Documentation ¶
Overview ¶
Package capabilities manages system level capabilities
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Initialize ¶
func Initialize(c Capabilities)
Initialize the capability set. This can only be done once per binary, subsequent calls are ignored.
func ResetForTest ¶ added in v1.32.0
func ResetForTest()
ResetForTest resets the capabilities to a given state for testing purposes. This function should only be called from tests.
Types ¶
type Capabilities ¶
type Capabilities struct { AllowPrivileged bool // Pod sources from which to allow privileged capabilities like host networking, sharing the host // IPC namespace, and sharing the host PID namespace. PrivilegedSources PrivilegedSources // PerConnectionBandwidthLimitBytesPerSec limits the throughput of each connection (currently only used for proxy, exec, attach) PerConnectionBandwidthLimitBytesPerSec int64 }
Capabilities defines the set of capabilities available within the system. For now these are global. Eventually they may be per-user
type PrivilegedSources ¶ added in v1.1.0
type PrivilegedSources struct { // List of pod sources for which using host network is allowed. HostNetworkSources []string // List of pod sources for which using host pid namespace is allowed. HostPIDSources []string // List of pod sources for which using host ipc is allowed. HostIPCSources []string }
PrivilegedSources defines the pod sources allowed to make privileged requests for certain types of capabilities like host networking, sharing the host IPC namespace, and sharing the host PID namespace.
Click to show internal directories.
Click to hide internal directories.