util

package

v1.13.4-k3s.2 Latest Latest Go to latest Published: Mar 8, 2019 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/MonzElmasry/k3s

Documentation ¶

Overview ¶

Package util contains utility code shared amongst different parts of the pod security policy apparatus.

Index ¶

Constants
func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) (pathIsAllowed, mustBeReadOnly bool)
func EqualStringSlices(a, b []string) bool
func FSTypeToStringSet(fsTypes []policy.FSType) sets.String
func GetAllFSTypesAsSet() sets.String
func GetAllFSTypesExcept(exceptions ...string) sets.String
func GetVolumeFSType(v api.Volume) (policy.FSType, error)
func GroupFallsInRange(id int64, rng policy.IDRange) bool
func PSPAllowsAllVolumes(psp *policy.PodSecurityPolicy) bool
func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool
func UserFallsInRange(id int64, rng policy.IDRange) bool

Constants ¶

View Source

const (
	ValidatedPSPAnnotation = "kubernetes.io/psp"
)

Variables ¶

This section is empty.

Functions ¶

func AllowsHostVolumePath ¶

func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) (pathIsAllowed, mustBeReadOnly bool)

AllowsHostVolumePath is a utility for checking if a PSP allows the host volume path. This only checks the path. You should still check to make sure the host volume fs type is allowed.

func EqualStringSlices ¶

func EqualStringSlices(a, b []string) bool

EqualStringSlices compares string slices for equality. Slices are equal when their sizes and elements on similar positions are equal.

func FSTypeToStringSet ¶

func FSTypeToStringSet(fsTypes []policy.FSType) sets.String

FSTypeToStringSet converts an FSType slice to a string set.

func GetAllFSTypesAsSet ¶

func GetAllFSTypesAsSet() sets.String

func GetAllFSTypesExcept ¶

func GetAllFSTypesExcept(exceptions ...string) sets.String

func GetVolumeFSType ¶

func GetVolumeFSType(v api.Volume) (policy.FSType, error)

getVolumeFSType gets the FSType for a volume.

func GroupFallsInRange ¶

func GroupFallsInRange(id int64, rng policy.IDRange) bool

GroupFallsInRange is a utility to determine it the id falls in the valid range.

func PSPAllowsAllVolumes ¶

func PSPAllowsAllVolumes(psp *policy.PodSecurityPolicy) bool

PSPAllowsAllVolumes checks for FSTypeAll in the psp's allowed volumes.

func PSPAllowsFSType ¶

func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool

PSPAllowsFSType is a utility for checking if a PSP allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.

func UserFallsInRange ¶

func UserFallsInRange(id int64, rng policy.IDRange) bool

UserFallsInRange is a utility to determine it the id falls in the valid range.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL