| restricted | anyuid | privileged |
|---|---|---|
| allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: false | allowHostDirVolumePlugin: true |
| allowHostIPC: false | allowHostIPC: false | allowHostIPC: true |
| allowHostNetwork: false | allowHostNetwork: false | allowHostNetwork: true |
| allowHostPID: false | allowHostPID: false | allowHostPID: true |
| allowHostPorts: false | allowHostPorts: false | allowHostPorts: true |
| allowPrivilegeEscalation: true | allowPrivilegeEscalation: true | allowPrivilegeEscalation: true |
| allowPrivilegedContainer: false | allowPrivilegedContainer: false | allowPrivilegedContainer: true |
| allowedCapabilities: null | allowedCapabilities: [ | allowedCapabilities: [*] |
| NET_RAW | ||
| FSETID | ||
| SETGID | ||
| SETUID | ||
| CHOWN | ||
| SYS_CHROOT] | ||
| allowedUnsafeSysctls: | allowedUnsafeSysctls: [*] | |
| apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 | apiVersion: security.openshift.io/v1 |
| defaultAddCapabilities: null | defaultAddCapabilities: null | defaultAddCapabilities: null |
| fsGroup: | fsGroup: RunAsAny | fsGroup: RunAsAny |
| groups: [] | groups: [system:cluster-admins] | groups: [system:cluster-admins, system:nodes, system:masters] |
| kind: SecurityContextConstraints | kind: SecurityContextConstraints | kind: SecurityContextConstraints |
| name: restricted | name: anyuid | name: privileged |
| resourceVersion: "3512475209" | resourceVersion: "3512475203" | resourceVersion: "340" |
| uid: bdb21b4f-dfda-456a-8aa3-7fdcd8ee2f2d | uid: d35f70ed-47ce-4b22-83d0-b0b2a4bc07f8 | uid: 1df9ef3c-1fab-4031-a2cd-3d7479069050 |
| priority: null | priority: 10 | priority: null |
| readOnlyRootFilesystem: false | readOnlyRootFilesystem: false | readOnlyRootFilesystem: false |
| requiredDropCapabilities: [KILL, MKNOD, SETUID, SETGID] | requiredDropCapabilities: [MKNOD] | requiredDropCapabilities: null |
| runAsUser: | runAsUser: RunAsAny | runAsUser: RunAsAny |
| seLinuxContext: | seLinuxContext: MustRunAs | seLinuxContext: RunAsAny |
| supplementalGroups: RunAsAny | supplementalGroups: RunAsAny | supplementalGroups: RunAsAny |
| users: [] | users: [] | users: [system:admin, system:serviceaccount:openshift-infra:build-controller] |
| volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] | volumes: [configMap, csi, downwardAPI, emptyDir, ephemeral, persistentVolumeClaim, projected, secret] | volumes: [*] |
【k8s】scc权限 restricted、anyuid、privileged
云川之下2025-01-10 11:16
相关推荐
学编程的小程17 分钟前
LeetCode216leeyayai_xixihah17 分钟前
2.21力扣-回溯组合01_19 分钟前
力扣hot100——相交,回文链表萌の鱼20 分钟前
leetcode 2826. 将三个组排序Buling_021 分钟前
算法-哈希表篇08-四数之和AllowM22 分钟前
【LeetCode Hot100】除自身以外数组的乘积|左右乘积列表,Java实现!图解+代码,小白也能秒懂!RAN_PAND1 小时前
STL介绍1:vector、pair、string、queue、mapfai厅的秃头姐!3 小时前
C语言03lisanndesu3 小时前
动态规划myprogramc3 小时前
十大排序算法