true. + // If set to true or not present, the pod will be run in the host user namespace, useful + // for when the pod needs a feature only available to the host user namespace, such as + // loading a kernel module with CAP_SYS_MODULE. + // When set to false, a new userns is created for the pod. Setting false is useful for + // mitigating container breakout vulnerabilities even allowing users to run their + // containers as root without actually having root privileges on the host. + // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + // +k8s:conversion-gen=false + // +optional + HostUsers *bool `json:"hostUsers,omitempty"` } type UnsatisfiableConstraintAction string |