-
Notifications
You must be signed in to change notification settings - Fork 248
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Seccomp profile policy enforcement. (#1705)
This commit adds enforcement over the seccomp profile associated with a container. The policy author can measure their seccomp profile and include this measurement in the policy. Subsequently, they can provided that same seccomp profile to the orchestrator (e.g. via an annotation) and GCS will measure the provided profile and provide this as input to the policy engine. This commit also adds a series of CRI tests for security context enforcement. Fixing error with privileged exec_in_container Adding CRI test for privileged exec in container Signed-off-by: Matthew A Johnson <matjoh@microsoft.com>
- Loading branch information
Showing
18 changed files
with
1,469 additions
and
365 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.