capabilities

package
v1.32.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 15, 2025 License: Apache-2.0 Imports: 1 Imported by: 1,198

Documentation

Overview

Package capabilities manages system level capabilities

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Initialize

func Initialize(c Capabilities)

Initialize the capability set. This can only be done once per binary, subsequent calls are ignored.

func ResetForTest added in v1.32.0

func ResetForTest()

ResetForTest resets the capabilities to a given state for testing purposes. This function should only be called from tests.

func Setup added in v0.15.0

func Setup(allowPrivileged bool, perConnectionBytesPerSec int64)

Setup the capability set. It wraps Initialize for improving usability.

Types

type Capabilities

type Capabilities struct {
	AllowPrivileged bool

	// Pod sources from which to allow privileged capabilities like host networking, sharing the host
	// IPC namespace, and sharing the host PID namespace.
	PrivilegedSources PrivilegedSources

	// PerConnectionBandwidthLimitBytesPerSec limits the throughput of each connection (currently only used for proxy, exec, attach)
	PerConnectionBandwidthLimitBytesPerSec int64
}

Capabilities defines the set of capabilities available within the system. For now these are global. Eventually they may be per-user

func Get

func Get() Capabilities

Get returns a read-only copy of the system capabilities.

type PrivilegedSources added in v1.1.0

type PrivilegedSources struct {
	// List of pod sources for which using host network is allowed.
	HostNetworkSources []string

	// List of pod sources for which using host pid namespace is allowed.
	HostPIDSources []string

	// List of pod sources for which using host ipc is allowed.
	HostIPCSources []string
}

PrivilegedSources defines the pod sources allowed to make privileged requests for certain types of capabilities like host networking, sharing the host IPC namespace, and sharing the host PID namespace.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL