Jail/chroot nginx process inside controller container (#8337)
* Initial work on chrooting nginx process * More improvements in chroot * Fix charts and some file locations * Fix symlink on non chrooted container * fix psp test * Add e2e tests to chroot image * Fix logger * Add internal logger in controller * Fix overlay for chrooted tests * Fix tests * fix boilerplates * Fix unittest to point to the right pid * Fix PR review
This commit is contained in:
Ricardo Katz
GitHub
parent
83ce21b4dd
commit
3def835a6a
41 changed files with 456 additions and 49 deletions
18
rootfs/nginx-chroot-wrapper.sh
Executable file
18
rootfs/nginx-chroot-wrapper.sh
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Copyright 2022 The Kubernetes Authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
cat /etc/resolv.conf > /chroot/etc/resolv.conf
|
||||
unshare -S 101 -R /chroot nginx "$@"
|
||||
Loading…
Add table
Add a link
Reference in a new issue