Affected by GO-2022-0617 and 16 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2022-0907: Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes

GO-2022-0908: Incomplete List of Disallowed Inputs in Kubernetes in k8s.io/kubernetes

GO-2022-0910: Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes

GO-2022-0983: ANSI escape characters not filtered in kubectl in k8s.io/kubernetes

GO-2023-1864: Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes

GO-2023-1891: Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes

GO-2023-1892: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes

GO-2023-2159: Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes

GO-2023-2341: Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

GO-2024-3277: Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes

GO-2025-3465: Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes

GO-2025-3521: Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes

GO-2025-3522: Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes

GO-2025-3547: Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes

GO-2025-3915: Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes

apparmor

package

v1.20.4-rc.0 Latest Latest Go to latest Published: Feb 17, 2021 License: Apache-2.0 Imports: 13 Imported by: 301

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

func GetProfileName(pod *v1.Pod, containerName string) string
func GetProfileNameFromPodAnnotations(annotations map[string]string, containerName string) string
func IsAppArmorEnabled() bool
func SetProfileName(pod *v1.Pod, containerName, profileName string) error
func SetProfileNameFromPodAnnotations(annotations map[string]string, containerName, profileName string) error
func ValidateProfileFormat(profile string) error
type Validator
- func NewValidator(runtime string) Validator

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetProfileName ¶

func GetProfileName(pod *v1.Pod, containerName string) string

GetProfileName returns the name of the profile to use with the container.

func GetProfileNameFromPodAnnotations ¶ added in v1.5.0

func GetProfileNameFromPodAnnotations(annotations map[string]string, containerName string) string

GetProfileNameFromPodAnnotations gets the name of the profile to use with container from pod annotations

func IsAppArmorEnabled ¶

func IsAppArmorEnabled() bool

IsAppArmorEnabled returns true if apparmor is enabled for the host. This function is forked from https://github.com/opencontainers/runc/blob/1a81e9ab1f138c091fe5c86d0883f87716088527/libcontainer/apparmor/apparmor.go to avoid the libapparmor dependency.

func SetProfileName ¶

func SetProfileName(pod *v1.Pod, containerName, profileName string) error

SetProfileName sets the name of the profile to use with the container.

func SetProfileNameFromPodAnnotations ¶ added in v1.6.0

func SetProfileNameFromPodAnnotations(annotations map[string]string, containerName, profileName string) error

SetProfileNameFromPodAnnotations sets the name of the profile to use with the container.

func ValidateProfileFormat ¶

func ValidateProfileFormat(profile string) error

ValidateProfileFormat checks the format of the profile.

Types ¶

type Validator ¶

type Validator interface {
	Validate(pod *v1.Pod) error
	ValidateHost() error
}

Validator is a interface for validating that a pod with an AppArmor profile can be run by a Node.

func NewValidator ¶

func NewValidator(runtime string) Validator

NewValidator is in order to find AppArmor FS

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL