Documentation ¶
Overview ¶
package capbabilities manages system level capabilities
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Initialize ¶
func Initialize(c Capabilities)
Initialize the capability set. This can only be done once per binary, subsequent calls are ignored.
func SetForTests ¶
func SetForTests(c Capabilities)
SetCapabilitiesForTests. Convenience method for testing. This should only be called from tests.
func Setup ¶ added in v0.15.0
func Setup(allowPrivileged bool, privilegedSources PrivilegedSources, perConnectionBytesPerSec int64)
Setup the capability set. It wraps Initialize for improving usibility.
Types ¶
type Capabilities ¶
type Capabilities struct { AllowPrivileged bool // Pod sources from which to allow privileged capabilities like host networking, sharing the host // IPC namespace, and sharing the host PID namespace. PrivilegedSources PrivilegedSources // PerConnectionBandwidthLimitBytesPerSec limits the throughput of each connection (currently only used for proxy, exec, attach) PerConnectionBandwidthLimitBytesPerSec int64 }
Capabilities defines the set of capabilities available within the system. For now these are global. Eventually they may be per-user
type PrivilegedSources ¶ added in v1.1.0
type PrivilegedSources struct { // List of pod sources for which using host network is allowed. HostNetworkSources []string // List of pod sources for which using host pid namespace is allowed. HostPIDSources []string // List of pod sources for which using host ipc is allowed. HostIPCSources []string }
PrivilegedSources defines the pod sources allowed to make privileged requests for certain types of capabilities like host networking, sharing the host IPC namespace, and sharing the host PID namespace.