【k8s】scc权限 restricted、anyuid、privileged

restricted anyuid privileged
allowHostDirVolumePlugin: false allowHostDirVolumePlugin: false allowHostDirVolumePlugin: true
allowHostIPC: false allowHostIPC: false allowHostIPC: true
allowHostNetwork: false allowHostNetwork: false allowHostNetwork: true
allowHostPID: false allowHostPID: false allowHostPID: true
allowHostPorts: false allowHostPorts: false allowHostPorts: true
allowPrivilegeEscalation: true allowPrivilegeEscalation: true allowPrivilegeEscalation: true
allowPrivilegedContainer: false allowPrivilegedContainer: false allowPrivilegedContainer: true
allowedCapabilities: null allowedCapabilities: [ allowedCapabilities: [*]
NET_RAW
FSETID
SETGID
SETUID
CHOWN
SYS_CHROOT]
allowedUnsafeSysctls: allowedUnsafeSysctls: [*]
apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1 apiVersion: security.openshift.io/v1
defaultAddCapabilities: null defaultAddCapabilities: null defaultAddCapabilities: null
fsGroup: fsGroup: RunAsAny fsGroup: RunAsAny
groups: [] groups: [system:cluster-admins] groups: [system:cluster-admins, system:nodes, system:masters]
kind: SecurityContextConstraints kind: SecurityContextConstraints kind: SecurityContextConstraints
name: restricted name: anyuid name: privileged
resourceVersion: "3512475209" resourceVersion: "3512475203" resourceVersion: "340"
uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050
priority: null priority: 10 priority: null
readOnlyRootFilesystem: false readOnlyRootFilesystem: false readOnlyRootFilesystem: false
requiredDropCapabilities: [KILL, MKNOD, SETUID, SETGID] requiredDropCapabilities: [MKNOD] requiredDropCapabilities: null
runAsUser: runAsUser: RunAsAny runAsUser: RunAsAny
seLinuxContext: seLinuxContext: MustRunAs seLinuxContext: RunAsAny
supplementalGroups: RunAsAny supplementalGroups: RunAsAny supplementalGroups: RunAsAny
users: [] users: [] users: [system:admin, system:serviceaccount:openshift-infra:build-controller]
volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] volumes: [*]
相关推荐
小新学习屋18 分钟前
《剑指offer》-数据结构篇-树
数据结构·算法·leetcode
好心的小明25 分钟前
【深度之眼机器学习笔记】04-01-决策树简介、熵,04-02-条件熵及计算举例,04-03-信息增益、ID3算法
笔记·算法·决策树
恣艺2 小时前
LeetCode 1074:元素和为目标值的子矩阵数量
算法·leetcode·矩阵
queenlll3 小时前
P1064 [NOIP 2006 提高组] 金明的预算方案 题解
算法
WildBlue3 小时前
前端算法秘籍:BFS 算法的 JS 魔法之旅🤩
前端·javascript·算法
设计师小聂!4 小时前
力扣---------238. 除自身以外数组的乘积
数据结构·算法·leetcode
minji...4 小时前
数据结构 二叉树(2)---二叉树的实现
数据结构·算法
草香农4 小时前
Keccak 算法详解
算法
荒诞硬汉5 小时前
二维数组相关学习
java·算法
周末程序猿6 小时前
技术总结|如何使用提升 strlen 的性能?
后端·算法