Documentation ¶
Index ¶
- func AllowPrivilegeEscalation(json []byte) int
- func ApparmorAny(json []byte) int
- func CapDropAll(json []byte) int
- func CapDropAny(json []byte) int
- func CapSysAdmin(json []byte) int
- func DockerSock(json []byte) int
- func HostAliases(json []byte) int
- func HostIPC(json []byte) int
- func HostNetwork(json []byte) int
- func HostPID(json []byte) int
- func LimitsCPU(json []byte) int
- func LimitsMemory(json []byte) int
- func Privileged(json []byte) int
- func ReadOnlyRootFilesystem(json []byte) int
- func RequestsCPU(json []byte) int
- func RequestsMemory(json []byte) int
- func RunAsGroup(json []byte) int
- func RunAsNonRoot(json []byte) int
- func RunAsUser(json []byte) int
- func SeccompAny(json []byte) int
- func SeccompUnconfined(json []byte) int
- func ServiceAccountName(json []byte) int
- func VolumeClaimAccessModeReadWriteOnce(json []byte) int
- func VolumeClaimRequestsStorage(json []byte) int
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApparmorAny ¶
TODO(ajm): tighten these matches, they could be "[apparmor..." or " apparmor...", and "unconfined]" or "unconfined " TODO(ajm): space delimiting matches is insufficient as this could be set to `unconfined blah`
func CapDropAll ¶
func CapDropAny ¶
func CapSysAdmin ¶
func DockerSock ¶
func HostAliases ¶
func HostNetwork ¶
func LimitsMemory ¶
func Privileged ¶
func ReadOnlyRootFilesystem ¶
func RequestsCPU ¶
func RequestsMemory ¶
func RunAsGroup ¶
func RunAsNonRoot ¶
func SeccompAny ¶
TODO(ajm): tighten these matches, they could be "[seccomp..." or " seccomp...", and "unconfined]" or "unconfined " TODO(ajm): space delimiting matches is insufficient as this could be set to `unconfined blah`
func SeccompUnconfined ¶
TODO(ajm) this is just an inversion of seccompAny.go and should be refactored to use a shared function
func ServiceAccountName ¶
Types ¶
This section is empty.
Source Files ¶
- allowPrivilegeEscalation.go
- apparmorAny.go
- capDropAll.go
- capDropAny.go
- capSysAdmin.go
- dockerSock.go
- hostAliases.go
- hostIPC.go
- hostNetwork.go
- hostPID.go
- limitsCPU.go
- limitsMemory.go
- privileged.go
- readOnlyRootFilesystem.go
- requestsCPU.go
- requestsMemory.go
- runAsGroup.go
- runAsNonRoot.go
- runAsUser.go
- seccompAny.go
- seccompUnconfined.go
- selector.go
- serviceAccountName.go
- volumeClaimAccessModeReadWriteOnce.go
- volumeClaimRequestsStorage.go
Click to show internal directories.
Click to hide internal directories.