suppress host ports for now as require getting listening port during runtime

Kaizhe · Kaizhe · commit 85aa551c4c1a · 2019-02-08T16:31:29.000-08:00
diff --git a/advisor/processor/generate.go b/advisor/processor/generate.go
@@ -117,9 +117,10 @@ func (p *Processor) GeneratePSP(cssList []types.ContainerSecuritySpec, pssList [
 		}
 
 		// set host ports
-		for _, port := range sc.HostPorts {
-			psp.Spec.HostPorts = append(psp.Spec.HostPorts, v1beta1.HostPortRange{Min: port, Max: port})
-		}
+		// TODO: need to integrate with listening port during the runtime, might cause false positive.
+		//for _, port := range sc.HostPorts {
+		//	psp.Spec.HostPorts = append(psp.Spec.HostPorts, v1beta1.HostPortRange{Min: port, Max: port})
+		//}
 	}
 
 	// set allowedPrivilegeEscalation

Original file line number	Diff line number	Diff line change
`@@ -117,9 +117,10 @@ func (p *Processor) GeneratePSP(cssList []types.ContainerSecuritySpec, pssList [`
`117`	`117`	`}`
`118`	`118`
`119`	`119`	`// set host ports`
`120`		`- for _, port := range sc.HostPorts {`
`121`		`- psp.Spec.HostPorts = append(psp.Spec.HostPorts, v1beta1.HostPortRange{Min: port, Max: port})`
`122`		`- }`
	`120`	`+ // TODO: need to integrate with listening port during the runtime, might cause false positive.`
	`121`	`+ //for _, port := range sc.HostPorts {`
	`122`	`+ // psp.Spec.HostPorts = append(psp.Spec.HostPorts, v1beta1.HostPortRange{Min: port, Max: port})`
	`123`	`+ //}`
`123`	`124`	`}`
`124`	`125`
`125`	`126`	`// set allowedPrivilegeEscalation`