Documentation ¶
Index ¶
Constants ¶
View Source
const ( // AllowAny is the wildcard used to allow any profile. AllowAny = "*" // DefaultProfileAnnotationKey specifies the default seccomp profile. DefaultProfileAnnotationKey = "seccomp.security.alpha.kubernetes.io/defaultProfileName" // AllowedProfilesAnnotationKey specifies the allowed seccomp profiles. AllowedProfilesAnnotationKey = "seccomp.security.alpha.kubernetes.io/allowedProfileNames" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Strategy ¶
type Strategy interface { // Generate returns a profile based on constraint rules. Generate(annotations map[string]string, pod *api.Pod) (string, error) // Validate ensures that the specified values fall within the range of the strategy. ValidatePod(pod *api.Pod) field.ErrorList // Validate ensures that the specified values fall within the range of the strategy. ValidateContainer(pod *api.Pod, container *api.Container) field.ErrorList }
Strategy defines the interface for all seccomp constraint strategies.
func NewStrategy ¶
NewStrategy creates a new strategy that enforces seccomp profile constraints.
Click to show internal directories.
Click to hide internal directories.