mounts

package
v0.0.0-...-e70be16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 24, 2024 License: MIT Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	MountNameMetadataKey     = "MountName"
	MountPathMetadataKey     = "MountPath"
	MountReadOnlyMetadataKey = "MountReadOnly"
	MountVolumeNameKey       = "MountVolume"
	MountVolumeHostPathKey   = "MountVolumeHostPath"
)
View Source 
const Name = "mounts"
View Source 
const (
	// SensitivePathsMounted occurs when a container has sensitive host paths mounted
	SensitivePathsMounted = "SensitivePathsMounted"
)

Variables

View Source 
var DefaultSensitivePaths = []string{"/proc", "/var/run/docker.sock", "/", "/etc", "/root", "/var/run/crio/crio.sock", "/run/containerd/containerd.sock", "/home/admin", "/var/lib/kubelet", "/var/lib/kubelet/pki", "/etc/kubernetes", "/etc/kubernetes/manifests"}

DefaultSensitivePaths is the default list of sensitive mount paths (from Falco rule: https://github.com/falcosecurity/falco/blob/master/rules/falco_rules.yaml#L1945)

Functions

This section is empty.

Types

type Config 

type Config struct {
	SensitivePaths []string `yaml:"denyPathsList"`
}

func (*Config) GetSensitivePaths 

func (config *Config) GetSensitivePaths() []string

type SensitivePathMounts 

type SensitivePathMounts struct {
	// contains filtered or unexported fields
}

SensitivePathMounts implements Auditable

func New 

func New(config Config) *SensitivePathMounts

func (*SensitivePathMounts) Audit 

func (sensitive *SensitivePathMounts) Audit(resource k8s.Resource, _ []k8s.Resource) ([]*kubeaudit.AuditResult, error)

Audit checks that the container does not have any sensitive host path

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.