sysctl

package
v1.28.14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 11, 2024 License: Apache-2.0 Imports: 10 Imported by: 115

Documentation

Index

Constants

View Source 
const (
	ForbiddenReason = "SysctlForbidden"
)

Variables

This section is empty.

Functions

func ConvertPodSysctlsVariableToDotsSeparator added in v1.23.0 

func ConvertPodSysctlsVariableToDotsSeparator(securityContext *v1.PodSecurityContext)

ConvertPodSysctlsVariableToDotsSeparator converts sysctls variable in the Pod.Spec.SecurityContext.Sysctls slice into a dot as a separator according to the linux sysctl conversion rules. see https://man7.org/linux/man-pages/man5/sysctl.d.5.html for more details.

func NewAllowlist added in v1.23.0 

func NewAllowlist(patterns []string) (*patternAllowlist, error)

NewAllowlist creates a new Allowlist from a list of sysctls and sysctl pattern (ending in *).

func SafeSysctlAllowlist added in v1.25.0 

func SafeSysctlAllowlist() []string

SafeSysctlAllowlist returns the allowlist of safe sysctls and safe sysctl patterns (ending in *).

A sysctl is called safe iff - it is namespaced in the container or the pod - it is isolated, i.e. has no influence on any other pod on the same node.

Types

type Namespace 

type Namespace string

Namespace represents a kernel namespace name.

func NamespacedBy 

func NamespacedBy(val string) Namespace

NamespacedBy returns the namespace of the Linux kernel for a sysctl, or unknownNamespace if the sysctl is not known to be namespaced.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.