【k8s】scc权限 restricted、anyuid、privileged

restricted anyuid privileged
allowHostDirVolumePlugin: false allowHostDirVolumePlugin: false allowHostDirVolumePlugin: true
allowHostIPC: false allowHostIPC: false allowHostIPC: true
allowHostNetwork: false allowHostNetwork: false allowHostNetwork: true
allowHostPID: false allowHostPID: false allowHostPID: true
allowHostPorts: false allowHostPorts: false allowHostPorts: true
allowPrivilegeEscalation: true allowPrivilegeEscalation: true allowPrivilegeEscalation: true
allowPrivilegedContainer: false allowPrivilegedContainer: false allowPrivilegedContainer: true
allowedCapabilities: null allowedCapabilities: [ allowedCapabilities: [*]
NET_RAW
FSETID
SETGID
SETUID
CHOWN
SYS_CHROOT]
allowedUnsafeSysctls: allowedUnsafeSysctls: [*]
apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1
defaultAddCapabilities: null defaultAddCapabilities: null defaultAddCapabilities: null
fsGroup: fsGroup: RunAsAny fsGroup: RunAsAny
groups: [] groups: [system:cluster-admins] groups: [system:cluster-admins, system:nodes, system:masters]
kind: SecurityContextConstraints kind: SecurityContextConstraints kind: SecurityContextConstraints
name: restricted name: anyuid name: privileged
resourceVersion: "3512475209" resourceVersion: "3512475203" resourceVersion: "340"
uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050
priority: null priority: 10 priority: null
readOnlyRootFilesystem: false readOnlyRootFilesystem: false readOnlyRootFilesystem: false
requiredDropCapabilities: [KILL, MKNOD, SETUID, SETGID] requiredDropCapabilities: [MKNOD] requiredDropCapabilities: null
runAsUser: runAsUser: RunAsAny runAsUser: RunAsAny
seLinuxContext: seLinuxContext: MustRunAs seLinuxContext: RunAsAny
supplementalGroups: RunAsAny supplementalGroups: RunAsAny supplementalGroups: RunAsAny
users: [] users: [] users: [system:admin, system:serviceaccount:openshift-infra:build-controller]
volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] volumes: [*]
相关推荐
longlong int30 分钟前
【每日算法】Day 17-1:位图(Bitmap)——十亿级数据去重与快速检索的终极方案(C++实现)
开发语言·c++·算法
泛舟起晶浪1 小时前
大衣的旅行--前缀和+二分
数据结构·算法
歪~~2 小时前
KMP算法
数据结构·c++·算法
梁下轻语的秋缘2 小时前
每日c/c++题 备战蓝桥杯(小球反弹)[运动分解求解,最大公约数gcd]
c语言·c++·学习·算法·数学建模·蓝桥杯
SiMmming2 小时前
【算法竞赛】状态压缩型背包问题经典应用(蓝桥杯2019A4分糖果)
c++·经验分享·算法·职场和发展·蓝桥杯·动态规划
DexterYttt3 小时前
AT_abc212_d [ABC212D] Querying Multiset
数据结构·c++·算法·优先队列
刻意思考3 小时前
KM算法的时间复杂度,为什么可以降低一个数量级
后端·算法·程序员
橙序员小站3 小时前
探究分布式哈希算法:哈希取模与一致性哈希
算法·架构
飞川0013 小时前
【LeetCode 热题100】45:跳跃游戏 II(详细解析)(Go语言版)
算法·go
.格子衫.3 小时前
006贪心——算法备赛
数据结构·算法·leetcode