seccomp

package
v1.13.4-k3s.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 4, 2019 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AllowAny is the wildcard used to allow any profile.
	AllowAny = "*"
	// The annotation key specifying the default seccomp profile.
	DefaultProfileAnnotationKey = "seccomp.security.alpha.kubernetes.io/defaultProfileName"
	// The annotation key specifying the allowed seccomp profiles.
	AllowedProfilesAnnotationKey = "seccomp.security.alpha.kubernetes.io/allowedProfileNames"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Strategy

type Strategy interface {
	// Generate returns a profile based on constraint rules.
	Generate(annotations map[string]string, pod *api.Pod) (string, error)
	// Validate ensures that the specified values fall within the range of the strategy.
	ValidatePod(pod *api.Pod) field.ErrorList
	// Validate ensures that the specified values fall within the range of the strategy.
	ValidateContainer(pod *api.Pod, container *api.Container) field.ErrorList
}

Strategy defines the interface for all seccomp constraint strategies.

func NewStrategy

func NewStrategy(pspAnnotations map[string]string) Strategy

NewStrategy creates a new strategy that enforces seccomp profile constraints.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL