Documentation

Overview

    Package capabilities contains code for validating and defaulting a pod's kernel capabilities according to a security policy.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    This section is empty.

    Types

    type Strategy

    type Strategy interface {
    	// Generate creates the capabilities based on policy rules.
    	Generate(pod *api.Pod, container *api.Container) (*api.Capabilities, error)
    	// Validate ensures that the specified values fall within the range of the strategy.
    	Validate(pod *api.Pod, container *api.Container, capabilities *api.Capabilities) field.ErrorList
    }

      Strategy defines the interface for all cap constraint strategies.

      func NewDefaultCapabilities

      func NewDefaultCapabilities(defaultAddCapabilities, requiredDropCapabilities, allowedCaps []api.Capability) (Strategy, error)

        NewDefaultCapabilities creates a new defaultCapabilities strategy that will provide defaults and validation based on the configured initial caps and allowed caps.