Affected by GO-2022-0617 and 17 other vulnerabilities

GO-2022-0617: WITHDRAWN: Potential proxy IP restriction bypass in Kubernetes in k8s.io/kubernetes

GO-2022-0782: Symlink Attack in kubectl cp in k8s.io/kubernetes

GO-2022-0885: Improper Authentication in Kubernetes in k8s.io/kubernetes

GO-2022-0890: Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes

GO-2022-0907: Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes

GO-2022-0910: Files or Directories Accessible to External Parties in kubernetes in k8s.io/kubernetes

GO-2022-0983: kubectl ANSI escape characters not filtered in k8s.io/kubernetes

GO-2023-1864: Kubelet vulnerable to bypass of seccomp profile enforcement in k8s.io/kubernetes

GO-2023-1891: kube-apiserver vulnerable to policy bypass in k8s.io/kubernetes

GO-2023-1892: Kubernetes mountable secrets policy bypass in k8s.io/kubernetes

GO-2023-1985: Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes

GO-2023-2159: Kube-proxy may unintentionally forward traffic in k8s.io/kubernetes

GO-2023-2341: Kubernetes Improper Input Validation vulnerability in k8s.io/kubernetes

GO-2024-2748: Privilege Escalation in Kubernetes in k8s.io/apimachinery

GO-2024-2754: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes

GO-2024-2755: Sensitive Information leak via Log File in Kubernetes in k8s.io/kubernetes

GO-2024-2994: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes

GO-2024-3277: Kubernetes Nil pointer dereference in KCM after v1 HPA patch request in k8s.io/kubernetes

capabilities

package

v0.14.0 Latest Latest Go to latest Published: Mar 30, 2015 License: Apache-2.0 Imports: 1 Imported by: 1,191

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes/kubernetes

Links

Open Source Insights

Documentation ¶

Overview ¶

package capbabilities manages system level capabilities

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Initialize ¶

func Initialize(c Capabilities)

Initialize the capability set. This can only be done once per binary, subsequent calls are ignored.

func SetForTests ¶

func SetForTests(c Capabilities)

SetCapabilitiesForTests. Convenience method for testing. This should only be called from tests.

Types ¶

type Capabilities ¶

type Capabilities struct {
	AllowPrivileged bool

	// List of pod sources for which using host network is allowed.
	HostNetworkSources []string
}

Capabilities defines the set of capabilities available within the system. For now these are global. Eventually they may be per-user

func Get ¶

func Get() Capabilities

Returns a read-only copy of the system capabilities.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL