sysctl

package
v1.1.0-alpha.0....-c00828a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 12, 2017 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// the Linux IPC namespace
	IpcNamespace = Namespace("ipc")

	// the network namespace
	NetNamespace = Namespace("net")

	// the zero value if no namespace is known
	UnknownNamespace = Namespace("")
)
View Source
const (
	AnnotationInvalidReason = "InvalidSysctlAnnotation"
	ForbiddenReason         = "SysctlForbidden"
)
View Source
const (
	UnsupportedReason = "SysctlUnsupported"
)

Variables

This section is empty.

Functions

func NewRuntimeAdmitHandler

func NewRuntimeAdmitHandler(runtime container.Runtime) (*runtimeAdmitHandler, error)

NewRuntimeAdmitHandler returns a sysctlRuntimeAdmitHandler which checks whether the given runtime support sysctls.

func NewWhitelist

func NewWhitelist(patterns []string, annotationKey string) (*patternWhitelist, error)

NewWhitelist creates a new Whitelist from a list of sysctls and sysctl pattern (ending in *).

func SafeSysctlWhitelist

func SafeSysctlWhitelist() []string

SafeSysctlWhitelist returns the whitelist of safe sysctls and safe sysctl patterns (ending in *).

A sysctl is called safe iff - it is namespaced in the container or the pod - it is isolated, i.e. has no influence on any other pod on the same node.

Types

type Namespace

type Namespace string

Namespace represents a kernel namespace name.

func NamespacedBy

func NamespacedBy(val string) Namespace

NamespacedBy returns the namespace of the Linux kernel for a sysctl, or UnknownNamespace if the sysctl is not known to be namespaced.

type Whitelist

type Whitelist interface {
	// Validate checks that all sysctls given in a v1.SysctlsPodAnnotationKey annotation
	// are valid according to the whitelist.
	Validate(pod *v1.Pod) error
}

Whitelist provides a list of allowed sysctls and sysctl patterns (ending in *) and a function to check whether a given sysctl matches this list.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL