Skip to content

Commit

Permalink
Support PSP hostPorts
Browse files Browse the repository at this point in the history
  • Loading branch information
@superbrothers @Kaizhe
superbrothers authored and Kaizhe committed Feb 8, 2019
1 parent 22fd215 commit 8a03e80
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 0 deletions.
5 changes: 5 additions & 0 deletions advisor/processor/generate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,11 @@ func (p *Processor) GeneratePSP(cssList []types.ContainerSecuritySpec, pssList [
if sc.AllowPrivilegeEscalation != nil && !*sc.AllowPrivilegeEscalation {
notAllowPrivilegeEscationCount++
}

// set host ports
for _, port := range sc.HostPorts {
psp.Spec.HostPorts = append(psp.Spec.HostPorts, v1beta1.HostPortRange{Min: port, Max: port})
}
}

// set allowedPrivilegeEscalation
Expand Down
1 change: 1 addition & 0 deletions advisor/processor/get.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ func getSecuritySpec(metadata types.Metadata, namespace string, spec v1.PodSpec)
Privileged: getPrivileged(container.SecurityContext),
RunAsGroup: getRunAsGroup(container.SecurityContext, spec.SecurityContext),
RunAsUser: getRunAsUser(container.SecurityContext, spec.SecurityContext),
HostPorts: getHostPorts(container.Ports),
}
cssList = append(cssList, csc)
}
Expand Down
1 change: 1 addition & 0 deletions advisor/types/securityspec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ type ContainerSecuritySpec struct {
AllowPrivilegeEscalation *bool `json:"allowPrivilegeEscalation,omitempty"`
RunAsUser *int64 `json:"runAsUser,omitempty"`
RunAsGroup *int64 `json:"runAsGroup,omitempty"`
HostPorts []int32 `json:"hostPorts,omitempty"`
}

type PodSecuritySpec struct {
Expand Down

0 comments on commit 8a03e80

Please sign in to comment.