Affected by GO-2022-0281 and 6 other vulnerabilities

GO-2022-0281: Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman in github.com/containers/podman

GO-2022-0416: Podman's default inheritable capabilities for linux container not empty in github.com/containers/podman

GO-2022-1151: Buildah (as part of Podman) vulnerable to Link Following in github.com/containers/podman

GO-2023-1942: Podman Symlink Vulnerability in github.com/containers/libpod

GO-2023-1962: Podman Elevated Container Privileges in github.com/containers/podman

GO-2024-3042: Podman vulnerable to memory-based denial of service in github.com/containers/podman

GO-2024-3169: Improper Input Validation in Buildah and Podman in github.com/containers/buildah

The highest tagged major version is v5.

kube

package

v2.2.1 Latest Latest Go to latest Published: Dec 7, 2020 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/containers/podman

Links

Open Source Insights

Documentation ¶

Index ¶

func InitializeVolumes(specVolumes []v1.Volume) (map[string]*KubeVolume, error)
func ToPodGen(ctx context.Context, podName string, podYAML *v1.PodTemplateSpec) (*specgen.PodSpecGenerator, error)
func ToSpecGen(ctx context.Context, containerYAML v1.Container, iid string, ...) (*specgen.SpecGenerator, error)
type KubeSeccompPaths
- func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (*KubeSeccompPaths, error)
- func (k *KubeSeccompPaths) FindForContainer(ctrName string) string
type KubeVolume
type KubeVolumeType

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func InitializeVolumes ¶

func InitializeVolumes(specVolumes []v1.Volume) (map[string]*KubeVolume, error)

Create a map of volume name to KubeVolume

func ToPodGen ¶

func ToPodGen(ctx context.Context, podName string, podYAML *v1.PodTemplateSpec) (*specgen.PodSpecGenerator, error)

func ToSpecGen ¶

func ToSpecGen(ctx context.Context, containerYAML v1.Container, iid string, newImage *image.Image, volumes map[string]*KubeVolume, podID, podName, infraID string, configMaps []v1.ConfigMap, seccompPaths *KubeSeccompPaths, restartPolicy string) (*specgen.SpecGenerator, error)

Types ¶

type KubeSeccompPaths ¶

type KubeSeccompPaths struct {
	// contains filtered or unexported fields
}

KubeSeccompPaths holds information about a pod YAML's seccomp configuration it holds both container and pod seccomp paths

func InitializeSeccompPaths ¶

func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (*KubeSeccompPaths, error)

InitializeSeccompPaths takes annotations from the pod object metadata and finds annotations pertaining to seccomp it parses both pod and container level if the annotation is of the form "localhost/%s", the seccomp profile will be set to profileRoot/%s

func (*KubeSeccompPaths) FindForContainer ¶

func (k *KubeSeccompPaths) FindForContainer(ctrName string) string

FindForContainer checks whether a container has a seccomp path configured for it if not, it returns the podPath, which should always have a value

type KubeVolume ¶

type KubeVolume struct {
	// Type of volume to create
	Type KubeVolumeType
	// Path for bind mount or volume name for named volume
	Source string
}

func VolumeFromHostPath ¶

func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource) (*KubeVolume, error)

Create a KubeVolume from an HostPathVolumeSource

func VolumeFromPersistentVolumeClaim ¶

func VolumeFromPersistentVolumeClaim(claim *v1.PersistentVolumeClaimVolumeSource) (*KubeVolume, error)

Create a KubeVolume from a PersistentVolumeClaimVolumeSource

func VolumeFromSource ¶

func VolumeFromSource(volumeSource v1.VolumeSource) (*KubeVolume, error)

Create a KubeVolume from one of the supported VolumeSource

type KubeVolumeType ¶

type KubeVolumeType int

const (
	KubeVolumeTypeBindMount KubeVolumeType = iota
	KubeVolumeTypeNamed     KubeVolumeType = iota
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL