Affected by GO-2022-0617 and 6 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

GO-2025-3521: Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes

GO-2025-3522: Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes

GO-2025-3547: Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes

GO-2025-3915: Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes

GO-2025-4240: Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes

apparmor

package

v1.27.12 Latest Latest Go to latest Published: Mar 15, 2024 License: Apache-2.0 Imports: 9 Imported by: 295

Details

Rendered for

This section is empty.

This section is empty.

func GetProfileName(pod *v1.Pod, containerName string) string

GetProfileName returns the name of the profile to use with the container.

func GetProfileNameFromPodAnnotations(annotations map[string]string, containerName string) string

GetProfileNameFromPodAnnotations gets the name of the profile to use with container from pod annotations

type Validator interface {
	Validate(pod *v1.Pod) error
	ValidateHost() error
}

Validator is a interface for validating that a pod with an AppArmor profile can be run by a Node.

func NewValidator() Validator

NewValidator is in order to find AppArmor FS