Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package polaris for openSUSE:Factory checked in at 2024-11-14 16:08:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/polaris (Old) and /work/SRC/openSUSE:Factory/.polaris.new.2017 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "polaris" Thu Nov 14 16:08:38 2024 rev:35 rq:1223976 version:9.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/polaris/polaris.changes 2024-10-23 21:12:33.840414944 +0200 +++ /work/SRC/openSUSE:Factory/.polaris.new.2017/polaris.changes 2024-11-14 16:09:14.792174559 +0100 @@ -1,0 +2,11 @@ +Wed Nov 13 14:38:02 UTC 2024 - [email protected] + +- Update to version 9.6.0: + * INSIGHTS-475 Add 3 new checks to polaris (#1082) + * Bump k8s.io/client-go from 0.31.1 to 0.31.2 (#1078) + * Bump sigs.k8s.io/controller-runtime from 0.19.0 to 0.19.1 + (#1079) + * Bump github.com/fatih/color from 1.17.0 to 1.18.0 (#1081) + * Bump k8s.io/api from 0.31.1 to 0.31.2 (#1077) + +------------------------------------------------------------------- Old: ---- polaris-9.5.0.obscpio New: ---- polaris-9.6.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ polaris.spec ++++++ --- /var/tmp/diff_new_pack.ek0ODV/_old 2024-11-14 16:09:16.704254253 +0100 +++ /var/tmp/diff_new_pack.ek0ODV/_new 2024-11-14 16:09:16.716254754 +0100 @@ -17,7 +17,7 @@ Name: polaris -Version: 9.5.0 +Version: 9.6.0 Release: 0 Summary: Validation of best practices in your Kubernetes clusters License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.ek0ODV/_old 2024-11-14 16:09:17.012267116 +0100 +++ /var/tmp/diff_new_pack.ek0ODV/_new 2024-11-14 16:09:17.064269288 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/FairwindsOps/polaris</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">9.5.0</param> + <param name="revision">9.6.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.ek0ODV/_old 2024-11-14 16:09:17.280278308 +0100 +++ /var/tmp/diff_new_pack.ek0ODV/_new 2024-11-14 16:09:17.312279645 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/FairwindsOps/polaris</param> - <param name="changesrevision">073847559ad21f55e4c151b54651799db8ac0913</param></service></servicedata> + <param name="changesrevision">4dd3a81bbd44f6541253209bb6fdb4b4060088c5</param></service></servicedata> (No newline at EOF) ++++++ polaris-9.5.0.obscpio -> polaris-9.6.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/go.mod new/polaris-9.6.0/go.mod --- old/polaris-9.5.0/go.mod 2024-10-22 20:31:18.000000000 +0200 +++ new/polaris-9.6.0/go.mod 2024-11-13 12:24:37.000000000 +0100 @@ -6,7 +6,7 @@ github.com/AlecAivazis/survey/v2 v2.3.7 github.com/fairwindsops/controller-utils v0.3.4 github.com/fairwindsops/insights-plugins/plugins/workloads v0.0.0-20240917173116-506f92bdf9a0 - github.com/fatih/color v1.17.0 + github.com/fatih/color v1.18.0 github.com/gorilla/mux v1.8.1 github.com/pkg/errors v0.9.1 github.com/qri-io/jsonschema v0.1.2 @@ -16,10 +16,10 @@ github.com/thoas/go-funk v0.9.3 gomodules.xyz/jsonpatch/v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.31.1 - k8s.io/apimachinery v0.31.1 - k8s.io/client-go v0.31.1 - sigs.k8s.io/controller-runtime v0.19.0 + k8s.io/api v0.31.2 + k8s.io/apimachinery v0.31.2 + k8s.io/client-go v0.31.2 + sigs.k8s.io/controller-runtime v0.19.1 sigs.k8s.io/yaml v1.4.0 ) @@ -67,7 +67,7 @@ golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 // indirect golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sys v0.21.0 // indirect + golang.org/x/sys v0.25.0 // indirect golang.org/x/term v0.21.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/go.sum new/polaris-9.6.0/go.sum --- old/polaris-9.5.0/go.sum 2024-10-22 20:31:18.000000000 +0200 +++ new/polaris-9.6.0/go.sum 2024-11-13 12:24:37.000000000 +0100 @@ -23,8 +23,8 @@ github.com/fairwindsops/controller-utils v0.3.4/go.mod h1:9/hOHX70/LG40RgtFAjtXFiMWEpItqm6Scf+obRFB2Y= github.com/fairwindsops/insights-plugins/plugins/workloads v0.0.0-20240917173116-506f92bdf9a0 h1:7adPvardRgDkZlEfZJwNzfT25bZ9KY2odhmZeud19ds= github.com/fairwindsops/insights-plugins/plugins/workloads v0.0.0-20240917173116-506f92bdf9a0/go.mod h1:J+1LlUXLrbYbCzk/oxe9NLTToUWtCRzfM3akvOV+VxM= -github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= -github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= @@ -189,8 +189,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= @@ -232,22 +232,22 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= -k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= +k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= +k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= -k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= -k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= -k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= +k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= +k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc= +k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= -sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= +sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/pkg/config/checks/hostPathSet.yaml new/polaris-9.6.0/pkg/config/checks/hostPathSet.yaml --- old/polaris-9.5.0/pkg/config/checks/hostPathSet.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/pkg/config/checks/hostPathSet.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,16 @@ +successMessage: HostPath volumes are not configured +failureMessage: HostPath volumes must be forbidden +category: Security +target: PodSpec +schema: + '$schema': http://json-schema.org/draft-07/schema + type: object + properties: + volumes: + type: array + items: + type: object + properties: + hostPath: + type: string + const: '' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/pkg/config/checks/hostProcess.yaml new/polaris-9.6.0/pkg/config/checks/hostProcess.yaml --- old/polaris-9.5.0/pkg/config/checks/hostProcess.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/pkg/config/checks/hostProcess.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,31 @@ +successMessage: Privileged access to the host check is valid +failureMessage: Privileged access to the host is disallowed +category: Security +target: PodSpec +schema: + '$schema': http://json-schema.org/draft-07/schema + type: object + properties: + containers: + type: array + items: + type: object + properties: + securityContext: + type: object + properties: + windowsOptions: + type: object + properties: + hostProcess: + type: boolean + const: false + securityContext: + type: object + properties: + windowsOptions: + type: object + properties: + hostProcess: + type: boolean + const: false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/pkg/config/checks/procMount.yaml new/polaris-9.6.0/pkg/config/checks/procMount.yaml --- old/polaris-9.5.0/pkg/config/checks/procMount.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/pkg/config/checks/procMount.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,19 @@ +successMessage: The default /proc masks are set up to reduce attack surface, and should be required +failureMessage: Proc mount must not be changed from the default +category: Security +target: PodSpec +schema: + '$schema': http://json-schema.org/draft-07/schema + type: object + properties: + containers: + type: array + items: + type: object + properties: + securityContext: + type: object + properties: + procMount: + type: string + const: Default \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/pkg/config/checks.go new/polaris-9.6.0/pkg/config/checks.go --- old/polaris-9.5.0/pkg/config/checks.go 2024-10-22 20:31:18.000000000 +0200 +++ new/polaris-9.6.0/pkg/config/checks.go 2024-11-13 12:24:37.000000000 +0100 @@ -29,11 +29,14 @@ "deploymentMissingReplicas", // Pod checks "hostIPCSet", + "hostPathSet", + "hostProcess", "hostPIDSet", "hostNetworkSet", "automountServiceAccountToken", "topologySpreadConstraint", // Container checks + "procMount", "memoryLimitsMissing", "memoryRequestsMissing", "cpuLimitsMissing", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/pkg/config/default.yaml new/polaris-9.6.0/pkg/config/default.yaml --- old/polaris-9.5.0/pkg/config/default.yaml 2024-10-22 20:31:18.000000000 +0200 +++ new/polaris-9.6.0/pkg/config/default.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -23,11 +23,14 @@ # security automountServiceAccountToken: warning hostIPCSet: danger + hostPathSet: warning + hostProcess: warning hostPIDSet: danger linuxHardening: warning missingNetworkPolicy: warning notReadOnlyRootFilesystem: warning privilegeEscalationAllowed: danger + procMount: warning runAsRootAllowed: danger runAsPrivileged: danger dangerousCapabilities: danger diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/pkg/config/examples/config-full.yaml new/polaris-9.6.0/pkg/config/examples/config-full.yaml --- old/polaris-9.5.0/pkg/config/examples/config-full.yaml 2024-10-22 20:31:18.000000000 +0200 +++ new/polaris-9.6.0/pkg/config/examples/config-full.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -23,11 +23,14 @@ # security automountServiceAccountToken: warning hostIPCSet: danger + hostPathSet: warning + hostProcess: warning hostPIDSet: danger linuxHardening: danger missingNetworkPolicy: warning notReadOnlyRootFilesystem: warning privilegeEscalationAllowed: danger + procMount: warning runAsRootAllowed: danger runAsPrivileged: danger dangerousCapabilities: danger diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/pkg/validator/pod_test.go new/polaris-9.6.0/pkg/validator/pod_test.go --- old/polaris-9.5.0/pkg/validator/pod_test.go 2024-10-22 20:31:18.000000000 +0200 +++ new/polaris-9.6.0/pkg/validator/pod_test.go 2024-11-13 12:24:37.000000000 +0100 @@ -18,6 +18,7 @@ "testing" "github.com/stretchr/testify/assert" + v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" conf "github.com/fairwindsops/polaris/pkg/config" @@ -32,6 +33,9 @@ "hostPIDSet": conf.SeverityDanger, "hostNetworkSet": conf.SeverityWarning, "hostPortSet": conf.SeverityDanger, + "hostPathSet": conf.SeverityWarning, + "procMount": conf.SeverityWarning, + "hostProcess": conf.SeverityWarning, }, } @@ -39,7 +43,7 @@ deployment, err := kube.NewGenericResourceFromPod(p, nil) assert.NoError(t, err) expectedSum := CountSummary{ - Successes: uint(4), + Successes: uint(7), Warnings: uint(0), Dangers: uint(0), } @@ -48,6 +52,9 @@ "hostIPCSet": {ID: "hostIPCSet", Message: "Host IPC is not configured", Success: true, Severity: "danger", Category: "Security"}, "hostNetworkSet": {ID: "hostNetworkSet", Message: "Host network is not configured", Success: true, Severity: "warning", Category: "Security"}, "hostPIDSet": {ID: "hostPIDSet", Message: "Host PID is not configured", Success: true, Severity: "danger", Category: "Security"}, + "hostPathSet": {ID: "hostPathSet", Message: "HostPath volumes are not configured", Success: true, Severity: "warning", Category: "Security"}, + "procMount": {ID: "procMount", Message: "The default /proc masks are set up to reduce attack surface, and should be required", Success: true, Severity: "warning", Category: "Security"}, + "hostProcess": {ID: "hostProcess", Message: "Privileged access to the host check is valid", Success: true, Severity: "warning", Category: "Security"}, } actualPodResult, err := applyControllerSchemaChecks(&c, nil, deployment) @@ -67,22 +74,45 @@ "hostPIDSet": conf.SeverityDanger, "hostNetworkSet": conf.SeverityWarning, "hostPortSet": conf.SeverityDanger, + "hostPathSet": conf.SeverityWarning, + "procMount": conf.SeverityWarning, + "hostProcess": conf.SeverityWarning, }, } p := test.MockPod() p.Spec.HostIPC = true + p.Spec.Volumes = append(p.Spec.Volumes, v1.Volume{ + Name: "hostpath", + VolumeSource: v1.VolumeSource{ + HostPath: &v1.HostPathVolumeSource{ + Path: "/var/run/docker.sock", + }, + }, + }) + procMount := v1.UnmaskedProcMount + p.Spec.Containers[0].SecurityContext = &v1.SecurityContext{ + ProcMount: &procMount, + } + hostProcess := true + p.Spec.Containers[0].SecurityContext.WindowsOptions = &v1.WindowsSecurityContextOptions{ + HostProcess: &hostProcess, + } + workload, err := kube.NewGenericResourceFromPod(p, nil) assert.NoError(t, err) expectedSum := CountSummary{ Successes: uint(3), - Warnings: uint(0), + Warnings: uint(3), Dangers: uint(1), } expectedResults := ResultSet{ "hostIPCSet": {ID: "hostIPCSet", Message: "Host IPC should not be configured", Success: false, Severity: "danger", Category: "Security"}, "hostNetworkSet": {ID: "hostNetworkSet", Message: "Host network is not configured", Success: true, Severity: "warning", Category: "Security"}, "hostPIDSet": {ID: "hostPIDSet", Message: "Host PID is not configured", Success: true, Severity: "danger", Category: "Security"}, + "hostPathSet": {ID: "hostPathSet", Message: "HostPath volumes must be forbidden", Success: false, Severity: "warning", Category: "Security"}, + "procMount": {ID: "procMount", Message: "Proc mount must not be changed from the default", Success: false, Severity: "warning", Category: "Security"}, + "hostProcess": {ID: "hostProcess", Message: "Privileged access to the host is disallowed", Success: false, Severity: "warning", Category: "Security"}, } actualPodResult, err := applyControllerSchemaChecks(&c, nil, workload) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/test/checks/hostPathSet/failure.yaml new/polaris-9.6.0/test/checks/hostPathSet/failure.yaml --- old/polaris-9.5.0/test/checks/hostPathSet/failure.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/test/checks/hostPathSet/failure.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app.kubernetes.io/name: nginx +spec: + containers: + - name: nginx + image: nginx + volumes: + - name: log-volume + hostPath: + path: /var/log diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/test/checks/hostPathSet/success.yaml new/polaris-9.6.0/test/checks/hostPathSet/success.yaml --- old/polaris-9.5.0/test/checks/hostPathSet/success.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/test/checks/hostPathSet/success.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app.kubernetes.io/name: nginx +spec: + containers: + - name: nginx + image: nginx + volumes: + - name: log-volume diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/test/checks/hostProcess/failure.container.yaml new/polaris-9.6.0/test/checks/hostProcess/failure.container.yaml --- old/polaris-9.5.0/test/checks/hostProcess/failure.container.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/test/checks/hostProcess/failure.container.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app.kubernetes.io/name: nginx +spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + hostPort: 8080 + securityContext: + windowsOptions: + hostProcess: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/test/checks/hostProcess/failure.yaml new/polaris-9.6.0/test/checks/hostProcess/failure.yaml --- old/polaris-9.5.0/test/checks/hostProcess/failure.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/test/checks/hostProcess/failure.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app.kubernetes.io/name: nginx +spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + hostPort: 8080 + securityContext: + windowsOptions: + hostProcess: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/test/checks/hostProcess/success.container.yaml new/polaris-9.6.0/test/checks/hostProcess/success.container.yaml --- old/polaris-9.5.0/test/checks/hostProcess/success.container.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/test/checks/hostProcess/success.container.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app.kubernetes.io/name: nginx +spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + hostPort: 8080 + securityContext: + windowsOptions: + hostProcess: false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/test/checks/hostProcess/success.yaml new/polaris-9.6.0/test/checks/hostProcess/success.yaml --- old/polaris-9.5.0/test/checks/hostProcess/success.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/test/checks/hostProcess/success.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app.kubernetes.io/name: nginx +spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + hostPort: 8080 + securityContext: + windowsOptions: + hostProcess: false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/test/checks/procMount/failure.yaml new/polaris-9.6.0/test/checks/procMount/failure.yaml --- old/polaris-9.5.0/test/checks/procMount/failure.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/test/checks/procMount/failure.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app.kubernetes.io/name: nginx +spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + hostPort: 8080 + securityContext: + procMount: Other diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/polaris-9.5.0/test/checks/procMount/success.yaml new/polaris-9.6.0/test/checks/procMount/success.yaml --- old/polaris-9.5.0/test/checks/procMount/success.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/polaris-9.6.0/test/checks/procMount/success.yaml 2024-11-13 12:24:37.000000000 +0100 @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: nginx + labels: + app.kubernetes.io/name: nginx +spec: + containers: + - name: nginx + image: nginx + ports: + - containerPort: 80 + hostPort: 8080 + securityContext: + procMount: Default ++++++ polaris.obsinfo ++++++ --- /var/tmp/diff_new_pack.ek0ODV/_old 2024-11-14 16:09:18.036309881 +0100 +++ /var/tmp/diff_new_pack.ek0ODV/_new 2024-11-14 16:09:18.068311218 +0100 @@ -1,5 +1,5 @@ name: polaris -version: 9.5.0 -mtime: 1729621878 -commit: 073847559ad21f55e4c151b54651799db8ac0913 +version: 9.6.0 +mtime: 1731497077 +commit: 4dd3a81bbd44f6541253209bb6fdb4b4060088c5 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/polaris/vendor.tar.gz /work/SRC/openSUSE:Factory/.polaris.new.2017/vendor.tar.gz differ: char 5, line 1
