【k8s】scc权限 restricted、anyuid、privileged

restricted anyuid privileged
allowHostDirVolumePlugin: false allowHostDirVolumePlugin: false allowHostDirVolumePlugin: true
allowHostIPC: false allowHostIPC: false allowHostIPC: true
allowHostNetwork: false allowHostNetwork: false allowHostNetwork: true
allowHostPID: false allowHostPID: false allowHostPID: true
allowHostPorts: false allowHostPorts: false allowHostPorts: true
allowPrivilegeEscalation: true allowPrivilegeEscalation: true allowPrivilegeEscalation: true
allowPrivilegedContainer: false allowPrivilegedContainer: false allowPrivilegedContainer: true
allowedCapabilities: null allowedCapabilities: [ allowedCapabilities: [*]
NET_RAW
FSETID
SETGID
SETUID
CHOWN
SYS_CHROOT]
allowedUnsafeSysctls: allowedUnsafeSysctls: [*]
apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1
defaultAddCapabilities: null defaultAddCapabilities: null defaultAddCapabilities: null
fsGroup: fsGroup: RunAsAny fsGroup: RunAsAny
groups: [] groups: [system:cluster-admins] groups: [system:cluster-admins, system:nodes, system:masters]
kind: SecurityContextConstraints kind: SecurityContextConstraints kind: SecurityContextConstraints
name: restricted name: anyuid name: privileged
resourceVersion: "3512475209" resourceVersion: "3512475203" resourceVersion: "340"
uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050
priority: null priority: 10 priority: null
readOnlyRootFilesystem: false readOnlyRootFilesystem: false readOnlyRootFilesystem: false
requiredDropCapabilities: [KILL, MKNOD, SETUID, SETGID] requiredDropCapabilities: [MKNOD] requiredDropCapabilities: null
runAsUser: runAsUser: RunAsAny runAsUser: RunAsAny
seLinuxContext: seLinuxContext: MustRunAs seLinuxContext: RunAsAny
supplementalGroups: RunAsAny supplementalGroups: RunAsAny supplementalGroups: RunAsAny
users: [] users: [] users: [system:admin, system:serviceaccount:openshift-infra:build-controller]
volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] volumes: [*]
相关推荐
jerry60929 分钟前
优先队列、堆笔记(算法第四版)
java·笔记·算法
勤劳的牛马1 小时前
📚 小白学算法 | 每日一题 | 算法实战:加1!
算法
Epiphany.5561 小时前
基于c++的LCA倍增法实现
c++·算法·深度优先
一只码代码的章鱼1 小时前
学习笔记2(Lombok+算法)
笔记·学习·算法
jerry6092 小时前
c++流对象
开发语言·c++·算法
2301_817031653 小时前
C语言-- 深入理解指针(4)
c语言·开发语言·算法
·醉挽清风·3 小时前
学习笔记—双指针算法—移动零
c++·笔记·学习·算法
几点才到啊3 小时前
使用 malloc 函数模拟开辟一个 3x5 的整型二维数组
数据结构·算法
编程绿豆侠4 小时前
力扣HOT100之链表:23. 合并 K 个升序链表
算法·leetcode·链表
Ayanami_Reii4 小时前
Leetcode837.新21点
c++·笔记·算法