securitycontext

package
v1.8.0-beta.1-rancher1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 8, 2017 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package securitycontext contains security context api implementations

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddNoNewPrivileges added in v1.8.0

func AddNoNewPrivileges(sc *v1.SecurityContext) bool

AddNoNewPrivileges returns if we should add the no_new_privs option. This will return true if: 1) the container is not privileged 2) CAP_SYS_ADMIN is not being added 3) if podSecurityPolicy.DefaultAllowPrivilegeEscalation is:

  • nil, then return false
  • true, then return false
  • false, then return true

func DetermineEffectiveSecurityContext added in v1.2.0

func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext

func HasCapabilitiesRequest

func HasCapabilitiesRequest(container *v1.Container) bool

HasCapabilitiesRequest returns true if Adds or Drops are defined in the security context capabilities, taking into account nils

func HasPrivilegedRequest

func HasPrivilegedRequest(container *v1.Container) bool

HasPrivilegedRequest returns the value of SecurityContext.Privileged, taking into account the possibility of nils

func HasRootRunAsUser added in v1.1.0

func HasRootRunAsUser(container *v1.Container) bool

HasRootRunAsUser returns true if the run as user is set and it is set to 0.

func HasRootUID added in v1.1.0

func HasRootUID(container *v1.Container) bool

HasNonRootUID returns true if the runAsUser is set and is greater than 0.

func HasRunAsUser added in v1.1.0

func HasRunAsUser(container *v1.Container) bool

HasRunAsUser determines if the sc's runAsUser field is set.

func InternalDetermineEffectiveSecurityContext added in v1.6.0

func InternalDetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *api.SecurityContext

TODO: remove the duplicate code

func ParseSELinuxOptions added in v1.1.0

func ParseSELinuxOptions(context string) (*v1.SELinuxOptions, error)

ParseSELinuxOptions parses a string containing a full SELinux context (user, role, type, and level) into an SELinuxOptions object. If the context is malformed, an error is returned.

func ValidInternalSecurityContextWithContainerDefaults added in v1.6.0

func ValidInternalSecurityContextWithContainerDefaults() *api.SecurityContext

ValidInternalSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.

func ValidSecurityContextWithContainerDefaults

func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext

ValidSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL