rules

package

v2.14.0 Latest Latest Go to latest Published: Nov 21, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/controlplaneio/kubesec

Links

Open Source Insights

Documentation ¶

Index ¶

func AllowPrivilegeEscalation(json []byte) int
func ApparmorAny(json []byte) int
func AutomountServiceAccountToken(json []byte) int
func CapDropAll(json []byte) int
func CapDropAny(json []byte) int
func CapSysAdmin(json []byte) int
func DockerSock(json []byte) int
func HostAliases(json []byte) int
func HostIPC(json []byte) int
func HostNetwork(json []byte) int
func HostPID(json []byte) int
func LimitsCPU(json []byte) int
func LimitsMemory(json []byte) int
func Privileged(json []byte) int
func ProcMount(json []byte) int
func ReadOnlyRootFilesystem(json []byte) int
func RequestsCPU(json []byte) int
func RequestsMemory(json []byte) int
func RunAsGroup(json []byte) int
func RunAsNonRoot(json []byte) int
func RunAsUser(json []byte) int
func SeccompAny(json []byte) int
func SeccompUnconfined(json []byte) int
func ServiceAccountName(json []byte) int
func VolumeClaimAccessModeReadWriteOnce(json []byte) int
func VolumeClaimRequestsStorage(json []byte) int

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AllowPrivilegeEscalation ¶

func AllowPrivilegeEscalation(json []byte) int

func ApparmorAny ¶

func ApparmorAny(json []byte) int

TODO(ajm): tighten these matches, they could be "[apparmor..." or " apparmor...", and "unconfined]" or "unconfined " TODO(ajm): space delimiting matches is insufficient as this could be set to `unconfined blah`

func AutomountServiceAccountToken ¶ added in v2.14.0

func AutomountServiceAccountToken(json []byte) int

func CapDropAll ¶

func CapDropAll(json []byte) int

func CapDropAny ¶

func CapDropAny(json []byte) int

func CapSysAdmin ¶

func CapSysAdmin(json []byte) int

func DockerSock ¶

func DockerSock(json []byte) int

func HostAliases ¶

func HostAliases(json []byte) int

func HostIPC ¶

func HostIPC(json []byte) int

func HostNetwork ¶

func HostNetwork(json []byte) int

func HostPID ¶

func HostPID(json []byte) int

func LimitsCPU ¶

func LimitsCPU(json []byte) int

func LimitsMemory ¶

func LimitsMemory(json []byte) int

func Privileged ¶

func Privileged(json []byte) int

func ProcMount ¶ added in v2.14.0

func ProcMount(json []byte) int

func ReadOnlyRootFilesystem ¶

func ReadOnlyRootFilesystem(json []byte) int

func RequestsCPU ¶

func RequestsCPU(json []byte) int

func RequestsMemory ¶

func RequestsMemory(json []byte) int

func RunAsGroup ¶

func RunAsGroup(json []byte) int

func RunAsNonRoot ¶

func RunAsNonRoot(json []byte) int

func RunAsUser ¶

func RunAsUser(json []byte) int

func SeccompAny ¶

func SeccompAny(json []byte) int

TODO(ajm): tighten these matches, they could be "[seccomp..." or " seccomp...", and "unconfined]" or "unconfined " TODO(ajm): space delimiting matches is insufficient as this could be set to `unconfined blah`

func SeccompUnconfined ¶

func SeccompUnconfined(json []byte) int

TODO(ajm) this is just an inversion of seccompAny.go and should be refactored to use a shared function

func ServiceAccountName ¶

func ServiceAccountName(json []byte) int

func VolumeClaimAccessModeReadWriteOnce ¶

func VolumeClaimAccessModeReadWriteOnce(json []byte) int

func VolumeClaimRequestsStorage ¶

func VolumeClaimRequestsStorage(json []byte) int

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL