seccomp

package
v0.11.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 1, 2020 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// SeccompAnnotationMissing occurs when there are no seccomp annotations (pod nor container level)
	SeccompAnnotationMissing = "SeccompAnnotationMissing"
	// SeccompDeprecatedPod occurs when the pod-level seccomp annotation is set to a deprecated value
	SeccompDeprecatedPod = "SeccompDeprecatedPod"
	// SeccompDisabledPod occurs when the pod-level seccomp annotation is set to a value which disables seccomp
	SeccompDisabledPod = "SeccompDisabledPod"
	// SeccompDeprecatedContainer occurs when the container-level seccomp annotation is set to a deprecated value
	SeccompDeprecatedContainer = "SeccompDeprecatedContainer"
	// SeccompDisabledContainer occurs when the container-level seccomp annotation is set to a value which disables seccomp
	SeccompDisabledContainer = "SeccompDisabledContainer"
)
View Source
const (
	// ContainerAnnotationKeyPrefix represents the key of a seccomp profile applied to one container of a pod
	ContainerAnnotationKeyPrefix = apiv1.SeccompContainerAnnotationKeyPrefix
	// PodAnnotationKey represents the key of a seccomp profile applied to all containers of a pod
	PodAnnotationKey = apiv1.SeccompPodAnnotationKey
	// ProfileRuntimeDefault represents the default seccomp profile used by container runtime
	ProfileRuntimeDefault = apiv1.SeccompProfileRuntimeDefault
	// ProfileNamePrefix is the prefix for a custom seccomp profile
	ProfileNamePrefix = "localhost/"
	// DeprecatedProfileRuntimeDefault represents the default seccomp profile used by docker.
	// This is now deprecated and should be replaced by SeccompProfileRuntimeDefault
	DeprecatedProfileRuntimeDefault = apiv1.DeprecatedSeccompProfileDockerDefault
)
View Source
const Name = "seccomp"

Variables

This section is empty.

Functions

This section is empty.

Types

type Seccomp

type Seccomp struct{}

Seccomp implements Auditable

func New

func New() *Seccomp

func (*Seccomp) Audit

func (a *Seccomp) Audit(resource k8stypes.Resource, _ []k8stypes.Resource) ([]*kubeaudit.AuditResult, error)

Audit checks that Seccomp is enabled for all containers

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL