Google Git
Sign in
cos / third_party / kernel / ba9376cb98ee509233e4f51a0fcd120fce53e698
commitba9376cb98ee509233e4f51a0fcd120fce53e698[log] [tgz]
authorThomas Garnier <thgarnie@chromium.org>Mon Dec 16 15:50:43 2019 -0800
committerVaibhav Rustagi <vaibhavrustagi@google.com>Mon Feb 24 17:04:40 2020 +0000
tree094c81d9e369d81713ea0870295acc9586cc8980
parent3442b8e7e9a1b9245f21e983f5a020ff7aee0c02 [diff]
security: track kubectl/docker exec session using pid_namespace field

Add a field to the pid_namespace to check if a process is linked to the
container creation or a dedicated session kubectl/docker exec (also
used for liveness probes).

BUG=b:148390640
TEST=Ran all internal testing.
SOURCE=KTD

Signed-off-by: Thomas Garnier <thgarnie@chromium.org>
Change-Id: Id8ec642d42a382be586135c6344af200b68b6d5d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/lakitu-kernel/+/2062510
Commit-Queue: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: Peter Martincic <martincic@google.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Tested-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
1 file changed
tree: 094c81d9e369d81713ea0870295acc9586cc8980
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. PRESUBMIT.cfg
  37. README