Documentation
¶
Index ¶
- func AddNoNewPrivileges(sc *v1.SecurityContext) bool
- func ConvertToRuntimeMaskedPaths(opt *v1.ProcMountType) []string
- func ConvertToRuntimeReadonlyPaths(opt *v1.ProcMountType) []string
- func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext
- func HasCapabilitiesRequest(container *v1.Container) bool
- func HasPrivilegedRequest(container *v1.Container) bool
- func ValidInternalSecurityContextWithContainerDefaults() *v1.SecurityContext
- func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddNoNewPrivileges ¶
func AddNoNewPrivileges(sc *v1.SecurityContext) bool
AddNoNewPrivileges returns if we should add the no_new_privs option.
func ConvertToRuntimeMaskedPaths ¶
func ConvertToRuntimeMaskedPaths(opt *v1.ProcMountType) []string
ConvertToRuntimeMaskedPaths converts the ProcMountType to the specified or default masked paths.
func ConvertToRuntimeReadonlyPaths ¶
func ConvertToRuntimeReadonlyPaths(opt *v1.ProcMountType) []string
ConvertToRuntimeReadonlyPaths converts the ProcMountType to the specified or default readonly paths.
func DetermineEffectiveSecurityContext ¶
DetermineEffectiveSecurityContext returns a synthesized SecurityContext for reading effective configurations from the provided pod's and container's security context. Container's fields take precedence in cases where both are set
func HasCapabilitiesRequest ¶
HasCapabilitiesRequest returns true if Adds or Drops are defined in the security context capabilities, taking into account nils
func HasPrivilegedRequest ¶
HasPrivilegedRequest returns the value of SecurityContext.Privileged, taking into account the possibility of nils
func ValidInternalSecurityContextWithContainerDefaults ¶
func ValidInternalSecurityContextWithContainerDefaults() *v1.SecurityContext
ValidInternalSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.
func ValidSecurityContextWithContainerDefaults ¶
func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext
ValidSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.
Types ¶
This section is empty.
Source Files