GO-2024-2746: Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin in k8s.io/kubernetes
package
Version:
v1.19.4
Opens a new window with list of versions in this module.
Published: Nov 11, 2020
License: Apache-2.0
Opens a new window with license information.
Imports: 5
Opens a new window with list of imports.
Imported by: 115
Opens a new window with list of known importers.
Documentation
¶
View Source
const (
AnnotationInvalidReason = "InvalidSysctlAnnotation"
ForbiddenReason = "SysctlForbidden"
)
func NewWhitelist(patterns []string) (*patternWhitelist, error)
NewWhitelist creates a new Whitelist from a list of sysctls and sysctl pattern (ending in *).
Namespace represents a kernel namespace name.
NamespacedBy returns the namespace of the Linux kernel for a sysctl, or
unknownNamespace if the sysctl is not known to be namespaced.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.