capabilities

package
v0.11.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 6, 2021 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// CapabilityAdded occurs when a capability is in the capability add list of a container's security context
	CapabilityAdded = "CapabilityAdded"
	// CapabilityNotDropped occurs when a capability that should be dropped is not in the capability drop list of a container's security context
	CapabilityNotDropped = "CapabilityNotDropped"
)
View Source
const Name = "capabilities"

Variables

View Source
var DefaultDropList = []string{
	"AUDIT_WRITE",
	"CHOWN",
	"DAC_OVERRIDE",
	"FOWNER",
	"FSETID",
	"KILL",
	"MKNOD",
	"NET_BIND_SERVICE",
	"NET_RAW",
	"SETFCAP",
	"SETGID",
	"SETPCAP",
	"SETUID",
	"SYS_CHROOT",
}

DefaultDropList is the list of capabilities that will be dropped if no drop list is specified https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

Functions

This section is empty.

Types

type Capabilities

type Capabilities struct {
	// contains filtered or unexported fields
}

Capabilities implements Auditable

func New

func New(config Config) *Capabilities

func (*Capabilities) Audit

func (a *Capabilities) Audit(resource k8stypes.Resource, _ []k8stypes.Resource) ([]*kubeaudit.AuditResult, error)

Audit checks that bad capabilities are dropped and no capabilities are added

type Config

type Config struct {
	DropList []string `yaml:"drop"`
}

func (*Config) GetDropList

func (config *Config) GetDropList() []string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL