capabilities

package
v0.0.0-...-15fe72b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 16, 2016 License: Apache-2.0, Apache-2.0 Imports: 1 Imported by: 0

Documentation

Overview

package capbabilities manages system level capabilities

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Initialize

func Initialize(c Capabilities)

Initialize the capability set. This can only be done once per binary, subsequent calls are ignored.

func SetForTests

func SetForTests(c Capabilities)

SetCapabilitiesForTests. Convenience method for testing. This should only be called from tests.

func Setup

func Setup(allowPrivileged bool, privilegedSources PrivilegedSources, perConnectionBytesPerSec int64)

Setup the capability set. It wraps Initialize for improving usibility.

Types

type Capabilities

type Capabilities struct {
	AllowPrivileged bool

	// Pod sources from which to allow privileged capabilities like host networking, sharing the host
	// IPC namespace, and sharing the host PID namespace.
	PrivilegedSources PrivilegedSources

	// PerConnectionBandwidthLimitBytesPerSec limits the throughput of each connection (currently only used for proxy, exec, attach)
	PerConnectionBandwidthLimitBytesPerSec int64
}

Capabilities defines the set of capabilities available within the system. For now these are global. Eventually they may be per-user

func Get

func Get() Capabilities

Returns a read-only copy of the system capabilities.

type PrivilegedSources

type PrivilegedSources struct {
	// List of pod sources for which using host network is allowed.
	HostNetworkSources []string

	// List of pod sources for which using host pid namespace is allowed.
	HostPIDSources []string

	// List of pod sources for which using host ipc is allowed.
	HostIPCSources []string
}

PrivilegedSources defines the pod sources allowed to make privileged requests for certain types of capabilities like host networking, sharing the host IPC namespace, and sharing the host PID namespace.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL