cri-o/server
Samuel Ortiz 0e51bbb778 oci: Support mixing trusted and untrusted workloads
Container runtimes provide different levels of isolation, from kernel
namespaces to hardware virtualization. When starting a specific
container, one may want to decide which level of isolation to use
depending on how much we trust the container workload. Fully verified
and signed containers may not need the hardware isolation layer but e.g.
CI jobs pulling packages from many untrusted sources should probably not
run only on a kernel namespace isolation layer.

Here we allow CRI-O users to define a container runtime for trusted
containers and another one for untrusted containers, and also to define
a general, default trust level. This anticipates future kubelet
implementations that would be able to tag containers as trusted or
untrusted. When missing a kubelet hint, containers are trusted by
default.

A container becomes untrusted if we get a hint in that direction from
kubelet or if the default trust level is set to "untrusted" and the
container is not privileged. In both cases CRI-O will try to use the
untrusted container runtime. For any other cases, it will switch to the
trusted one.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-06-15 10:04:36 +02:00
..
apparmor Rename ocid to crio. 2017-05-12 09:56:06 -04:00
seccomp Update runtime-spec to v1.0.0.rc5 2017-04-12 19:15:53 -07:00
config.go oci: Support mixing trusted and untrusted workloads 2017-06-15 10:04:36 +02:00
container.go pkg/annotations: Export CRI-O annotations namespace 2017-06-01 23:45:44 +02:00
container_attach.go Implement non-terminal attach 2017-06-14 22:59:50 +02:00
container_create.go oci: Support mixing trusted and untrusted workloads 2017-06-15 10:04:36 +02:00
container_exec.go copy using bytes pools 2017-06-12 12:53:23 +02:00
container_execsync.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
container_list.go server: remove Update calls 2017-04-27 14:01:37 +02:00
container_portforward.go copy using bytes pools 2017-06-12 12:53:23 +02:00
container_remove.go server: honor container stop timeout from CRI 2017-05-15 22:56:31 +02:00
container_start.go adjust status on container start failure 2017-06-12 12:48:50 +02:00
container_status.go adjust status on container start failure 2017-06-12 12:48:50 +02:00
container_stop.go server: store containers state on disk 2017-05-18 21:19:50 +02:00
container_updateruntimeconfig.go server: mock UpdateRuntimeConfig 2016-12-15 14:31:42 +01:00
image_list.go server: readable fields 2017-04-20 08:22:50 -04:00
image_pull.go *: support insecure registries 2017-06-09 01:04:29 +02:00
image_remove.go server: readable fields 2017-04-20 08:22:50 -04:00
image_status.go server: container_status: we should return digested references in imageRef 2017-05-22 16:37:46 +02:00
runtime_status.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
sandbox.go oci: Support mixing trusted and untrusted workloads 2017-06-15 10:04:36 +02:00
sandbox_list.go server: ignore runc not exist errors 2017-05-18 21:19:50 +02:00
sandbox_remove.go RemovePodSandbox must be idempotent 2017-06-01 17:37:20 +02:00
sandbox_run.go oci: Support mixing trusted and untrusted workloads 2017-06-15 10:04:36 +02:00
sandbox_status.go sandbox_status: Infof->Debugf response 2017-06-09 13:04:33 +02:00
sandbox_stop.go server: sandbox_stop: ignore not found sandboxes 2017-05-22 16:37:39 +02:00
server.go oci: Support mixing trusted and untrusted workloads 2017-06-15 10:04:36 +02:00
utils.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
version.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00