securitycontext

package
v1.6.0-beta.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 2, 2017 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package securitycontext contains security context api implementations

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DockerLabelDisable

func DockerLabelDisable(separator rune) string

DockerLaelDisable returns the Docker security opt that disables SELinux for the container.

func DockerLabelLevel

func DockerLabelLevel(separator rune) string

DockerLabelLevel returns the fragment of a Docker security opt that describes the SELinux level. Note that strictly speaking this is not actually the name of the security opt, but a fragment of the whole key- value pair necessary to set the opt.

func DockerLabelRole

func DockerLabelRole(separator rune) string

DockerLabelRole returns the fragment of a Docker security opt that describes the SELinux role. Note that strictly speaking this is not actually the name of the security opt, but a fragment of the whole key- value pair necessary to set the opt.

func DockerLabelType

func DockerLabelType(separator rune) string

DockerLabelType returns the fragment of a Docker security opt that describes the SELinux type. Note that strictly speaking this is not actually the name of the security opt, but a fragment of the whole key- value pair necessary to set the opt.

func DockerLabelUser

func DockerLabelUser(separator rune) string

DockerLabelUser returns the fragment of a Docker security opt that describes the SELinux user. Note that strictly speaking this is not actually the name of the security opt, but a fragment of the whole key- value pair necessary to set the opt.

func ModifySecurityOptions

func ModifySecurityOptions(config []string, selinuxOpts *v1.SELinuxOptions, separator rune) []string

ModifySecurityOptions adds SELinux options to config using the given separator.

Types

type FakeSecurityContextProvider

type FakeSecurityContextProvider struct{}

func (FakeSecurityContextProvider) ModifyContainerConfig

func (p FakeSecurityContextProvider) ModifyContainerConfig(pod *v1.Pod, container *v1.Container, config *dockercontainer.Config)

func (FakeSecurityContextProvider) ModifyHostConfig

func (p FakeSecurityContextProvider) ModifyHostConfig(pod *v1.Pod, container *v1.Container, hostConfig *dockercontainer.HostConfig, supplementalGids []int64)

type SecurityContextProvider

type SecurityContextProvider interface {
	// ModifyContainerConfig is called before the Docker createContainer call.
	// The security context provider can make changes to the Config with which
	// the container is created.
	ModifyContainerConfig(pod *v1.Pod, container *v1.Container, config *dockercontainer.Config)

	// ModifyHostConfig is called before the Docker createContainer call.
	// The security context provider can make changes to the HostConfig, affecting
	// security options, whether the container is privileged, volume binds, etc.
	// An error is returned if it's not possible to secure the container as requested
	// with a security context.
	//
	// - pod: the pod to modify the docker hostconfig for
	// - container: the container to modify the hostconfig for
	// - supplementalGids: additional supplemental GIDs associated with the pod's volumes
	ModifyHostConfig(pod *v1.Pod, container *v1.Container, hostConfig *dockercontainer.HostConfig, supplementalGids []int64)
}

func NewFakeSecurityContextProvider

func NewFakeSecurityContextProvider() SecurityContextProvider

NewFakeSecurityContextProvider creates a new, no-op security context provider.

func NewSimpleSecurityContextProvider

func NewSimpleSecurityContextProvider(securityOptSeparator rune) SecurityContextProvider

NewSimpleSecurityContextProvider creates a new SimpleSecurityContextProvider.

type SimpleSecurityContextProvider

type SimpleSecurityContextProvider struct {
	// contains filtered or unexported fields
}

SimpleSecurityContextProvider is the default implementation of a SecurityContextProvider.

func (SimpleSecurityContextProvider) ModifyContainerConfig

func (p SimpleSecurityContextProvider) ModifyContainerConfig(pod *v1.Pod, container *v1.Container, config *dockercontainer.Config)

ModifyContainerConfig is called before the Docker createContainer call. The security context provider can make changes to the Config with which the container is created.

func (SimpleSecurityContextProvider) ModifyHostConfig

func (p SimpleSecurityContextProvider) ModifyHostConfig(pod *v1.Pod, container *v1.Container, hostConfig *dockercontainer.HostConfig, supplementalGids []int64)

ModifyHostConfig is called before the Docker runContainer call. The security context provider can make changes to the HostConfig, affecting security options, whether the container is privileged, volume binds, etc.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL