Documentation
¶
Index ¶
- func AreCapsAllowed(linuxCaps specs.LinuxCapabilities, capabilities []types.Capability) bool
- func AreCapsBlocked(linuxCaps specs.LinuxCapabilities, capabilities []types.Capability) bool
- func AreNamespacesActivated(nsList []specs.LinuxNamespace, namespaces []specs.LinuxNamespaceType) bool
- func AreNamespacesDeactivated(nsList []specs.LinuxNamespace, namespaces []specs.LinuxNamespaceType) bool
- func AreSeccompSyscallsWithArgsAllowed(seccompProfile specs.LinuxSeccomp, ...) bool
- func AreSyscallsAllowedBySeccomp(seccompProfile specs.LinuxSeccomp, syscallNames []types.Syscall) bool
- func AreSyscallsBlockedBySeccomp(seccompProfile specs.LinuxSeccomp, syscallNames []types.Syscall) bool
- func AreSyscallsWithArgsBlockedBySeccomp(seccompProfile specs.LinuxSeccomp, ...) bool
- func GetNonDefaultMounts(mountList []specs.Mount) []specs.Mount
- func OCICapsMatchRefWithConstraints(capabilities specs.LinuxCapabilities, ...) bool
- func PathListMatchRefMount(mountPathList []string, refMounts []specs.Mount) bool
- func TestSpec() *specs.Spec
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AreCapsAllowed ¶
func AreCapsAllowed(linuxCaps specs.LinuxCapabilities, capabilities []types.Capability) bool
AreCapsAllowed checks that capabilities in the provided cap list are allowed
func AreCapsBlocked ¶
func AreCapsBlocked(linuxCaps specs.LinuxCapabilities, capabilities []types.Capability) bool
AreCapsBlocked checks that capabilities in the provided cap list are not allowed
func AreNamespacesActivated ¶
func AreNamespacesActivated(nsList []specs.LinuxNamespace, namespaces []specs.LinuxNamespaceType) bool
AreNamespacesActivated checks that the namespaces in the provided ns list are enabled
func AreNamespacesDeactivated ¶
func AreNamespacesDeactivated(nsList []specs.LinuxNamespace, namespaces []specs.LinuxNamespaceType) bool
AreNamespacesDeactivated checks that the namespaces in the provided ns list are disabled
func AreSeccompSyscallsWithArgsAllowed ¶
func AreSeccompSyscallsWithArgsAllowed(seccompProfile specs.LinuxSeccomp, syscallsWithArgs map[types.Syscall][]specs.LinuxSeccompArg) bool
AreSeccompSyscallsWithArgsAllowed checks that the provided list of syscalls and args are whitelisted by the seccomp profile
func AreSyscallsAllowedBySeccomp ¶
func AreSyscallsAllowedBySeccomp(seccompProfile specs.LinuxSeccomp, syscallNames []types.Syscall) bool
AreSyscallsAllowedBySeccomp checks that the provided syscalls are whitelisted by the seccomp profile FIXME(nass) should test exact match (whitelisting + blacklisting)
func AreSyscallsBlockedBySeccomp ¶
func AreSyscallsBlockedBySeccomp(seccompProfile specs.LinuxSeccomp, syscallNames []types.Syscall) bool
AreSyscallsBlockedBySeccomp checks that the provided syscalls are blocked by the seccomp profile
func AreSyscallsWithArgsBlockedBySeccomp ¶
func AreSyscallsWithArgsBlockedBySeccomp(seccompProfile specs.LinuxSeccomp, syscallsWithArgs map[types.Syscall][]specs.LinuxSeccompArg) bool
AreSyscallsWithArgsBlockedBySeccomp checks that the provided list of syscalls and args are blocked by the seccomp profile
func GetNonDefaultMounts ¶
GetNonDefaultMounts returns a mount set from the provided mount list without default Moby mounts that it may contain
func OCICapsMatchRefWithConstraints ¶
func OCICapsMatchRefWithConstraints(capabilities specs.LinuxCapabilities, capsToAdd, capsToRemove []types.Capability) bool
OCICapsMatchRefWithConstraints checks that all OCI capability lists match exactly the ref cap list with entitlement's constraints to apply.
func PathListMatchRefMount ¶
PathListMatchRefMount checks that the path list holds exactly the mount destinations of the provided mount list
Types ¶
This section is empty.
Source Files