Documentation ¶
Overview ¶
Package securitycontext contains security context api implementations
Index ¶
- func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext
- func HasCapabilitiesRequest(container *v1.Container) bool
- func HasPrivilegedRequest(container *v1.Container) bool
- func HasRootRunAsUser(container *v1.Container) bool
- func HasRootUID(container *v1.Container) bool
- func HasRunAsUser(container *v1.Container) bool
- func InternalDetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *api.SecurityContext
- func ParseSELinuxOptions(context string) (*v1.SELinuxOptions, error)
- func ValidInternalSecurityContextWithContainerDefaults() *api.SecurityContext
- func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DetermineEffectiveSecurityContext ¶ added in v1.2.0
func HasCapabilitiesRequest ¶
HasCapabilitiesRequest returns true if Adds or Drops are defined in the security context capabilities, taking into account nils
func HasPrivilegedRequest ¶
HasPrivilegedRequest returns the value of SecurityContext.Privileged, taking into account the possibility of nils
func HasRootRunAsUser ¶ added in v1.1.0
HasRootRunAsUser returns true if the run as user is set and it is set to 0.
func HasRootUID ¶ added in v1.1.0
HasNonRootUID returns true if the runAsUser is set and is greater than 0.
func HasRunAsUser ¶ added in v1.1.0
HasRunAsUser determines if the sc's runAsUser field is set.
func InternalDetermineEffectiveSecurityContext ¶
func InternalDetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *api.SecurityContext
TODO: remove the duplicate code
func ParseSELinuxOptions ¶ added in v1.1.0
func ParseSELinuxOptions(context string) (*v1.SELinuxOptions, error)
ParseSELinuxOptions parses a string containing a full SELinux context (user, role, type, and level) into an SELinuxOptions object. If the context is malformed, an error is returned.
func ValidInternalSecurityContextWithContainerDefaults ¶
func ValidInternalSecurityContextWithContainerDefaults() *api.SecurityContext
ValidInternalSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.
func ValidSecurityContextWithContainerDefaults ¶
func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext
ValidSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.
Types ¶
This section is empty.