seccomp

package
v0.22.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 21, 2024 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// SeccompDeprecatedAnnotations occurs when deprecated seccomp annotations are present
	SeccompDeprecatedAnnotations = "SeccompDeprecatedAnnotations"
	// SeccompProfileMissing occurs when there are no seccomp profiles (pod nor container level)
	SeccompProfileMissing = "SeccompProfileMissing"
	// SeccompDisabledPod occurs when the pod-level seccomp profile is set to a value which disables seccomp
	SeccompDisabledPod = "SeccompDisabledPod"
	// SeccompDisabledContainer occurs when the container-level seccomp profile is set to a value which disables seccomp
	SeccompDisabledContainer = "SeccompDisabledContainer"
)
View Source 
const (
	// ProfileRuntimeDefault represents the default seccomp profile used by container runtime
	ProfileRuntimeDefault = apiv1.SeccompProfileTypeRuntimeDefault
	// ProfileLocalhost represents the localhost seccomp profile used by container runtime
	ProfileLocalhost = apiv1.SeccompProfileTypeLocalhost
	// ContainerAnnotationKeyPrefix represents the key of a seccomp profile applied to one container of a pod
	ContainerAnnotationKeyPrefix = apiv1.SeccompContainerAnnotationKeyPrefix
	// PodAnnotationKey represents the key of a seccomp profile applied to all containers of a pod
	PodAnnotationKey = apiv1.SeccompPodAnnotationKey
)
View Source 
const Name = "seccomp"

Variables

This section is empty.

Functions

This section is empty.

Types

type ByRemovingSeccompProfileInContainer added in v0.21.0 

type ByRemovingSeccompProfileInContainer struct {
	// contains filtered or unexported fields
}

func (*ByRemovingSeccompProfileInContainer) Apply added in v0.21.0 

func (pending *ByRemovingSeccompProfileInContainer) Apply(resource k8s.Resource) []k8s.Resource

func (*ByRemovingSeccompProfileInContainer) Plan added in v0.21.0 

func (pending *ByRemovingSeccompProfileInContainer) Plan() string

type BySettingSeccompProfile added in v0.21.0 

type BySettingSeccompProfile struct {
	// contains filtered or unexported fields
}

func (*BySettingSeccompProfile) Apply added in v0.21.0 

func (pending *BySettingSeccompProfile) Apply(resource k8s.Resource) []k8s.Resource

func (*BySettingSeccompProfile) Plan added in v0.21.0 

func (pending *BySettingSeccompProfile) Plan() string

type BySettingSeccompProfileInContainer added in v0.21.0 

type BySettingSeccompProfileInContainer struct {
	// contains filtered or unexported fields
}

func (*BySettingSeccompProfileInContainer) Apply added in v0.21.0 

func (pending *BySettingSeccompProfileInContainer) Apply(resource k8s.Resource) []k8s.Resource

func (*BySettingSeccompProfileInContainer) Plan added in v0.21.0 

func (pending *BySettingSeccompProfileInContainer) Plan() string

type Seccomp 

type Seccomp struct{}

Seccomp implements Auditable

func New 

func New() *Seccomp

func (*Seccomp) Audit 

func (a *Seccomp) Audit(resource k8s.Resource, _ []k8s.Resource) ([]*kubeaudit.AuditResult, error)

Audit checks that Seccomp is enabled for all containers

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.