1 files changed, 179 insertions, 0 deletions
diff --git a/recipes-containers/kubernetes/kubernetes/CVE-2020-8557.patch b/recipes-containers/kubernetes/kubernetes/CVE-2020-8557.patch
new file mode 100644
index 00000000..dd70627d
--- /dev/null
+++ b/recipes-containers/kubernetes/kubernetes/CVE-2020-8557.patch
@@ -0,0 +1,179 @@
+From 68750fefd3df76b7b008ef7b18e8acd18d5c2f2e Mon Sep 17 00:00:00 2001
+From: Joel Smith <joesmith@redhat.com>
+Date: Thu, 14 May 2020 20:09:58 -0600
+Subject: [PATCH] Include pod /etc/hosts in ephemeral storage calculation for
+ eviction
+CVE: CVE-2020-8557
+Upstream-Status: Backport [https://github.com/kubernetes/kubernetes.git branch:release-1.16]
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ src/import/pkg/kubelet/eviction/BUILD               | 1 +
+ src/import/pkg/kubelet/eviction/eviction_manager.go | 7 ++++++-
+ src/import/pkg/kubelet/eviction/helpers.go          | 9 ++++++++-
+ src/import/pkg/kubelet/kubelet.go                   | 3 ++-
+ src/import/pkg/kubelet/kubelet_pods.go              | 7 ++++++-
+ src/import/pkg/kubelet/kubelet_test.go              | 3 ++-
+ src/import/pkg/kubelet/runonce_test.go              | 3 ++-
+ 7 files changed, 27 insertions(+), 6 deletions(-)
+diff --git a/src/import/pkg/kubelet/eviction/BUILD b/src/import/pkg/kubelet/eviction/BUILD
+index 2209b26d7d4..e8c2241e075 100644
+--- a/src/import/pkg/kubelet/eviction/BUILD
+++ b/src/import/pkg/kubelet/eviction/BUILD
+@@ -66,6 +66,7 @@ go_library(
+         "//staging/src/k8s.io/api/core/v1:go_default_library",
+         "//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library",
+         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
+         "//staging/src/k8s.io/apimachinery/pkg/util/clock:go_default_library",
+         "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
+         "//staging/src/k8s.io/client-go/tools/record:go_default_library",
+diff --git a/src/import/pkg/kubelet/eviction/eviction_manager.go b/src/import/pkg/kubelet/eviction/eviction_manager.go
+index 4ef2a89dce6..ca218cb942f 100644
+--- a/src/import/pkg/kubelet/eviction/eviction_manager.go
+++ b/src/import/pkg/kubelet/eviction/eviction_manager.go
+@@ -26,6 +26,7 @@ import (
+ 
+        v1 "k8s.io/api/core/v1"
+        "k8s.io/apimachinery/pkg/api/resource"
+       "k8s.io/apimachinery/pkg/types"
+        "k8s.io/apimachinery/pkg/util/clock"
+        utilfeature "k8s.io/apiserver/pkg/util/feature"
+        "k8s.io/client-go/tools/record"
+@@ -90,6 +91,8 @@ type managerImpl struct {
+        thresholdNotifiers []ThresholdNotifier
+        // thresholdsLastUpdated is the last time the thresholdNotifiers were updated.
+        thresholdsLastUpdated time.Time
+       // etcHostsPath is a function that will get the etc-hosts file's path for a pod given its UID
+       etcHostsPath func(podUID types.UID) string
+ }
+ 
+ // ensure it implements the required interface
+@@ -106,6 +109,7 @@ func NewManager(
+        recorder record.EventRecorder,
+        nodeRef *v1.ObjectReference,
+        clock clock.Clock,
+       etcHostsPath func(types.UID) string,
+ ) (Manager, lifecycle.PodAdmitHandler) {
+        manager := &managerImpl{
+                clock:                        clock,
+@@ -121,6 +125,7 @@ func NewManager(
+                thresholdsFirstObservedAt:    thresholdsObservedAt{},
+                dedicatedImageFs:             nil,
+                thresholdNotifiers:           []ThresholdNotifier{},
+               etcHostsPath:                 etcHostsPath,
+        }
+        return manager, manager
+ }
+@@ -503,7 +508,7 @@ func (m *managerImpl) podEphemeralStorageLimitEviction(podStats statsapi.PodStat
+        } else {
+                fsStatsSet = []fsStatsType{fsStatsRoot, fsStatsLogs, fsStatsLocalVolumeSource}
+        }
+-       podEphemeralUsage, err := podLocalEphemeralStorageUsage(podStats, pod, fsStatsSet)
+       podEphemeralUsage, err := podLocalEphemeralStorageUsage(podStats, pod, fsStatsSet, m.etcHostsPath(pod.UID))
+        if err != nil {
+                klog.Errorf("eviction manager: error getting pod disk usage %v", err)
+                return false
+diff --git a/src/import/pkg/kubelet/eviction/helpers.go b/src/import/pkg/kubelet/eviction/helpers.go
+index dfdb8ce3b60..41c55855aad 100644
+--- a/src/import/pkg/kubelet/eviction/helpers.go
+++ b/src/import/pkg/kubelet/eviction/helpers.go
+@@ -18,6 +18,7 @@ package eviction
+ 
+ import (
+        "fmt"
+       "os"
+        "sort"
+        "strconv"
+        "strings"
+@@ -415,7 +416,7 @@ func localEphemeralVolumeNames(pod *v1.Pod) []string {
+ }
+ 
+ // podLocalEphemeralStorageUsage aggregates pod local ephemeral storage usage and inode consumption for the specified stats to measure.
+-func podLocalEphemeralStorageUsage(podStats statsapi.PodStats, pod *v1.Pod, statsToMeasure []fsStatsType) (v1.ResourceList, error) {
+func podLocalEphemeralStorageUsage(podStats statsapi.PodStats, pod *v1.Pod, statsToMeasure []fsStatsType, etcHostsPath string) (v1.ResourceList, error) {
+        disk := resource.Quantity{Format: resource.BinarySI}
+        inodes := resource.Quantity{Format: resource.DecimalSI}
+ 
+@@ -429,6 +430,12 @@ func podLocalEphemeralStorageUsage(podStats statsapi.PodStats, pod *v1.Pod, stat
+                disk.Add(podLocalVolumeUsageList[v1.ResourceEphemeralStorage])
+                inodes.Add(podLocalVolumeUsageList[resourceInodes])
+        }
+       if len(etcHostsPath) > 0 {
+               if stat, err := os.Stat(etcHostsPath); err == nil {
+                       disk.Add(*resource.NewQuantity(int64(stat.Size()), resource.BinarySI))
+                       inodes.Add(*resource.NewQuantity(int64(1), resource.DecimalSI))
+               }
+       }
+        return v1.ResourceList{
+                v1.ResourceEphemeralStorage: disk,
+                resourceInodes:              inodes,
+diff --git a/src/import/pkg/kubelet/kubelet.go b/src/import/pkg/kubelet/kubelet.go
+index c2acd358e59..8da5d0f2e92 100644
+--- a/src/import/pkg/kubelet/kubelet.go
+++ b/src/import/pkg/kubelet/kubelet.go
+@@ -831,8 +831,9 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
+        klet.backOff = flowcontrol.NewBackOff(backOffPeriod, MaxContainerBackOff)
+        klet.podKillingCh = make(chan *kubecontainer.PodPair, podKillingChannelCapacity)
+ 
+       etcHostsPathFunc := func(podUID types.UID) string { return getEtcHostsPath(klet.getPodDir(podUID)) }
+        // setup eviction manager
+-       evictionManager, evictionAdmitHandler := eviction.NewManager(klet.resourceAnalyzer, evictionConfig, killPodNow(klet.podWorkers, kubeDeps.Recorder), klet.podManager.GetMirrorPodByPod, klet.imageManager, klet.containerGC, kubeDeps.Recorder, nodeRef, klet.clock)
+       evictionManager, evictionAdmitHandler := eviction.NewManager(klet.resourceAnalyzer, evictionConfig, killPodNow(klet.podWorkers, kubeDeps.Recorder), klet.podManager.GetMirrorPodByPod, klet.imageManager, klet.containerGC, kubeDeps.Recorder, nodeRef, klet.clock, etcHostsPathFunc)
+ 
+        klet.evictionManager = evictionManager
+        klet.admitHandlers.AddPodAdmitHandler(evictionAdmitHandler)
+diff --git a/src/import/pkg/kubelet/kubelet_pods.go b/src/import/pkg/kubelet/kubelet_pods.go
+index 013d0f55aea..02857d4b5b3 100644
+--- a/src/import/pkg/kubelet/kubelet_pods.go
+++ b/src/import/pkg/kubelet/kubelet_pods.go
+@@ -291,10 +291,15 @@ func translateMountPropagation(mountMode *v1.MountPropagationMode) (runtimeapi.M
+        }
+ }
+ 
+// getEtcHostsPath returns the full host-side path to a pod's generated /etc/hosts file
+func getEtcHostsPath(podDir string) string {
+       return path.Join(podDir, "etc-hosts")
+}
+
+ // makeHostsMount makes the mountpoint for the hosts file that the containers
+ // in a pod are injected with.
+ func makeHostsMount(podDir, podIP, hostName, hostDomainName string, hostAliases []v1.HostAlias, useHostNetwork bool) (*kubecontainer.Mount, error) {
+-       hostsFilePath := path.Join(podDir, "etc-hosts")
+       hostsFilePath := getEtcHostsPath(podDir)
+        if err := ensureHostsFile(hostsFilePath, podIP, hostName, hostDomainName, hostAliases, useHostNetwork); err != nil {
+                return nil, err
+        }
+diff --git a/src/import/pkg/kubelet/kubelet_test.go b/src/import/pkg/kubelet/kubelet_test.go
+index 80c6dcb73b6..9fb417fbb9d 100644
+--- a/src/import/pkg/kubelet/kubelet_test.go
+++ b/src/import/pkg/kubelet/kubelet_test.go
+@@ -291,8 +291,9 @@ func newTestKubeletWithImageList(
+                UID:       types.UID(kubelet.nodeName),
+                Namespace: "",
+        }
+       etcHostsPathFunc := func(podUID types.UID) string { return getEtcHostsPath(kubelet.getPodDir(podUID)) }
+        // setup eviction manager
+-       evictionManager, evictionAdmitHandler := eviction.NewManager(kubelet.resourceAnalyzer, eviction.Config{}, killPodNow(kubelet.podWorkers, fakeRecorder), kubelet.podManager.GetMirrorPodByPod, kubelet.imageManager, kubelet.containerGC, fakeRecorder, nodeRef, kubelet.clock)
+       evictionManager, evictionAdmitHandler := eviction.NewManager(kubelet.resourceAnalyzer, eviction.Config{}, killPodNow(kubelet.podWorkers, fakeRecorder), kubelet.podManager.GetMirrorPodByPod, kubelet.imageManager, kubelet.containerGC, fakeRecorder, nodeRef, kubelet.clock, etcHostsPathFunc)
+ 
+        kubelet.evictionManager = evictionManager
+        kubelet.admitHandlers.AddPodAdmitHandler(evictionAdmitHandler)
+diff --git a/src/import/pkg/kubelet/runonce_test.go b/src/import/pkg/kubelet/runonce_test.go
+index 7239133e481..9b162c11702 100644
+--- a/src/import/pkg/kubelet/runonce_test.go
+++ b/src/import/pkg/kubelet/runonce_test.go
+@@ -125,7 +125,8 @@ func TestRunOnce(t *testing.T) {
+                return nil
+        }
+        fakeMirrodPodFunc := func(*v1.Pod) (*v1.Pod, bool) { return nil, false }
+-       evictionManager, evictionAdmitHandler := eviction.NewManager(kb.resourceAnalyzer, eviction.Config{}, fakeKillPodFunc, fakeMirrodPodFunc, nil, nil, kb.recorder, nodeRef, kb.clock)
+       etcHostsPathFunc := func(podUID types.UID) string { return getEtcHostsPath(kb.getPodDir(podUID)) }
+       evictionManager, evictionAdmitHandler := eviction.NewManager(kb.resourceAnalyzer, eviction.Config{}, fakeKillPodFunc, fakeMirrodPodFunc, nil, nil, kb.recorder, nodeRef, kb.clock, etcHostsPathFunc)
+ 
+        kb.evictionManager = evictionManager
+        kb.admitHandlers.AddPodAdmitHandler(evictionAdmitHandler)
+-- 
+2.17.0

diff --git a/recipes-containers/kubernetes/kubernetes/CVE-2020-8557.patch b/recipes-containers/kubernetes/kubernetes/CVE-2020-8557.patch new file mode 100644 index 00000000..dd70627d --- /dev/null +++ b/recipes-containers/kubernetes/kubernetes/CVE-2020-8557.patch
@@ -0,0 +1,179 @@
	1	From 68750fefd3df76b7b008ef7b18e8acd18d5c2f2e Mon Sep 17 00:00:00 2001
	2	From: Joel Smith <joesmith@redhat.com>
	3	Date: Thu, 14 May 2020 20:09:58 -0600
	4	Subject: [PATCH] Include pod /etc/hosts in ephemeral storage calculation for
	5	eviction
	6
	7	CVE: CVE-2020-8557
	8	Upstream-Status: Backport [https://github.com/kubernetes/kubernetes.git branch:release-1.16]
	9	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
	10	---
	11	src/import/pkg/kubelet/eviction/BUILD \| 1 +
	12	src/import/pkg/kubelet/eviction/eviction_manager.go \| 7 ++++++-
	13	src/import/pkg/kubelet/eviction/helpers.go \| 9 ++++++++-
	14	src/import/pkg/kubelet/kubelet.go \| 3 ++-
	15	src/import/pkg/kubelet/kubelet_pods.go \| 7 ++++++-
	16	src/import/pkg/kubelet/kubelet_test.go \| 3 ++-
	17	src/import/pkg/kubelet/runonce_test.go \| 3 ++-
	18	7 files changed, 27 insertions(+), 6 deletions(-)
	19
	20	diff --git a/src/import/pkg/kubelet/eviction/BUILD b/src/import/pkg/kubelet/eviction/BUILD
	21	index 2209b26d7d4..e8c2241e075 100644
	22	--- a/src/import/pkg/kubelet/eviction/BUILD
	23	+++ b/src/import/pkg/kubelet/eviction/BUILD
	24	@@ -66,6 +66,7 @@ go_library(
	25	"//staging/src/k8s.io/api/core/v1:go_default_library",
	26	"//staging/src/k8s.io/apimachinery/pkg/api/resource:go_default_library",
	27	"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
	28	+ "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
	29	"//staging/src/k8s.io/apimachinery/pkg/util/clock:go_default_library",
	30	"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
	31	"//staging/src/k8s.io/client-go/tools/record:go_default_library",
	32	diff --git a/src/import/pkg/kubelet/eviction/eviction_manager.go b/src/import/pkg/kubelet/eviction/eviction_manager.go
	33	index 4ef2a89dce6..ca218cb942f 100644
	34	--- a/src/import/pkg/kubelet/eviction/eviction_manager.go
	35	+++ b/src/import/pkg/kubelet/eviction/eviction_manager.go
	36	@@ -26,6 +26,7 @@ import (
	37
	38	v1 "k8s.io/api/core/v1"
	39	"k8s.io/apimachinery/pkg/api/resource"
	40	+ "k8s.io/apimachinery/pkg/types"
	41	"k8s.io/apimachinery/pkg/util/clock"
	42	utilfeature "k8s.io/apiserver/pkg/util/feature"
	43	"k8s.io/client-go/tools/record"
	44	@@ -90,6 +91,8 @@ type managerImpl struct {
	45	thresholdNotifiers []ThresholdNotifier
	46	// thresholdsLastUpdated is the last time the thresholdNotifiers were updated.
	47	thresholdsLastUpdated time.Time
	48	+ // etcHostsPath is a function that will get the etc-hosts file's path for a pod given its UID
	49	+ etcHostsPath func(podUID types.UID) string
	50	}
	51
	52	// ensure it implements the required interface
	53	@@ -106,6 +109,7 @@ func NewManager(
	54	recorder record.EventRecorder,
	55	nodeRef *v1.ObjectReference,
	56	clock clock.Clock,
	57	+ etcHostsPath func(types.UID) string,
	58	) (Manager, lifecycle.PodAdmitHandler) {
	59	manager := &managerImpl{
	60	clock: clock,
	61	@@ -121,6 +125,7 @@ func NewManager(
	62	thresholdsFirstObservedAt: thresholdsObservedAt{},
	63	dedicatedImageFs: nil,
	64	thresholdNotifiers: []ThresholdNotifier{},
	65	+ etcHostsPath: etcHostsPath,
	66	}
	67	return manager, manager
	68	}
	69	@@ -503,7 +508,7 @@ func (m *managerImpl) podEphemeralStorageLimitEviction(podStats statsapi.PodStat
	70	} else {
	71	fsStatsSet = []fsStatsType{fsStatsRoot, fsStatsLogs, fsStatsLocalVolumeSource}
	72	}
	73	- podEphemeralUsage, err := podLocalEphemeralStorageUsage(podStats, pod, fsStatsSet)
	74	+ podEphemeralUsage, err := podLocalEphemeralStorageUsage(podStats, pod, fsStatsSet, m.etcHostsPath(pod.UID))
	75	if err != nil {
	76	klog.Errorf("eviction manager: error getting pod disk usage %v", err)
	77	return false
	78	diff --git a/src/import/pkg/kubelet/eviction/helpers.go b/src/import/pkg/kubelet/eviction/helpers.go
	79	index dfdb8ce3b60..41c55855aad 100644
	80	--- a/src/import/pkg/kubelet/eviction/helpers.go
	81	+++ b/src/import/pkg/kubelet/eviction/helpers.go
	82	@@ -18,6 +18,7 @@ package eviction
	83
	84	import (
	85	"fmt"
	86	+ "os"
	87	"sort"
	88	"strconv"
	89	"strings"
	90	@@ -415,7 +416,7 @@ func localEphemeralVolumeNames(pod *v1.Pod) []string {
	91	}
	92
	93	// podLocalEphemeralStorageUsage aggregates pod local ephemeral storage usage and inode consumption for the specified stats to measure.
	94	-func podLocalEphemeralStorageUsage(podStats statsapi.PodStats, pod *v1.Pod, statsToMeasure []fsStatsType) (v1.ResourceList, error) {
	95	+func podLocalEphemeralStorageUsage(podStats statsapi.PodStats, pod *v1.Pod, statsToMeasure []fsStatsType, etcHostsPath string) (v1.ResourceList, error) {
	96	disk := resource.Quantity{Format: resource.BinarySI}
	97	inodes := resource.Quantity{Format: resource.DecimalSI}
	98
	99	@@ -429,6 +430,12 @@ func podLocalEphemeralStorageUsage(podStats statsapi.PodStats, pod *v1.Pod, stat
	100	disk.Add(podLocalVolumeUsageList[v1.ResourceEphemeralStorage])
	101	inodes.Add(podLocalVolumeUsageList[resourceInodes])
	102	}
	103	+ if len(etcHostsPath) > 0 {
	104	+ if stat, err := os.Stat(etcHostsPath); err == nil {
	105	+ disk.Add(*resource.NewQuantity(int64(stat.Size()), resource.BinarySI))
	106	+ inodes.Add(*resource.NewQuantity(int64(1), resource.DecimalSI))
	107	+ }
	108	+ }
	109	return v1.ResourceList{
	110	v1.ResourceEphemeralStorage: disk,
	111	resourceInodes: inodes,
	112	diff --git a/src/import/pkg/kubelet/kubelet.go b/src/import/pkg/kubelet/kubelet.go
	113	index c2acd358e59..8da5d0f2e92 100644
	114	--- a/src/import/pkg/kubelet/kubelet.go
	115	+++ b/src/import/pkg/kubelet/kubelet.go
	116	@@ -831,8 +831,9 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
	117	klet.backOff = flowcontrol.NewBackOff(backOffPeriod, MaxContainerBackOff)
	118	klet.podKillingCh = make(chan *kubecontainer.PodPair, podKillingChannelCapacity)
	119
	120	+ etcHostsPathFunc := func(podUID types.UID) string { return getEtcHostsPath(klet.getPodDir(podUID)) }
	121	// setup eviction manager
	122	- evictionManager, evictionAdmitHandler := eviction.NewManager(klet.resourceAnalyzer, evictionConfig, killPodNow(klet.podWorkers, kubeDeps.Recorder), klet.podManager.GetMirrorPodByPod, klet.imageManager, klet.containerGC, kubeDeps.Recorder, nodeRef, klet.clock)
	123	+ evictionManager, evictionAdmitHandler := eviction.NewManager(klet.resourceAnalyzer, evictionConfig, killPodNow(klet.podWorkers, kubeDeps.Recorder), klet.podManager.GetMirrorPodByPod, klet.imageManager, klet.containerGC, kubeDeps.Recorder, nodeRef, klet.clock, etcHostsPathFunc)
	124
	125	klet.evictionManager = evictionManager
	126	klet.admitHandlers.AddPodAdmitHandler(evictionAdmitHandler)
	127	diff --git a/src/import/pkg/kubelet/kubelet_pods.go b/src/import/pkg/kubelet/kubelet_pods.go
	128	index 013d0f55aea..02857d4b5b3 100644
	129	--- a/src/import/pkg/kubelet/kubelet_pods.go
	130	+++ b/src/import/pkg/kubelet/kubelet_pods.go
	131	@@ -291,10 +291,15 @@ func translateMountPropagation(mountMode *v1.MountPropagationMode) (runtimeapi.M
	132	}
	133	}
	134
	135	+// getEtcHostsPath returns the full host-side path to a pod's generated /etc/hosts file
	136	+func getEtcHostsPath(podDir string) string {
	137	+ return path.Join(podDir, "etc-hosts")
	138	+}
	139	+
	140	// makeHostsMount makes the mountpoint for the hosts file that the containers
	141	// in a pod are injected with.
	142	func makeHostsMount(podDir, podIP, hostName, hostDomainName string, hostAliases []v1.HostAlias, useHostNetwork bool) (*kubecontainer.Mount, error) {
	143	- hostsFilePath := path.Join(podDir, "etc-hosts")
	144	+ hostsFilePath := getEtcHostsPath(podDir)
	145	if err := ensureHostsFile(hostsFilePath, podIP, hostName, hostDomainName, hostAliases, useHostNetwork); err != nil {
	146	return nil, err
	147	}
	148	diff --git a/src/import/pkg/kubelet/kubelet_test.go b/src/import/pkg/kubelet/kubelet_test.go
	149	index 80c6dcb73b6..9fb417fbb9d 100644
	150	--- a/src/import/pkg/kubelet/kubelet_test.go
	151	+++ b/src/import/pkg/kubelet/kubelet_test.go
	152	@@ -291,8 +291,9 @@ func newTestKubeletWithImageList(
	153	UID: types.UID(kubelet.nodeName),
	154	Namespace: "",
	155	}
	156	+ etcHostsPathFunc := func(podUID types.UID) string { return getEtcHostsPath(kubelet.getPodDir(podUID)) }
	157	// setup eviction manager
	158	- evictionManager, evictionAdmitHandler := eviction.NewManager(kubelet.resourceAnalyzer, eviction.Config{}, killPodNow(kubelet.podWorkers, fakeRecorder), kubelet.podManager.GetMirrorPodByPod, kubelet.imageManager, kubelet.containerGC, fakeRecorder, nodeRef, kubelet.clock)
	159	+ evictionManager, evictionAdmitHandler := eviction.NewManager(kubelet.resourceAnalyzer, eviction.Config{}, killPodNow(kubelet.podWorkers, fakeRecorder), kubelet.podManager.GetMirrorPodByPod, kubelet.imageManager, kubelet.containerGC, fakeRecorder, nodeRef, kubelet.clock, etcHostsPathFunc)
	160
	161	kubelet.evictionManager = evictionManager
	162	kubelet.admitHandlers.AddPodAdmitHandler(evictionAdmitHandler)
	163	diff --git a/src/import/pkg/kubelet/runonce_test.go b/src/import/pkg/kubelet/runonce_test.go
	164	index 7239133e481..9b162c11702 100644
	165	--- a/src/import/pkg/kubelet/runonce_test.go
	166	+++ b/src/import/pkg/kubelet/runonce_test.go
	167	@@ -125,7 +125,8 @@ func TestRunOnce(t *testing.T) {
	168	return nil
	169	}
	170	fakeMirrodPodFunc := func(v1.Pod) (v1.Pod, bool) { return nil, false }
	171	- evictionManager, evictionAdmitHandler := eviction.NewManager(kb.resourceAnalyzer, eviction.Config{}, fakeKillPodFunc, fakeMirrodPodFunc, nil, nil, kb.recorder, nodeRef, kb.clock)
	172	+ etcHostsPathFunc := func(podUID types.UID) string { return getEtcHostsPath(kb.getPodDir(podUID)) }
	173	+ evictionManager, evictionAdmitHandler := eviction.NewManager(kb.resourceAnalyzer, eviction.Config{}, fakeKillPodFunc, fakeMirrodPodFunc, nil, nil, kb.recorder, nodeRef, kb.clock, etcHostsPathFunc)
	174
	175	kb.evictionManager = evictionManager
	176	kb.admitHandlers.AddPodAdmitHandler(evictionAdmitHandler)
	177	--
	178	2.17.0
	179