capabilities

package
v1.23.13-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 21, 2022 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package capabilities contains code for validating and defaulting a pod's kernel capabilities according to a security policy.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Strategy added in v1.4.0

type Strategy interface {
	// Generate creates the capabilities based on policy rules.
	Generate(pod *api.Pod, container *api.Container) (*api.Capabilities, error)
	// Validate ensures that the specified values fall within the range of the strategy.
	Validate(fldPath *field.Path, pod *api.Pod, container *api.Container, capabilities *api.Capabilities) field.ErrorList
}

Strategy defines the interface for all cap constraint strategies.

func NewDefaultCapabilities

func NewDefaultCapabilities(defaultAddCapabilities, requiredDropCapabilities, allowedCaps []corev1.Capability) (Strategy, error)

NewDefaultCapabilities creates a new defaultCapabilities strategy that will provide defaults and validation based on the configured initial caps and allowed caps.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL