allowPrivilegeEscalation: update docs

jessfraz · jessfraz · commit 2803333825df · 2017-07-24T13:55:13.000-04:00
Signed-off-by: Jess Frazelle &lt;acidburn@google.com&gt;
diff --git a/apis/openapi-spec/swagger.json b/apis/openapi-spec/swagger.json
@@ -11676,6 +11676,10 @@
    "io.k8s.api.core.v1.SecurityContext": {
     "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext.  When both are set, the values in SecurityContext take precedence.",
     "properties": {
+     "allowPrivilegeEscalation": {
+      "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN",
+      "type": "boolean"
+     },
      "capabilities": {
       "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.",
       "$ref": "#/definitions/io.k8s.api.core.v1.Capabilities"
diff --git a/apis/swagger-spec/extensions_v1beta1.json b/apis/swagger-spec/extensions_v1beta1.json
@@ -6556,6 +6556,10 @@
      "readOnlyRootFilesystem": {
       "type": "boolean",
       "description": "Whether this container has a read-only root filesystem. Default is false."
+     },
+     "allowPrivilegeEscalation": {
+      "type": "boolean",
+      "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN"
      }
     }
    },
diff --git a/docs/api-reference/extensions/v1beta1/definitions.html b/docs/api-reference/extensions/v1beta1/definitions.html
@@ -6452,6 +6452,13 @@ <h3 id="_v1_securitycontext">v1.SecurityContext</h3>
 <td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
 <td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
 </tr>
+<tr>
+<td class="tableblock halign-left valign-top"><p class="tableblock">allowPrivilegeEscalation</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">AllowPrivilegeEscalation controls whether a process can gain more privileges than it&#8217;s parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">boolean</p></td>
+<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
+</tr>
 </tbody>
 </table>
 

Original file line number	Diff line number	Diff line change
`@@ -6556,6 +6556,10 @@`
`6556`	`6556`	`"readOnlyRootFilesystem": {`
`6557`	`6557`	`"type": "boolean",`
`6558`	`6558`	`"description": "Whether this container has a read-only root filesystem. Default is false."`
	`6559`	`+ },`
	`6560`	`+ "allowPrivilegeEscalation": {`
	`6561`	`+ "type": "boolean",`
	`6562`	`+ "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than it's parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN"`
`6559`	`6563`	`}`
`6560`	`6564`	`}`
`6561`	`6565`	`},`