Documentation
¶
Index ¶
Constants ¶
View Source
const ( // CapabilityAdded occurs when a capability is in the capability add list of a container's security context CapabilityAdded = "CapabilityAdded" // CapabilityNotDropped occurs when a capability that should be dropped is not in the capability drop list of a container's security context CapabilityNotDropped = "CapabilityNotDropped" )
View Source
const Name = "capabilities"
Variables ¶
View Source
var DefaultDropList = []string{
"AUDIT_WRITE",
"CHOWN",
"DAC_OVERRIDE",
"FOWNER",
"FSETID",
"KILL",
"MKNOD",
"NET_BIND_SERVICE",
"NET_RAW",
"SETFCAP",
"SETGID",
"SETPCAP",
"SETUID",
"SYS_CHROOT",
}
DefaultDropList is the list of capabilities that will be dropped if no drop list is specified https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
Functions ¶
This section is empty.
Types ¶
type Capabilities ¶
type Capabilities struct {
// contains filtered or unexported fields
}
Capabilities implements Auditable
func New ¶
func New(config Config) *Capabilities
func (*Capabilities) Audit ¶
func (a *Capabilities) Audit(resource k8stypes.Resource, _ []k8stypes.Resource) ([]*kubeaudit.AuditResult, error)
Audit checks that bad capabilities are dropped and no capabilities are added
Source Files
Click to show internal directories.
Click to hide internal directories.