Documentation ¶
Index ¶
Constants ¶
View Source
const ( // ReadOnlyRootFilesystemFalse occurs when readOnlyRootFilesystem is set to false in the container SecurityContext ReadOnlyRootFilesystemFalse = "ReadOnlyRootFilesystemFalse" // ReadOnlyRootFilesystemNil occurs when readOnlyRootFilesystem is not set in the container SecurityContext. // readOnlyRootFilesystem defaults to false so this is bad ReadOnlyRootFilesystemNil = "ReadOnlyRootFilesystemNil" )
View Source
const Name = "rootfs"
View Source
const OverrideLabel = "allow-read-only-root-filesystem-false"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ReadOnlyRootFilesystem ¶
type ReadOnlyRootFilesystem struct{}
ReadOnlyRootFilesystem implements Auditable
func New ¶
func New() *ReadOnlyRootFilesystem
func (*ReadOnlyRootFilesystem) Audit ¶
func (a *ReadOnlyRootFilesystem) Audit(resource k8s.Resource, _ []k8s.Resource) ([]*kubeaudit.AuditResult, error)
Audit checks that readOnlyRootFilesystem is set to true in every container's security context
Click to show internal directories.
Click to hide internal directories.