Add support for "no new privileges"

[timstclair]

Support for setting NO_NEW_PRIVS was added in docker 1.11 (moby/moby#20329). This feature will be much more useful once user namespace support is added (#34569), but I believe it is also relevant when paired with seccomp or LSM (SELinux or AppArmor).

/cc @mrunalp @kubernetes/sig-node

[xingzhou]

Shall we add a new flag on this? I'd like to take investigation on this ticket

[timstclair]

I think it needs to be a user-facing option (for the reasons described here). It probably makes the most sense as a field on the SecurityContext. I think this touches enough components (k8s API, CRI) that a (brief) design proposal is in order.

[xingzhou]

yes, @timstclair, if we also add a flag to kubectl, so that user can also config this option from the client. I will try to write a brief design for discussion prior to implementation, thanks

[xingzhou]

@timstclair, just wrote a simple proposal doc at, for your review, thanks:
https://docs.google.com/document/d/1ikz1V1yxK0mwG_Bnuhh1jADhtiQRPdx_pdSDB5P_ZGg/edit?usp=sharing

[timstclair]

Thank you for the proposal. I left some comments on your doc, but could you please also submit it as a PR to the communit design proposals repo: https://github.com/kubernetes/community/tree/master/contributors/design-proposals. That is our official proposal process, and it will get more exposure that way.

[xingzhou]

Thanks Tim for your comments, I created a PR in community repo right now and also write some of my thoughts in that google doc.