securitycontext

package

v1.0.1 Latest Latest Go to latest Published: Jun 30, 2015 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/lucasjo/origin

Links

Open Source Insights

Documentation ¶

Overview ¶

Package securitycontext contains security context api implementations

Index ¶

func HasCapabilitiesRequest(container *api.Container) bool
func HasPrivilegedRequest(container *api.Container) bool
func ParseSELinuxOptions(context string) (*api.SELinuxOptions, error)
func ProjectSELinuxOptions(source, target *api.SELinuxOptions) *api.SELinuxOptions
func SELinuxOptionsString(sel *api.SELinuxOptions) string
func ValidSecurityContextWithContainerDefaults() *api.SecurityContext
type FakeSecurityContextProvider
- func (p FakeSecurityContextProvider) ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)
- func (p FakeSecurityContextProvider) ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)
type SecurityContextProvider
- func NewFakeSecurityContextProvider() SecurityContextProvider
- func NewSimpleSecurityContextProvider() SecurityContextProvider
type SimpleSecurityContextProvider
- func (p SimpleSecurityContextProvider) ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)
- func (p SimpleSecurityContextProvider) ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func HasCapabilitiesRequest ¶

func HasCapabilitiesRequest(container *api.Container) bool

HasCapabilitiesRequest returns true if Adds or Drops are defined in the security context capabilities, taking into account nils

func HasPrivilegedRequest ¶

func HasPrivilegedRequest(container *api.Container) bool

HasPrivilegedRequest returns the value of SecurityContext.Privileged, taking into account the possibility of nils

func ParseSELinuxOptions ¶ added in v0.6.2

func ParseSELinuxOptions(context string) (*api.SELinuxOptions, error)

ParseSELinuxOptions parses a string containing a full SELinux context (user, role, type, and level) into an SELinuxOptions object. If the context is malformed, an error is returned.

func ProjectSELinuxOptions ¶ added in v0.6.2

func ProjectSELinuxOptions(source, target *api.SELinuxOptions) *api.SELinuxOptions

ProjectSELinuxOptions projects a source SELinuxOptions onto a target SELinuxOptions and returns a _new_ SELinuxOptions containing the result.

func SELinuxOptionsString ¶ added in v0.6.2

func SELinuxOptionsString(sel *api.SELinuxOptions) string

SELinuxOptionsString returns the string representation of a set of SELinuxOptions.

func ValidSecurityContextWithContainerDefaults ¶

func ValidSecurityContextWithContainerDefaults() *api.SecurityContext

ValidSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.

Types ¶

type FakeSecurityContextProvider ¶

type FakeSecurityContextProvider struct{}

func (FakeSecurityContextProvider) ModifyContainerConfig ¶

func (p FakeSecurityContextProvider) ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)

func (FakeSecurityContextProvider) ModifyHostConfig ¶

func (p FakeSecurityContextProvider) ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)

type SecurityContextProvider ¶

type SecurityContextProvider interface {
	// ModifyContainerConfig is called before the Docker createContainer call.
	// The security context provider can make changes to the Config with which
	// the container is created.
	ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)

	// ModifyHostConfig is called before the Docker runContainer call.
	// The security context provider can make changes to the HostConfig, affecting
	// security options, whether the container is privileged, volume binds, etc.
	// An error is returned if it's not possible to secure the container as requested
	// with a security context.
	ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)
}

func NewFakeSecurityContextProvider ¶

func NewFakeSecurityContextProvider() SecurityContextProvider

NewFakeSecurityContextProvider creates a new, no-op security context provider.

func NewSimpleSecurityContextProvider ¶

func NewSimpleSecurityContextProvider() SecurityContextProvider

NewSimpleSecurityContextProvider creates a new SimpleSecurityContextProvider.

type SimpleSecurityContextProvider ¶

type SimpleSecurityContextProvider struct{}

SimpleSecurityContextProvider is the default implementation of a SecurityContextProvider.

func (SimpleSecurityContextProvider) ModifyContainerConfig ¶

func (p SimpleSecurityContextProvider) ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)

ModifyContainerConfig is called before the Docker createContainer call. The security context provider can make changes to the Config with which the container is created.

func (SimpleSecurityContextProvider) ModifyHostConfig ¶

func (p SimpleSecurityContextProvider) ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)

ModifyHostConfig is called before the Docker runContainer call. The security context provider can make changes to the HostConfig, affecting security options, whether the container is privileged, volume binds, etc. An error is returned if it's not possible to secure the container as requested with a security context.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL