| restricted | anyuid | privileged |
|---|---|---|
| allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: true |
| allowHostIPC: false | allowHostIPC: false | allowHostIPC: true |
| allowHostNetwork: false | allowHostNetwork: false | allowHostNetwork: true |
| allowHostPID: false | allowHostPID: false | allowHostPID: true |
| allowHostPorts: false | allowHostPorts: false | allowHostPorts: true |
| allowPrivilegeEscalation: true | allowPrivilegeEscalation: true | allowPrivilegeEscalation: true |
| allowPrivilegedContainer: false | allowPrivilegedContainer: false | allowPrivilegedContainer: true |
| allowedCapabilities: null | allowedCapabilities: [ | allowedCapabilities: [*] |
| NET_RAW | ||
| FSETID | ||
| SETGID | ||
| SETUID | ||
| CHOWN | ||
| SYS_CHROOT] | ||
| allowedUnsafeSysctls: | allowedUnsafeSysctls: [*] | |
| apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 |
| defaultAddCapabilities: null | defaultAddCapabilities: null | defaultAddCapabilities: null |
| fsGroup: | fsGroup: RunAsAny | fsGroup: RunAsAny |
| groups: [] | groups: [system:cluster-admins] | groups: [system:cluster-admins, system:nodes, system:masters] |
| kind: SecurityContextConstraints | kind: SecurityContextConstraints | kind: SecurityContextConstraints |
| name: restricted | name: anyuid | name: privileged |
| resourceVersion: "3512475209" | resourceVersion: "3512475203" | resourceVersion: "340" |
| uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d | uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 | uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050 |
| priority: null | priority: 10 | priority: null |
| readOnlyRootFilesystem: false | readOnlyRootFilesystem: false | readOnlyRootFilesystem: false |
| requiredDropCapabilities: [KILL, MKNOD, SETUID, SETGID] | requiredDropCapabilities: [MKNOD] | requiredDropCapabilities: null |
| runAsUser: | runAsUser: RunAsAny | runAsUser: RunAsAny |
| seLinuxContext: | seLinuxContext: MustRunAs | seLinuxContext: RunAsAny |
| supplementalGroups: RunAsAny | supplementalGroups: RunAsAny | supplementalGroups: RunAsAny |
| users: [] | users: [] | users: [system:admin, system:serviceaccount:openshift-infra:build-controller] |
| volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] | volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] | volumes: [*] |
【k8s】scc权限 restricted、anyuid、privileged
云川之下2025-01-10 11:16
相关推荐
多打代码13 分钟前
2025.09.05 用队列实现栈 & 有效的括号 & 删除字符串中的所有相邻重复项j_xxx404_2 小时前
数据结构:栈和队列力扣算法题南莺莺2 小时前
假设一个算术表达式中包含圆括号、方括号和花括号3种类型的括号,编写一个算法来判别,表达式中的括号是否配对,以字符“\0“作为算术表达式的结束符THMAIL2 小时前
深度学习从入门到精通 - 神经网络核心原理:从生物神经元到数学模型蜕变野犬寒鸦2 小时前
力扣hot100:旋转图像(48)(详细图解以及核心思路剖析)墨染点香2 小时前
LeetCode 刷题【61. 旋转链表】一枝小雨3 小时前
【OJ】C++ vector类OJ题Tisfy3 小时前
LeetCode 3516.找到最近的人:计算绝对值大小自信的小螺丝钉3 小时前
Leetcode 206. 反转链表 迭代/递归黑色的山岗在沉睡4 小时前
LeetCode 189. 轮转数组