Version: v1.22.4 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Nov 17, 2021 License: Apache-2.0 Imports: 5 Imported by: 34



Package util contains utility code shared amongst different parts of the pod security policy apparatus.



View Source
const (
	ValidatedPSPAnnotation = "kubernetes.io/psp"


This section is empty.


func AllowsHostVolumePath added in v1.8.0

func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) (pathIsAllowed, mustBeReadOnly bool)

AllowsHostVolumePath is a utility for checking if a PSP allows the host volume path. This only checks the path. You should still check to make sure the host volume fs type is allowed.

func EqualStringSlices added in v1.10.0

func EqualStringSlices(a, b []string) bool

EqualStringSlices compares string slices for equality. Slices are equal when their sizes and elements on similar positions are equal.

func FSTypeToStringSet

func FSTypeToStringSet(fsTypes []policy.FSType) sets.String

FSTypeToStringSet converts an FSType slice to a string set.

func GetAllFSTypesAsSet

func GetAllFSTypesAsSet() sets.String

GetAllFSTypesAsSet returns all actual volume types, regardless of feature gates. The special policy.All pseudo type is not included.

func GetAllFSTypesExcept

func GetAllFSTypesExcept(exceptions ...string) sets.String

GetAllFSTypesExcept returns the result of GetAllFSTypesAsSet minus the given exceptions.

func GetVolumeFSType

func GetVolumeFSType(v api.Volume) (policy.FSType, error)

getVolumeFSType gets the FSType for a volume.

func GroupFallsInRange added in v1.7.0

func GroupFallsInRange(id int64, rng policy.IDRange) bool

GroupFallsInRange is a utility to determine it the id falls in the valid range.

func IsOnlyServiceAccountTokenSources added in v1.19.0

func IsOnlyServiceAccountTokenSources(v *api.ProjectedVolumeSource) bool

func PSPAllowsAllVolumes

func PSPAllowsAllVolumes(psp *policy.PodSecurityPolicy) bool

PSPAllowsAllVolumes checks for FSTypeAll in the psp's allowed volumes.

func PSPAllowsFSType

func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool

PSPAllowsFSType is a utility for checking if a PSP allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.

func UserFallsInRange added in v1.7.0

func UserFallsInRange(id int64, rng policy.IDRange) bool

UserFallsInRange is a utility to determine it the id falls in the valid range.


This section is empty.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL