mirror of
https://github.com/containers/udica
synced 2025-02-04 22:31:37 +01:00
6a7382bead
Fix issue introduced by
Commit 7c7b9ad505ab6b7cd809d30f1699d4bb7323ce0a
"Avoid duplicate rules for accessing mounts and devices"
where policy rules for "read-only mounts" are not generated properly.
Adjust Crio basic test to incorporate a read only mount that is not
covered by a special case ("/home" is handled by "home_container" and
anything under "/var/lib/kubelet" is ignored).
Thanks https://github.com/arcardon (jamjcardona@sbcglobal.net) for
spotting this in the code.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
74 lines
2.6 KiB
JSON
74 lines
2.6 KiB
JSON
{
|
|
"status": {
|
|
"id": "ffae333ef3dc2d80311090fd239055c9d045b837240e41affb9d7ae7f2b5d237",
|
|
"metadata": {
|
|
"attempt": 0,
|
|
"name": "spoolerrorlogger"
|
|
},
|
|
"state": "CONTAINER_RUNNING",
|
|
"createdAt": "2019-09-23T13:52:39.968798859Z",
|
|
"startedAt": "2019-09-23T13:52:40.044502422Z",
|
|
"finishedAt": "1970-01-01T00:00:00Z",
|
|
"exitCode": 0,
|
|
"image": {
|
|
"image": "registry.access.redhat.com/ubi8/ubi:latest"
|
|
},
|
|
"imageRef": "registry.access.redhat.com/ubi8/ubi@sha256:8275e2ad7f458e329bdc8c0e7543cff1729998fe515a281d49638246de8e39ee",
|
|
"reason": "",
|
|
"message": "",
|
|
"labels": {
|
|
"io.kubernetes.container.name": "spoolerrorlogger",
|
|
"io.kubernetes.pod.name": "spoolerrorlogger",
|
|
"io.kubernetes.pod.namespace": "default",
|
|
"io.kubernetes.pod.uid": "59ecb6eb-de09-11e9-8ebe-02e4204e049a"
|
|
},
|
|
"annotations": {
|
|
"io.kubernetes.container.hash": "113e3fda",
|
|
"io.kubernetes.container.restartCount": "0",
|
|
"io.kubernetes.container.terminationMessagePath": "/dev/termination-log",
|
|
"io.kubernetes.container.terminationMessagePolicy": "File",
|
|
"io.kubernetes.pod.terminationGracePeriod": "30"
|
|
},
|
|
"mounts": [
|
|
{
|
|
"containerPath": "/home",
|
|
"hostPath": "/home",
|
|
"propagation": "PROPAGATION_PRIVATE",
|
|
"readonly": true,
|
|
"selinuxRelabel": false
|
|
},
|
|
{
|
|
"containerPath": "/var/spool",
|
|
"hostPath": "/var/spool",
|
|
"propagation": "PROPAGATION_PRIVATE",
|
|
"readonly": false,
|
|
"selinuxRelabel": false
|
|
},
|
|
{
|
|
"containerPath": "/etc/hosts",
|
|
"hostPath": "/etc/hosts",
|
|
"propagation": "PROPAGATION_PRIVATE",
|
|
"readonly": true,
|
|
"selinuxRelabel": false
|
|
},
|
|
{
|
|
"containerPath": "/dev/termination-log",
|
|
"hostPath": "/var/lib/kubelet/pods/59ecb6eb-de09-11e9-8ebe-02e4204e049a/containers/spoolerrorlogger/9e6bce3f",
|
|
"propagation": "PROPAGATION_PRIVATE",
|
|
"readonly": false,
|
|
"selinuxRelabel": false
|
|
},
|
|
{
|
|
"containerPath": "/var/run/secrets/kubernetes.io/serviceaccount",
|
|
"hostPath": "/var/lib/kubelet/pods/59ecb6eb-de09-11e9-8ebe-02e4204e049a/volumes/kubernetes.io~secret/default-token-rssn6",
|
|
"propagation": "PROPAGATION_PRIVATE",
|
|
"readonly": true,
|
|
"selinuxRelabel": false
|
|
}
|
|
],
|
|
"logPath": "/var/log/pods/default_spoolerrorlogger_59ecb6eb-de09-11e9-8ebe-02e4204e049a/spoolerrorlogger/0.log"
|
|
},
|
|
"pid": 47737,
|
|
"sandboxId": "426ba7380ad7efdcf207f0df107d5c9d7389755a2a89372d24199350c70861d6"
|
|
}
|