Documentation
¶
Index ¶
Constants ¶
View Source
const ( // CapabilityAdded occurs when a capability is in the capability add list of a container's security context CapabilityAdded = "CapabilityAdded" // CapabilityShouldDropAll occurs when there's a drop list instead of having drop "ALL" CapabilityShouldDropAll = "CapabilityShouldDropAll" // CapabilityOrSecurityContextMissing occurs when either the Security Context or Capabilities are not specified CapabilityOrSecurityContextMissing = "CapabilityOrSecurityContextMissing" )
View Source
const Name = "capabilities"
Variables ¶
View Source
var DefaultAllowAddList = []string{""}
View Source
var DefaultDropList = []string{"ALL"}
Functions ¶
func IsCapabilityInAddList ¶ added in v0.12.0
func IsCapabilityInAddList(container *k8s.ContainerV1, capability string) bool
func IsDropAll ¶ added in v0.12.0
func IsDropAll(container *k8s.ContainerV1) bool
func SecurityContextOrCapabilities ¶ added in v0.12.0
func SecurityContextOrCapabilities(container *k8s.ContainerV1) bool
Types ¶
type Capabilities ¶
type Capabilities struct {
// contains filtered or unexported fields
}
Capabilities implements Auditable
func New ¶
func New(config Config) *Capabilities
func (*Capabilities) Audit ¶
func (a *Capabilities) Audit(resource k8s.Resource, _ []k8s.Resource) ([]*kubeaudit.AuditResult, error)
Audit checks that bad capabilities are dropped with ALL and no capabilities are added
Source Files
Click to show internal directories.
Click to hide internal directories.