Affected by GO-2022-0617 and 14 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2022-0983: ANSI escape characters not filtered in kubectl in k8s.io/kubernetes

GO-2023-1628: Kubernetes vulnerable to path traversal in k8s.io/kubernetes

GO-2023-1629: Kubernetes vulnerable to validation bypass in k8s.io/kubernetes

GO-2023-1864: Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes

GO-2023-1891: Vulnerable to policy bypass in kube-apiserver in k8s.io/kubernetes

GO-2023-1892: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes

GO-2023-2341: Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

GO-2024-3277: Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes

GO-2025-3465: Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes

GO-2025-3521: Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes

GO-2025-3522: Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API in k8s.io/kubernetes

GO-2025-3547: Kubernetes kube-apiserver Vulnerable to Race Condition in k8s.io/kubernetes

GO-2025-3915: Kubernetes Nodes can delete themselves by adding an OwnerReference in k8s.io/kubernetes

apparmor

package

v1.24.1-rc.0 Latest Latest Go to latest Published: May 3, 2022 License: Apache-2.0 Imports: 13 Imported by: 301

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

func GetProfileName(pod *v1.Pod, containerName string) string
func GetProfileNameFromPodAnnotations(annotations map[string]string, containerName string) string
func SetProfileName(pod *v1.Pod, containerName, profileName string) error
func SetProfileNameFromPodAnnotations(annotations map[string]string, containerName, profileName string) error
type Validator
- func NewValidator() Validator

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetProfileName ¶

func GetProfileName(pod *v1.Pod, containerName string) string

GetProfileName returns the name of the profile to use with the container.

func GetProfileNameFromPodAnnotations ¶ added in v1.5.0

func GetProfileNameFromPodAnnotations(annotations map[string]string, containerName string) string

GetProfileNameFromPodAnnotations gets the name of the profile to use with container from pod annotations

func SetProfileName ¶

func SetProfileName(pod *v1.Pod, containerName, profileName string) error

SetProfileName sets the name of the profile to use with the container.

func SetProfileNameFromPodAnnotations ¶ added in v1.6.0

func SetProfileNameFromPodAnnotations(annotations map[string]string, containerName, profileName string) error

SetProfileNameFromPodAnnotations sets the name of the profile to use with the container.

Types ¶

type Validator ¶

type Validator interface {
	Validate(pod *v1.Pod) error
	ValidateHost() error
}

Validator is a interface for validating that a pod with an AppArmor profile can be run by a Node.

func NewValidator ¶

func NewValidator() Validator

NewValidator is in order to find AppArmor FS

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL