【k8s】scc权限 restricted、anyuid、privileged

restricted anyuid privileged
allowHostDirVolumePlugin: false allowHostDirVolumePlugin: false allowHostDirVolumePlugin: true
allowHostIPC: false allowHostIPC: false allowHostIPC: true
allowHostNetwork: false allowHostNetwork: false allowHostNetwork: true
allowHostPID: false allowHostPID: false allowHostPID: true
allowHostPorts: false allowHostPorts: false allowHostPorts: true
allowPrivilegeEscalation: true allowPrivilegeEscalation: true allowPrivilegeEscalation: true
allowPrivilegedContainer: false allowPrivilegedContainer: false allowPrivilegedContainer: true
allowedCapabilities: null allowedCapabilities: [ allowedCapabilities: [*]
NET_RAW
FSETID
SETGID
SETUID
CHOWN
SYS_CHROOT]
allowedUnsafeSysctls: allowedUnsafeSysctls: [*]
apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1
defaultAddCapabilities: null defaultAddCapabilities: null defaultAddCapabilities: null
fsGroup: fsGroup: RunAsAny fsGroup: RunAsAny
groups: [] groups: [system:cluster-admins] groups: [system:cluster-admins, system:nodes, system:masters]
kind: SecurityContextConstraints kind: SecurityContextConstraints kind: SecurityContextConstraints
name: restricted name: anyuid name: privileged
resourceVersion: "3512475209" resourceVersion: "3512475203" resourceVersion: "340"
uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050
priority: null priority: 10 priority: null
readOnlyRootFilesystem: false readOnlyRootFilesystem: false readOnlyRootFilesystem: false
requiredDropCapabilities: [KILL, MKNOD, SETUID, SETGID] requiredDropCapabilities: [MKNOD] requiredDropCapabilities: null
runAsUser: runAsUser: RunAsAny runAsUser: RunAsAny
seLinuxContext: seLinuxContext: MustRunAs seLinuxContext: RunAsAny
supplementalGroups: RunAsAny supplementalGroups: RunAsAny supplementalGroups: RunAsAny
users: [] users: [] users: [system:admin, system:serviceaccount:openshift-infra:build-controller]
volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] volumes: [*]
相关推荐
机器学习之心15 小时前
多目标鲸鱼优化算法(NSWOA),含46种测试函数和9个评价指标,MATLAB实现
算法·matlab·多目标鲸鱼优化算法·46种测试函数·9个评价指标
max50060016 小时前
基于Meta Llama的二语习得学习者行为预测计算模型
人工智能·算法·机器学习·分类·数据挖掘·llama
王哥儿聊AI17 小时前
Lynx:新一代个性化视频生成模型,单图即可生成视频,重新定义身份一致性与视觉质量
人工智能·算法·安全·机器学习·音视频·软件工程
手握风云-19 小时前
优选算法的寻踪契合:字符串专题
算法
闭着眼睛学算法19 小时前
【华为OD机考正在更新】2025年双机位A卷真题【完全原创题解 | 详细考点分类 | 不断更新题目 | 六种主流语言Py+Java+Cpp+C+Js+Go】
java·c语言·javascript·c++·python·算法·华为od
IT古董19 小时前
【第五章:计算机视觉-项目实战之目标检测实战】2.目标检测实战:中国交通标志检测-(2)中国交通标志检测数据格式转化与读取
算法·目标检测·计算机视觉
MobotStone19 小时前
LLM 采样入门到进阶:理解与实践 Top-K、Top-P、温度控制
算法
杨小码不BUG20 小时前
CSP-J/S初赛知识点精讲-图论
c++·算法·图论··编码·csp-j/s初赛
LeaderSheepH21 小时前
常见的排序算法
数据结构·算法·排序算法
周杰伦_Jay1 天前
【图文详解】强化学习核心框架、数学基础、分类、应用场景
人工智能·科技·算法·机器学习·计算机视觉·分类·数据挖掘