Affected by GO-2022-0617
and 10 other vulnerabilities
GO-2022-0617 : WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes
GO-2022-0910 : Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes
GO-2022-0983 : kubectl ANSI escape characters not filtered in k8s.io/kubernetes
GO-2023-1628 : Kubernetes vulnerable to path traversal in k8s.io/kubernetes
GO-2023-1629 : Kubernetes vulnerable to validation bypass in k8s.io/kubernetes
GO-2023-1864 : Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes
GO-2023-1891 : kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes
GO-2023-1892 : Kubernetes mountable secrets policy bypass in k8s.io/kubernetes
GO-2023-2341 : Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes
GO-2024-2994 : Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes
GO-2024-3277 : Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes
Discover Packages
k8s.io/kubernetes
pkg
security
podsecuritypolicy
sysctl
package
Version:
v1.22.1
Opens a new window with list of versions in this module.
Published: Aug 19, 2021
License: Apache-2.0
Opens a new window with license information.
Imports: 4
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation Source Files Index Constants Variables Functions Types SafeSysctlWhitelist() type SysctlsStrategy NewMustMatchPatterns(safeWhitelist, allowedUnsafeSysctls, forbiddenSysctls)
Documentation
¶
func SafeSysctlWhitelist() []string
SafeSysctlWhitelist returns the whitelist of safe sysctls and safe sysctl patterns (ending in *).
A sysctl is called safe iff
- it is namespaced in the container or the pod
- it is isolated, i.e. has no influence on any other pod on the same node.
SysctlsStrategy defines the interface for all sysctl strategies.
func NewMustMatchPatterns(safeWhitelist, allowedUnsafeSysctls, forbiddenSysctls []string ) SysctlsStrategy
NewMustMatchPatterns creates a new mustMatchPatterns strategy that will provide validation.
Passing nil means the default pattern, passing an empty list means to disallow all sysctls.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.