Documentation ¶
Overview ¶
Package v1 contains API Schema definitions for the security v1 API group +kubebuilder:object:generate=true +groupName=security.kubearmor.com
Index ¶
- Variables
- func Resource(resource string) schema.GroupResource
- type ActionType
- type CapabilitiesType
- type FileDirectoryType
- type FilePathType
- type FilePatternType
- type FileType
- type HostCapabilitiesType
- type HostNetworkType
- type KubeArmorClusterPolicy
- type KubeArmorClusterPolicyList
- type KubeArmorClusterPolicySpec
- type KubeArmorClusterPolicyStatus
- type KubeArmorHostPolicy
- type KubeArmorHostPolicyList
- type KubeArmorHostPolicySpec
- type KubeArmorHostPolicyStatus
- type KubeArmorPolicy
- type KubeArmorPolicyList
- type KubeArmorPolicySpec
- type KubeArmorPolicyStatus
- type MatchBinType
- type MatchCapabilitiesStringType
- type MatchCapabilitiesType
- type MatchDirectoryType
- type MatchExpressionsType
- type MatchHostCapabilitiesType
- type MatchHostNetworkProtocolType
- type MatchNetworkProtocolStringType
- type MatchNetworkProtocolType
- type MatchPathType
- type MatchSourceType
- type MatchSyscallPathType
- type MatchVolumeMountType
- type NetworkType
- type NodeSelectorType
- type NsSelectorType
- type ProcessDirectoryType
- type ProcessPathType
- type ProcessPatternType
- type ProcessType
- type SELinuxType
- type SelectorType
- type SeverityType
- type Syscall
- type SyscallFromSourceType
- type SyscallMatchPathType
- type SyscallMatchType
- type SyscallsType
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects SchemeGroupVersion = schema.GroupVersion{Group: "security.kubearmor.com", Version: "v1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type CapabilitiesType ¶
type CapabilitiesType struct { MatchCapabilities []MatchCapabilitiesType `json:"matchCapabilities,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*CapabilitiesType) DeepCopy ¶
func (in *CapabilitiesType) DeepCopy() *CapabilitiesType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilitiesType.
func (*CapabilitiesType) DeepCopyInto ¶
func (in *CapabilitiesType) DeepCopyInto(out *CapabilitiesType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FileDirectoryType ¶
type FileDirectoryType struct { Directory MatchDirectoryType `json:"dir"` // +kubebuilder:validation:Optional Recursive bool `json:"recursive,omitempty"` // +kubebuilder:validation:Optional ReadOnly bool `json:"readOnly,omitempty"` // +kubebuilder:validation:Optional OwnerOnly bool `json:"ownerOnly,omitempty"` // +kubebuilder:validation:optional FromSource []MatchSourceType `json:"fromSource,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*FileDirectoryType) DeepCopy ¶
func (in *FileDirectoryType) DeepCopy() *FileDirectoryType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileDirectoryType.
func (*FileDirectoryType) DeepCopyInto ¶
func (in *FileDirectoryType) DeepCopyInto(out *FileDirectoryType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FilePathType ¶
type FilePathType struct { Path MatchPathType `json:"path"` // +kubebuilder:validation:Optional ReadOnly bool `json:"readOnly,omitempty"` // +kubebuilder:validation:Optional OwnerOnly bool `json:"ownerOnly,omitempty"` // +kubebuilder:validation:optional FromSource []MatchSourceType `json:"fromSource,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*FilePathType) DeepCopy ¶
func (in *FilePathType) DeepCopy() *FilePathType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilePathType.
func (*FilePathType) DeepCopyInto ¶
func (in *FilePathType) DeepCopyInto(out *FilePathType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FilePatternType ¶
type FilePatternType struct { Pattern string `json:"pattern"` // +kubebuilder:validation:Optional ReadOnly bool `json:"readOnly,omitempty"` // +kubebuilder:validation:Optional OwnerOnly bool `json:"ownerOnly,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*FilePatternType) DeepCopy ¶
func (in *FilePatternType) DeepCopy() *FilePatternType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilePatternType.
func (*FilePatternType) DeepCopyInto ¶
func (in *FilePatternType) DeepCopyInto(out *FilePatternType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FileType ¶
type FileType struct { MatchPaths []FilePathType `json:"matchPaths,omitempty"` MatchDirectories []FileDirectoryType `json:"matchDirectories,omitempty"` MatchPatterns []FilePatternType `json:"matchPatterns,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*FileType) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileType.
func (*FileType) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HostCapabilitiesType ¶
type HostCapabilitiesType struct { MatchCapabilities []MatchHostCapabilitiesType `json:"matchCapabilities,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*HostCapabilitiesType) DeepCopy ¶
func (in *HostCapabilitiesType) DeepCopy() *HostCapabilitiesType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostCapabilitiesType.
func (*HostCapabilitiesType) DeepCopyInto ¶
func (in *HostCapabilitiesType) DeepCopyInto(out *HostCapabilitiesType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HostNetworkType ¶
type HostNetworkType struct { MatchProtocols []MatchHostNetworkProtocolType `json:"matchProtocols,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*HostNetworkType) DeepCopy ¶
func (in *HostNetworkType) DeepCopy() *HostNetworkType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostNetworkType.
func (*HostNetworkType) DeepCopyInto ¶
func (in *HostNetworkType) DeepCopyInto(out *HostNetworkType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeArmorClusterPolicy ¶
type KubeArmorClusterPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec KubeArmorClusterPolicySpec `json:"spec,omitempty"` Status KubeArmorClusterPolicyStatus `json:"status,omitempty"` }
KubeArmorClusterPolicy is the Schema for the kubearmorclusterpolicies API +genclient +genclient:nonNamespaced +kubebuilder:resource:shortName=csp,scope="Cluster" +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +kubebuilder:printcolumn:name="Action",type=string,JSONPath=`.spec.action`,priority=10 +kubebuilder:printcolumn:name="Selector",type=string,JSONPath=`.spec.selector.matchExpressions`,priority=10
func (*KubeArmorClusterPolicy) DeepCopy ¶
func (in *KubeArmorClusterPolicy) DeepCopy() *KubeArmorClusterPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorClusterPolicy.
func (*KubeArmorClusterPolicy) DeepCopyInto ¶
func (in *KubeArmorClusterPolicy) DeepCopyInto(out *KubeArmorClusterPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeArmorClusterPolicy) DeepCopyObject ¶
func (in *KubeArmorClusterPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KubeArmorClusterPolicyList ¶
type KubeArmorClusterPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []KubeArmorClusterPolicy `json:"items"` }
KubeArmorClusterPolicyList contains a list of KubeArmorClusterPolicy
func (*KubeArmorClusterPolicyList) DeepCopy ¶
func (in *KubeArmorClusterPolicyList) DeepCopy() *KubeArmorClusterPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorClusterPolicyList.
func (*KubeArmorClusterPolicyList) DeepCopyInto ¶
func (in *KubeArmorClusterPolicyList) DeepCopyInto(out *KubeArmorClusterPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeArmorClusterPolicyList) DeepCopyObject ¶
func (in *KubeArmorClusterPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KubeArmorClusterPolicySpec ¶
type KubeArmorClusterPolicySpec struct { Selector NsSelectorType `json:"selector,omitempty"` Process ProcessType `json:"process,omitempty"` File FileType `json:"file,omitempty"` Network NetworkType `json:"network,omitempty"` Capabilities CapabilitiesType `json:"capabilities,omitempty"` Syscalls SyscallsType `json:"syscalls,omitempty"` AppArmor string `json:"apparmor,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
KubeArmorClusterPolicySpec defines the desired state of KubeArmorClusterPolicy
func (*KubeArmorClusterPolicySpec) DeepCopy ¶
func (in *KubeArmorClusterPolicySpec) DeepCopy() *KubeArmorClusterPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorClusterPolicySpec.
func (*KubeArmorClusterPolicySpec) DeepCopyInto ¶
func (in *KubeArmorClusterPolicySpec) DeepCopyInto(out *KubeArmorClusterPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeArmorClusterPolicyStatus ¶
type KubeArmorClusterPolicyStatus struct {
PolicyStatus string `json:"status,omitempty"`
}
KubeArmorClusterPolicyStatus defines the observed state of KubeArmorCLusterPolicy
func (*KubeArmorClusterPolicyStatus) DeepCopy ¶
func (in *KubeArmorClusterPolicyStatus) DeepCopy() *KubeArmorClusterPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorClusterPolicyStatus.
func (*KubeArmorClusterPolicyStatus) DeepCopyInto ¶
func (in *KubeArmorClusterPolicyStatus) DeepCopyInto(out *KubeArmorClusterPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeArmorHostPolicy ¶
type KubeArmorHostPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec KubeArmorHostPolicySpec `json:"spec,omitempty"` Status KubeArmorHostPolicyStatus `json:"status,omitempty"` }
KubeArmorHostPolicy is the Schema for the kubearmorhostpolicies API +genclient +genclient:nonNamespaced +kubebuilder:resource:scope=Cluster,shortName=hsp +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +kubebuilder:printcolumn:name="Action",type=string,JSONPath=`.spec.action`,priority=10 +kubebuilder:printcolumn:name="Selector",type=string,JSONPath=`.spec.nodeSelector.matchLabels`,priority=10
func (*KubeArmorHostPolicy) DeepCopy ¶
func (in *KubeArmorHostPolicy) DeepCopy() *KubeArmorHostPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorHostPolicy.
func (*KubeArmorHostPolicy) DeepCopyInto ¶
func (in *KubeArmorHostPolicy) DeepCopyInto(out *KubeArmorHostPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeArmorHostPolicy) DeepCopyObject ¶
func (in *KubeArmorHostPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KubeArmorHostPolicyList ¶
type KubeArmorHostPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []KubeArmorHostPolicy `json:"items"` }
KubeArmorHostPolicyList contains a list of KubeArmorHostPolicy
func (*KubeArmorHostPolicyList) DeepCopy ¶
func (in *KubeArmorHostPolicyList) DeepCopy() *KubeArmorHostPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorHostPolicyList.
func (*KubeArmorHostPolicyList) DeepCopyInto ¶
func (in *KubeArmorHostPolicyList) DeepCopyInto(out *KubeArmorHostPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeArmorHostPolicyList) DeepCopyObject ¶
func (in *KubeArmorHostPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KubeArmorHostPolicySpec ¶
type KubeArmorHostPolicySpec struct { NodeSelector NodeSelectorType `json:"nodeSelector"` Process ProcessType `json:"process,omitempty"` File FileType `json:"file,omitempty"` Network HostNetworkType `json:"network,omitempty"` Capabilities HostCapabilitiesType `json:"capabilities,omitempty"` Syscalls SyscallsType `json:"syscalls,omitempty"` AppArmor string `json:"apparmor,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
KubeArmorHostPolicySpec defines the desired state of KubeArmorHostPolicy
func (*KubeArmorHostPolicySpec) DeepCopy ¶
func (in *KubeArmorHostPolicySpec) DeepCopy() *KubeArmorHostPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorHostPolicySpec.
func (*KubeArmorHostPolicySpec) DeepCopyInto ¶
func (in *KubeArmorHostPolicySpec) DeepCopyInto(out *KubeArmorHostPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeArmorHostPolicyStatus ¶
type KubeArmorHostPolicyStatus struct {
PolicyStatus string `json:"status,omitempty"`
}
KubeArmorHostPolicyStatus defines the observed state of KubeArmorHostPolicy
func (*KubeArmorHostPolicyStatus) DeepCopy ¶
func (in *KubeArmorHostPolicyStatus) DeepCopy() *KubeArmorHostPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorHostPolicyStatus.
func (*KubeArmorHostPolicyStatus) DeepCopyInto ¶
func (in *KubeArmorHostPolicyStatus) DeepCopyInto(out *KubeArmorHostPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeArmorPolicy ¶
type KubeArmorPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec KubeArmorPolicySpec `json:"spec,omitempty"` Status KubeArmorPolicyStatus `json:"status,omitempty"` }
KubeArmorPolicy is the Schema for the kubearmorpolicies API +genclient +kubebuilder:resource:shortName=ksp +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +kubebuilder:printcolumn:name="Action",type=string,JSONPath=`.spec.action`,priority=10 +kubebuilder:printcolumn:name="Selector",type=string,JSONPath=`.spec.selector.matchLabels`,priority=10
func (*KubeArmorPolicy) DeepCopy ¶
func (in *KubeArmorPolicy) DeepCopy() *KubeArmorPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorPolicy.
func (*KubeArmorPolicy) DeepCopyInto ¶
func (in *KubeArmorPolicy) DeepCopyInto(out *KubeArmorPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeArmorPolicy) DeepCopyObject ¶
func (in *KubeArmorPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KubeArmorPolicyList ¶
type KubeArmorPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []KubeArmorPolicy `json:"items"` }
KubeArmorPolicyList contains a list of KubeArmorPolicy
func (*KubeArmorPolicyList) DeepCopy ¶
func (in *KubeArmorPolicyList) DeepCopy() *KubeArmorPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorPolicyList.
func (*KubeArmorPolicyList) DeepCopyInto ¶
func (in *KubeArmorPolicyList) DeepCopyInto(out *KubeArmorPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*KubeArmorPolicyList) DeepCopyObject ¶
func (in *KubeArmorPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type KubeArmorPolicySpec ¶
type KubeArmorPolicySpec struct { Selector SelectorType `json:"selector,omitempty"` Process ProcessType `json:"process,omitempty"` File FileType `json:"file,omitempty"` Network NetworkType `json:"network,omitempty"` Capabilities CapabilitiesType `json:"capabilities,omitempty"` Syscalls SyscallsType `json:"syscalls,omitempty"` AppArmor string `json:"apparmor,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
KubeArmorPolicySpec defines the desired state of KubeArmorPolicy
func (*KubeArmorPolicySpec) DeepCopy ¶
func (in *KubeArmorPolicySpec) DeepCopy() *KubeArmorPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorPolicySpec.
func (*KubeArmorPolicySpec) DeepCopyInto ¶
func (in *KubeArmorPolicySpec) DeepCopyInto(out *KubeArmorPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeArmorPolicyStatus ¶
type KubeArmorPolicyStatus struct {
PolicyStatus string `json:"status,omitempty"`
}
KubeArmorPolicyStatus defines the observed state of KubeArmorPolicy
func (*KubeArmorPolicyStatus) DeepCopy ¶
func (in *KubeArmorPolicyStatus) DeepCopy() *KubeArmorPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeArmorPolicyStatus.
func (*KubeArmorPolicyStatus) DeepCopyInto ¶
func (in *KubeArmorPolicyStatus) DeepCopyInto(out *KubeArmorPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MatchCapabilitiesStringType ¶
type MatchCapabilitiesStringType string
+kubebuilder:validation:Pattern=(chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_admin|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|audit_write|audit_control|setfcap|mac_override|mac_admin)$
type MatchCapabilitiesType ¶
type MatchCapabilitiesType struct { Capability MatchCapabilitiesStringType `json:"capability"` // +kubebuilder:validation:optional FromSource []MatchSourceType `json:"fromSource,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*MatchCapabilitiesType) DeepCopy ¶
func (in *MatchCapabilitiesType) DeepCopy() *MatchCapabilitiesType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchCapabilitiesType.
func (*MatchCapabilitiesType) DeepCopyInto ¶
func (in *MatchCapabilitiesType) DeepCopyInto(out *MatchCapabilitiesType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MatchDirectoryType ¶
type MatchDirectoryType string
+kubebuilder:validation:Pattern=^\/$|^\/.*\/$
type MatchExpressionsType ¶
type MatchExpressionsType struct { // +kubebuilder:validation:Enum=namespace Key string `json:"key,omitempty"` // +kubebuilder:validation:Enum=In;NotIn Operator string `json:"operator,omitempty"` Values []string `json:"values,omitempty"` }
func (*MatchExpressionsType) DeepCopy ¶
func (in *MatchExpressionsType) DeepCopy() *MatchExpressionsType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchExpressionsType.
func (*MatchExpressionsType) DeepCopyInto ¶
func (in *MatchExpressionsType) DeepCopyInto(out *MatchExpressionsType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MatchHostCapabilitiesType ¶
type MatchHostCapabilitiesType struct { Capability MatchCapabilitiesStringType `json:"capability"` FromSource []MatchSourceType `json:"fromSource"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*MatchHostCapabilitiesType) DeepCopy ¶
func (in *MatchHostCapabilitiesType) DeepCopy() *MatchHostCapabilitiesType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchHostCapabilitiesType.
func (*MatchHostCapabilitiesType) DeepCopyInto ¶
func (in *MatchHostCapabilitiesType) DeepCopyInto(out *MatchHostCapabilitiesType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MatchHostNetworkProtocolType ¶
type MatchHostNetworkProtocolType struct { Protocol MatchNetworkProtocolStringType `json:"protocol"` FromSource []MatchSourceType `json:"fromSource"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*MatchHostNetworkProtocolType) DeepCopy ¶
func (in *MatchHostNetworkProtocolType) DeepCopy() *MatchHostNetworkProtocolType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchHostNetworkProtocolType.
func (*MatchHostNetworkProtocolType) DeepCopyInto ¶
func (in *MatchHostNetworkProtocolType) DeepCopyInto(out *MatchHostNetworkProtocolType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MatchNetworkProtocolStringType ¶
type MatchNetworkProtocolStringType string
+kubebuilder:validation:Pattern=(icmp|ICMP|tcp|TCP|udp|UDP|raw|RAW)$
type MatchNetworkProtocolType ¶
type MatchNetworkProtocolType struct { Protocol MatchNetworkProtocolStringType `json:"protocol"` // +kubebuilder:validation:optional FromSource []MatchSourceType `json:"fromSource,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*MatchNetworkProtocolType) DeepCopy ¶
func (in *MatchNetworkProtocolType) DeepCopy() *MatchNetworkProtocolType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchNetworkProtocolType.
func (*MatchNetworkProtocolType) DeepCopyInto ¶
func (in *MatchNetworkProtocolType) DeepCopyInto(out *MatchNetworkProtocolType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MatchSourceType ¶
type MatchSourceType struct {
Path MatchPathType `json:"path,omitempty"`
}
func (*MatchSourceType) DeepCopy ¶
func (in *MatchSourceType) DeepCopy() *MatchSourceType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchSourceType.
func (*MatchSourceType) DeepCopyInto ¶
func (in *MatchSourceType) DeepCopyInto(out *MatchSourceType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MatchSyscallPathType ¶
type MatchSyscallPathType string
+kubebuilder:validation:Pattern=(^\/+.*[^\/]$)|(^\/$|^\/.*\/$)
type MatchVolumeMountType ¶
type MatchVolumeMountType struct { // +kubebuilder:validation:Optional Path MatchPathType `json:"path,omitempty"` // +kubebuilder:validation:Optional Directory MatchDirectoryType `json:"dir,omitempty"` // +kubebuilder:validation:Optional ReadOnly bool `json:"readOnly,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*MatchVolumeMountType) DeepCopy ¶
func (in *MatchVolumeMountType) DeepCopy() *MatchVolumeMountType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchVolumeMountType.
func (*MatchVolumeMountType) DeepCopyInto ¶
func (in *MatchVolumeMountType) DeepCopyInto(out *MatchVolumeMountType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkType ¶
type NetworkType struct { MatchProtocols []MatchNetworkProtocolType `json:"matchProtocols,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*NetworkType) DeepCopy ¶
func (in *NetworkType) DeepCopy() *NetworkType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkType.
func (*NetworkType) DeepCopyInto ¶
func (in *NetworkType) DeepCopyInto(out *NetworkType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NodeSelectorType ¶
func (*NodeSelectorType) DeepCopy ¶
func (in *NodeSelectorType) DeepCopy() *NodeSelectorType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeSelectorType.
func (*NodeSelectorType) DeepCopyInto ¶
func (in *NodeSelectorType) DeepCopyInto(out *NodeSelectorType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NsSelectorType ¶
type NsSelectorType struct {
MatchExpressions []MatchExpressionsType `json:"matchExpressions,omitempty"`
}
func (*NsSelectorType) DeepCopy ¶
func (in *NsSelectorType) DeepCopy() *NsSelectorType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NsSelectorType.
func (*NsSelectorType) DeepCopyInto ¶
func (in *NsSelectorType) DeepCopyInto(out *NsSelectorType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProcessDirectoryType ¶
type ProcessDirectoryType struct { Directory MatchDirectoryType `json:"dir"` // +kubebuilder:validation:Optional Recursive bool `json:"recursive,omitempty"` // +kubebuilder:validation:Optional OwnerOnly bool `json:"ownerOnly,omitempty"` // +kubebuilder:validation:optional FromSource []MatchSourceType `json:"fromSource,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*ProcessDirectoryType) DeepCopy ¶
func (in *ProcessDirectoryType) DeepCopy() *ProcessDirectoryType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessDirectoryType.
func (*ProcessDirectoryType) DeepCopyInto ¶
func (in *ProcessDirectoryType) DeepCopyInto(out *ProcessDirectoryType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProcessPathType ¶
type ProcessPathType struct { // +kubebuilder:validation:Optional Path MatchPathType `json:"path,omitempty"` // +kubebuilder:validation:Optional ExecName MatchBinType `json:"execname,omitempty"` // +kubebuilder:validation:Optional OwnerOnly bool `json:"ownerOnly,omitempty"` // +kubebuilder:validation:optional FromSource []MatchSourceType `json:"fromSource,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*ProcessPathType) DeepCopy ¶
func (in *ProcessPathType) DeepCopy() *ProcessPathType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessPathType.
func (*ProcessPathType) DeepCopyInto ¶
func (in *ProcessPathType) DeepCopyInto(out *ProcessPathType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProcessPatternType ¶
type ProcessPatternType struct { Pattern string `json:"pattern"` // +kubebuilder:validation:Optional OwnerOnly bool `json:"ownerOnly,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*ProcessPatternType) DeepCopy ¶
func (in *ProcessPatternType) DeepCopy() *ProcessPatternType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessPatternType.
func (*ProcessPatternType) DeepCopyInto ¶
func (in *ProcessPatternType) DeepCopyInto(out *ProcessPatternType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProcessType ¶
type ProcessType struct { MatchPaths []ProcessPathType `json:"matchPaths,omitempty"` MatchDirectories []ProcessDirectoryType `json:"matchDirectories,omitempty"` MatchPatterns []ProcessPatternType `json:"matchPatterns,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*ProcessType) DeepCopy ¶
func (in *ProcessType) DeepCopy() *ProcessType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessType.
func (*ProcessType) DeepCopyInto ¶
func (in *ProcessType) DeepCopyInto(out *ProcessType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SELinuxType ¶
type SELinuxType struct { MatchVolumeMounts []MatchVolumeMountType `json:"matchVolumeMounts"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` // +kubebuilder:validation:optional Action ActionType `json:"action,omitempty"` }
func (*SELinuxType) DeepCopy ¶
func (in *SELinuxType) DeepCopy() *SELinuxType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SELinuxType.
func (*SELinuxType) DeepCopyInto ¶
func (in *SELinuxType) DeepCopyInto(out *SELinuxType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SelectorType ¶
func (*SelectorType) DeepCopy ¶
func (in *SelectorType) DeepCopy() *SelectorType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelectorType.
func (*SelectorType) DeepCopyInto ¶
func (in *SelectorType) DeepCopyInto(out *SelectorType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SeverityType ¶
type SeverityType int
+kubebuilder:validation:Minimum:=1 +kubebuilder:validation:Maximum:=10
type Syscall ¶
type Syscall string
+kubebuilder:validation:Enum=read;write;open;close;stat;fstat;lstat;poll;lseek;mmap;mprotect;munmap;brk;rt_sigaction;rt_sigprocmask;rt_sigreturn;ioctl;pread64;pwrite64;readv;writev;access;pipe;select;sched_yield;mremap;msync;mincore;madvise;shmget;shmat;shmctl;dup;dup2;pause;nanosleep;getitimer;alarm;setitimer;getpid;sendfile;socket;connect;accept;sendto;recvfrom;sendmsg;recvmsg;shutdown;bind;listen;getsockname;getpeername;socketpair;setsockopt;getsockopt;clone;fork;vfork;execve;exit;wait4;kill;uname;semget;semop;semctl;shmdt;msgget;msgsnd;msgrcv;msgctl;fcntl;flock;fsync;fdatasync;truncate;ftruncate;getdents;getcwd;chdir;fchdir;rename;mkdir;rmdir;creat;link;unlink;symlink;readlink;chmod;fchmod;chown;fchown;lchown;umask;gettimeofday;getrlimit;getrusage;sysinfo;times;ptrace;getuid;syslog;getgid;setuid;setgid;geteuid;getegid;setpgid;getppid;getpgrp;setsid;setreuid;setregid;getgroups;setgroups;setresuid;getresuid;setresgid;getresgid;getpgid;setfsuid;setfsgid;getsid;capget;capset;rt_sigpending;rt_sigtimedwait;rt_sigqueueinfo;rt_sigsuspend;sigaltstack;utime;mknod;uselib;personality;ustat;statfs;fstatfs;sysfs;getpriority;setpriority;sched_setparam;sched_getparam;sched_setscheduler;sched_getscheduler;sched_get_priority_max;sched_get_priority_min;sched_rr_get_interval;mlock;munlock;mlockall;munlockall;vhangup;modify_ldt;pivot_root;_sysctl;prctl;arch_prctl;adjtimex;setrlimit;chroot;sync;acct;settimeofday;mount;umount2;swapon;swapoff;reboot;sethostname;setdomainname;iopl;ioperm;create_module;init_module;delete_module;get_kernel_syms;query_module;quotactl;nfsservctl;getpmsg;putpmsg;afs_syscall;tuxcall;security;gettid;readahead;setxattr;lsetxattr;fsetxattr;getxattr;lgetxattr;fgetxattr;listxattr;llistxattr;flistxattr;removexattr;lremovexattr;fremovexattr;tkill;time;futex;sched_setaffinity;sched_getaffinity;set_thread_area;io_setup;io_destroy;io_getevents;io_submit;io_cancel;get_thread_area;lookup_dcookie;epoll_create;epoll_ctl_old;epoll_wait_old;remap_file_pages;getdents64;set_tid_address;restart_syscall;semtimedop;fadvise64;timer_create;timer_settime;timer_gettime;timer_getoverrun;timer_delete;clock_settime;clock_gettime;clock_getres;clock_nanosleep;exit_group;epoll_wait;epoll_ctl;tgkill;utimes;vserver;mbind;set_mempolicy;get_mempolicy;mq_open;mq_unlink;mq_timedsend;mq_timedreceive;mq_notify;mq_getsetattr;kexec_load;waitid;add_key;request_key;keyctl;ioprio_set;ioprio_get;inotify_init;inotify_add_watch;inotify_rm_watch;migrate_pages;openat;mkdirat;mknodat;fchownat;futimesat;newfstatat;unlinkat;renameat;linkat;symlinkat;readlinkat;fchmodat;faccessat;pselect6;ppoll;unshare;set_robust_list;get_robust_list;splice;tee;sync_file_range;vmsplice;move_pages;utimensat;epoll_pwait;signalfd;timerfd_create;eventfd;fallocate;timerfd_settime;timerfd_gettime;accept4;signalfd4;eventfd2;epoll_create1;dup3;pipe2;inotify_init1;preadv;pwritev;rt_tgsigqueueinfo;perf_event_open;recvmmsg;fanotify_init;fanotify_mark;prlimit64;name_to_handle_at;open_by_handle_at;clock_adjtime;syncfs;sendmmsg;setns;getcpu;process_vm_readv;process_vm_writev;kcmp;finit_module;sched_setattr;sched_getattr;renameat2;seccomp;getrandom;memfd_create;kexec_file_load;bpf;execveat;userfaultfd;membarrier;mlock2;copy_file_range;preadv2;pwritev2;pkey_mprotect;pkey_alloc;pkey_free;statx;io_pgetevents;rseq
type SyscallFromSourceType ¶
type SyscallFromSourceType struct { Path MatchPathType `json:"path,omitempty"` Dir string `json:"dir,omitempty"` Recursive bool `json:"recursive,omitempty"` }
func (*SyscallFromSourceType) DeepCopy ¶
func (in *SyscallFromSourceType) DeepCopy() *SyscallFromSourceType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyscallFromSourceType.
func (*SyscallFromSourceType) DeepCopyInto ¶
func (in *SyscallFromSourceType) DeepCopyInto(out *SyscallFromSourceType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SyscallMatchPathType ¶
type SyscallMatchPathType struct { Path MatchSyscallPathType `json:"path,omitempty"` Recursive bool `json:"recursive,omitempty"` Syscalls []Syscall `json:"syscall,omitempty"` FromSource []SyscallFromSourceType `json:"fromSource,omitempty"` }
func (*SyscallMatchPathType) DeepCopy ¶
func (in *SyscallMatchPathType) DeepCopy() *SyscallMatchPathType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyscallMatchPathType.
func (*SyscallMatchPathType) DeepCopyInto ¶
func (in *SyscallMatchPathType) DeepCopyInto(out *SyscallMatchPathType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SyscallMatchType ¶
type SyscallMatchType struct { Syscalls []Syscall `json:"syscall,omitempty"` FromSource []SyscallFromSourceType `json:"fromSource,omitempty"` }
func (*SyscallMatchType) DeepCopy ¶
func (in *SyscallMatchType) DeepCopy() *SyscallMatchType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyscallMatchType.
func (*SyscallMatchType) DeepCopyInto ¶
func (in *SyscallMatchType) DeepCopyInto(out *SyscallMatchType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SyscallsType ¶
type SyscallsType struct { MatchSyscalls []SyscallMatchType `json:"matchSyscalls,omitempty"` MatchPaths []SyscallMatchPathType `json:"matchPaths,omitempty"` // +kubebuilder:validation:optional Severity SeverityType `json:"severity,omitempty"` // +kubebuilder:validation:optional Tags []string `json:"tags,omitempty"` // +kubebuilder:validation:optional Message string `json:"message,omitempty"` }
func (*SyscallsType) DeepCopy ¶
func (in *SyscallsType) DeepCopy() *SyscallsType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SyscallsType.
func (*SyscallsType) DeepCopyInto ¶
func (in *SyscallsType) DeepCopyInto(out *SyscallsType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.