【k8s】scc权限 restricted、anyuid、privileged

云川之下2025-01-10 11:16
restricted anyuid privileged
allowHostDirVolumePlugin: false allowHostDirVolumePlugin: false allowHostDirVolumePlugin: true
allowHostIPC: false allowHostIPC: false allowHostIPC: true
allowHostNetwork: false allowHostNetwork: false allowHostNetwork: true
allowHostPID: false allowHostPID: false allowHostPID: true
allowHostPorts: false allowHostPorts: false allowHostPorts: true
allowPrivilegeEscalation: true allowPrivilegeEscalation: true allowPrivilegeEscalation: true
allowPrivilegedContainer: false allowPrivilegedContainer: false allowPrivilegedContainer: true
allowedCapabilities: null allowedCapabilities: [ allowedCapabilities: [*]
NET_RAW
FSETID
SETGID
SETUID
CHOWN
SYS_CHROOT]
allowedUnsafeSysctls: allowedUnsafeSysctls: [*]
apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1
defaultAddCapabilities: null defaultAddCapabilities: null defaultAddCapabilities: null
fsGroup: fsGroup: RunAsAny fsGroup: RunAsAny
groups: [] groups: [system:cluster-admins] groups: [system:cluster-admins, system:nodes, system:masters]
kind: SecurityContextConstraints kind: SecurityContextConstraints kind: SecurityContextConstraints
name: restricted name: anyuid name: privileged
resourceVersion: "3512475209" resourceVersion: "3512475203" resourceVersion: "340"
uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050
priority: null priority: 10 priority: null
readOnlyRootFilesystem: false readOnlyRootFilesystem: false readOnlyRootFilesystem: false
requiredDropCapabilities: [KILL, MKNOD, SETUID, SETGID] requiredDropCapabilities: [MKNOD] requiredDropCapabilities: null
runAsUser: runAsUser: RunAsAny runAsUser: RunAsAny
seLinuxContext: seLinuxContext: MustRunAs seLinuxContext: RunAsAny
supplementalGroups: RunAsAny supplementalGroups: RunAsAny supplementalGroups: RunAsAny
users: [] users: [] users: [system:admin, system:serviceaccount:openshift-infra:build-controller]
volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] volumes: [*]
相关推荐
星火开发设计2 小时前
枚举类 enum class:强类型枚举的优势
linux·开发语言·c++·学习·算法·知识
嘴贱欠吻!7 小时前
Flutter鸿蒙开发指南(七):轮播图搜索框和导航栏
算法·flutter·图搜索算法
张祥6422889048 小时前
误差理论与测量平差基础笔记十
笔记·算法·机器学习
qq_192779878 小时前
C++模块化编程指南
开发语言·c++·算法
cici1587410 小时前
大规模MIMO系统中Alamouti预编码的QPSK复用性能MATLAB仿真
算法·matlab·预编码算法
历程里程碑10 小时前
滑动窗口---- 无重复字符的最长子串
java·数据结构·c++·python·算法·leetcode·django
2501_9403152611 小时前
航电oj:首字母变大写
开发语言·c++·算法
CodeByV11 小时前
【算法题】多源BFS
算法
TracyCoder12311 小时前
LeetCode Hot100(18/100)——160. 相交链表
算法·leetcode
浒畔居11 小时前
泛型编程与STL设计思想
开发语言·c++·算法
热门推荐
01GitHub 镜像站点02OpenCode 入门教程:介绍 · 安装 · 配置第三方 API (如 Claude)03Clawdbot 中文汉化版 接入微信、飞书04一种新的LCA算法05Claude Code Skills 实用使用手册06【网络安全测试】Burp Suite工具使用说明、配置及常见问题(有关必回)07在Trae中使用Pencil MCP08零门槛部署本地 AI 助手:Clawdbot/Meltbot 部署深度保姆级教程09UV安装并设置国内源10struts2 XML外部实体注入漏洞复现(CVE-2025-68493)