Documentation ¶
Index ¶
- func ComputeLayerHashes(img v1.Image) ([]string, error)
- func DefaultContainerConfigs() []securitypolicy.ContainerConfig
- func ParseCommandFromImage(img v1.Image) ([]string, error)
- func ParseEnvFromImage(img v1.Image) ([]string, error)
- func ParseWorkingDirFromImage(img v1.Image) (string, error)
- func PolicyContainersFromConfigs(containerConfigs []securitypolicy.ContainerConfig) ([]*securitypolicy.Container, error)
- func RemoteImageFromImageName(imageName string, opts ...remote.Option) (v1.Image, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ComputeLayerHashes ¶
ComputeLayerHashes computes cryptographic digests of image layers and returns them as slice of string hashes.
func DefaultContainerConfigs ¶
func DefaultContainerConfigs() []securitypolicy.ContainerConfig
DefaultContainerConfigs returns a hardcoded slice of container configs, which should be included by default in the security policy. The slice includes only a sandbox pause container.
func ParseCommandFromImage ¶
ParseCommandFromImage inspects the image and returns the command args, which is a combination of ENTRYPOINT and CMD Docker directives.
func ParseEnvFromImage ¶
ParseEnvFromImage inspects the image spec and adds security policy rules for environment variables from the spec. Additionally, includes "TERM=xterm" rule, which is added for linux containers by CRI.
func ParseWorkingDirFromImage ¶
ParseWorkingDirFromImage inspects the image spec and returns working directory if one was set via CWD Docker directive, otherwise returns "/".
func PolicyContainersFromConfigs ¶
func PolicyContainersFromConfigs(containerConfigs []securitypolicy.ContainerConfig) ([]*securitypolicy.Container, error)
PolicyContainersFromConfigs returns a slice of securitypolicy.Container generated from a slice of securitypolicy.ContainerConfig's
Types ¶
This section is empty.