New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix seccomp localhost error handling #117020
Conversation
Please note that we're already in Test Freeze for the Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Thu Mar 30 16:31:51 UTC 2023. |
1b952b7
to
003d420
Compare
This PR may require API review. If so, when the changes are ready, complete the pre-review checklist and request an API review. Status of requested reviews is tracked in the API Review project. |
003d420
to
8b103fc
Compare
8b103fc
to
b9b3104
Compare
9a20c24
to
3d3686b
Compare
/retest running in to flaky test from #107414 on the unit test and e2e looks like 65 tests timed out. |
/lgtm |
LGTM label has been added. Git tree hash: 687d62318074ffcd7ac2648a5ec8d39e854b6781
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cji, liggitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/triage accepted |
Made the cherry-pick PRs for 1.24, 1.25, and 1.26 to try and get CI green. I see tide is waiting on a milestone label for this PR (and code thaw I believe) but please let me know if there's anything else I can to do get this ready. thanks! |
go ahead and open a pick to release-1.27 as well, and we'll try to get it in for 1.27.1 |
…upstream-release-1.27 [1.27] Automated cherry pick of #117020: Return error for localhost seccomp type with no localhost
…upstream-release-1.25 [1.25] Automated cherry pick of #117020: Return error for localhost seccomp type with no localhost
…upstream-release-1.24 [1.24] Automated cherry pick of #117020: Return error for localhost seccomp type with no localhost
…upstream-release-1.26 [1.26] Automated cherry pick of #117020: Return error for localhost seccomp type with no localhost
What type of PR is this?
/kind bug
What this PR does / why we need it:
Returns an error when a Pod or Container's SecurityContext has a localhost seccomp type but an empty localhostProfile field.
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Yes, localhost seccomp configurations will no longer allow an empty localhostProfile field.
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
cc @tallclair @dchen1107 @SergeyKanzhelev @liggitt