Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix privileged config of Pod Sandbox #96877

Merged
merged 1 commit into from Jan 15, 2021
Merged

fix privileged config of Pod Sandbox #96877

merged 1 commit into from Jan 15, 2021

Conversation

xeniumlee
Copy link
Contributor

What type of PR is this?
/kind bug

What this PR does / why we need it:
Privileged flag of pod sandbox is just ignored silently.

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Nov 26, 2020
@k8s-ci-robot
Copy link
Contributor

@xeniumlee: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Nov 26, 2020
@k8s-ci-robot
Copy link
Contributor

Welcome @xeniumlee!

It looks like this is your first PR to kubernetes/kubernetes 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/kubernetes has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Nov 26, 2020
@k8s-ci-robot
Copy link
Contributor

Hi @xeniumlee. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added sig/node Categorizes an issue or PR as relevant to SIG Node. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Nov 26, 2020
@xeniumlee xeniumlee mentioned this pull request Dec 3, 2020
Closed
@dims
Copy link
Member

dims commented Dec 3, 2020

/ok-to-test
/milestone v1.21

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Dec 3, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Dec 3, 2020
@k8s-ci-robot k8s-ci-robot removed the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Dec 3, 2020
@ehashman
Copy link
Member

/priority important-soon
/retest

looks like timeout flakes

@k8s-ci-robot k8s-ci-robot added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Dec 21, 2020
@ehashman ehashman added this to Needs Reviewer in SIG Node PR Triage Jan 6, 2021
@ehashman ehashman moved this from Needs Reviewer to Triage in SIG Node PR Triage Jan 6, 2021
@ehashman
Copy link
Member

/release-note-none

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Jan 15, 2021
@ehashman ehashman moved this from Triage to Needs Reviewer in SIG Node PR Triage Jan 15, 2021
@ehashman
Copy link
Member

From what I can see, this code hasn't been updated in ~4 years, basically since it was added. This was probably just missed.

Kuberuntime sets this:

kubernetes/pkg/kubelet/kuberuntime/security_context.go

Lines 96 to 98 in b6958b2

if securityContext.Privileged != nil {
sc.Privileged = *securityContext.Privileged
}

ehashman
ehashman reviewed Jan 15, 2021
View reviewed changes
Copy link
Member

@ehashman ehashman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@ehashman ehashman moved this from Needs Reviewer to Needs Approver in SIG Node PR Triage Jan 15, 2021
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 15, 2021
@mrunalp
Copy link
Contributor

mrunalp commented Jan 15, 2021

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mrunalp, xeniumlee

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 15, 2021
@mrunalp mrunalp moved this from Needs Approver to Done in SIG Node PR Triage Jan 15, 2021
@k8s-ci-robot k8s-ci-robot merged commit 4fe1329 into kubernetes:master Jan 15, 2021
@arianvp arianvp mentioned this pull request May 17, 2021
Open
@sync-by-unito sync-by-unito bot mentioned this pull request May 19, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehashman ehashman ehashman left review comments

@feiskyer feiskyer Awaiting requested review from feiskyer

@mrunalp mrunalp Awaiting requested review from mrunalp

Assignees

@ehashman ehashman

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubelet cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note-none Denotes a PR that doesn't merit a release note. sig/node Categorizes an issue or PR as relevant to SIG Node. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
SIG Node PR Triage
Done
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@xeniumlee @k8s-ci-robot @dims @ehashman @mrunalp