v1beta1

package
v0.8.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2024 License: Apache-2.0 Imports: 12 Imported by: 4

Documentation

Overview

Package v1beta1 contains API Schema definitions for the security-profiles-operator v1beta1 API group +kubebuilder:object:generate=true +groupName=security-profiles-operator.x-k8s.io

Index

Constants

View Source 
const ExtJSON = ".json"

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects.
	GroupVersion = schema.GroupVersion{Group: "security-profiles-operator.x-k8s.io", Version: "v1beta1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type Arch 

type Arch string

+kubebuilder:validation:Enum=SCMP_ARCH_NATIVE;SCMP_ARCH_X86;SCMP_ARCH_X86_64;SCMP_ARCH_X32;SCMP_ARCH_ARM;SCMP_ARCH_AARCH64;SCMP_ARCH_MIPS;SCMP_ARCH_MIPS64;SCMP_ARCH_MIPS64N32;SCMP_ARCH_MIPSEL;SCMP_ARCH_MIPSEL64;SCMP_ARCH_MIPSEL64N32;SCMP_ARCH_PPC;SCMP_ARCH_PPC64;SCMP_ARCH_PPC64LE;SCMP_ARCH_S390;SCMP_ARCH_S390X;SCMP_ARCH_PARISC;SCMP_ARCH_PARISC64;SCMP_ARCH_RISCV64

type Arg 

type Arg struct {
	// the index for syscall arguments in seccomp
	// +kubebuilder:validation:Minimum=0
	Index uint `json:"index"`
	// the value for syscall arguments in seccomp
	// +kubebuilder:validation:Minimum=0
	Value uint64 `json:"value,omitempty"`
	// the value for syscall arguments in seccomp
	// +kubebuilder:validation:Minimum=0
	ValueTwo uint64 `json:"valueTwo,omitempty"`
	// the operator for syscall arguments in seccomp
	//nolint:lll // required for kubebuilder
	// +kubebuilder:validation:Enum=SCMP_CMP_NE;SCMP_CMP_LT;SCMP_CMP_LE;SCMP_CMP_EQ;SCMP_CMP_GE;SCMP_CMP_GT;SCMP_CMP_MASKED_EQ
	Op seccomp.Operator `json:"op"`
}

Arg defines the specific syscall in seccomp.

func (*Arg) DeepCopy 

func (in *Arg) DeepCopy() *Arg

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Arg.

func (*Arg) DeepCopyInto 

func (in *Arg) DeepCopyInto(out *Arg)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Flag 

type Flag string

+kubebuilder:validation:Enum=SECCOMP_FILTER_FLAG_TSYNC;SECCOMP_FILTER_FLAG_LOG;SECCOMP_FILTER_FLAG_SPEC_ALLOW;SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV

type SeccompProfile 

type SeccompProfile struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SeccompProfileSpec   `json:"spec,omitempty"`
	Status SeccompProfileStatus `json:"status,omitempty"`
}

SeccompProfile is a cluster level specification for a seccomp profile. See https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#seccomp +kubebuilder:resource:shortName=sp +kubebuilder:subresource:status +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status` +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +kubebuilder:printcolumn:name="LocalhostProfile",type=string,priority=10,JSONPath=`.status.localhostProfile`

func (*SeccompProfile) DeepCopy 

func (in *SeccompProfile) DeepCopy() *SeccompProfile

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SeccompProfile.

func (*SeccompProfile) DeepCopyInto 

func (in *SeccompProfile) DeepCopyInto(out *SeccompProfile)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SeccompProfile) DeepCopyObject 

func (in *SeccompProfile) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SeccompProfile) DeepCopyToStatusBaseIf 

func (sp *SeccompProfile) DeepCopyToStatusBaseIf() profilebase.StatusBaseUser

func (*SeccompProfile) GetProfileFile added in v0.4.3 

func (sp *SeccompProfile) GetProfileFile() string

func (*SeccompProfile) GetProfileOperatorPath added in v0.4.3 

func (sp *SeccompProfile) GetProfileOperatorPath() string

func (*SeccompProfile) GetProfilePath 

func (sp *SeccompProfile) GetProfilePath() string

func (*SeccompProfile) GetStatusBase 

func (sp *SeccompProfile) GetStatusBase() *profilebase.StatusBase

func (*SeccompProfile) IsDisabled added in v0.8.1 

func (sp *SeccompProfile) IsDisabled() bool

func (*SeccompProfile) IsPartial added in v0.5.0 

func (sp *SeccompProfile) IsPartial() bool

func (*SeccompProfile) IsReconcilable added in v0.8.1 

func (sp *SeccompProfile) IsReconcilable() bool

func (*SeccompProfile) ListProfilesByRecording added in v0.5.0 

func (sp *SeccompProfile) ListProfilesByRecording(
	ctx context.Context,
	cli client.Client,
	recording string,
) ([]metav1.Object, error)

func (*SeccompProfile) SetImplementationStatus 

func (sp *SeccompProfile) SetImplementationStatus()

type SeccompProfileList 

type SeccompProfileList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SeccompProfile `json:"items"`
}

SeccompProfileList contains a list of SeccompProfile.

func (*SeccompProfileList) DeepCopy 

func (in *SeccompProfileList) DeepCopy() *SeccompProfileList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SeccompProfileList.

func (*SeccompProfileList) DeepCopyInto 

func (in *SeccompProfileList) DeepCopyInto(out *SeccompProfileList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SeccompProfileList) DeepCopyObject 

func (in *SeccompProfileList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SeccompProfileSpec 

type SeccompProfileSpec struct {
	// Common spec fields for all profiles.
	profilebase.SpecBase `json:",inline"`

	// BaseProfileName is the name of base profile (in the same namespace) that
	// will be unioned into this profile. Base profiles can be references as
	// remote OCI artifacts as well when prefixed with `oci://`.
	BaseProfileName string `json:"baseProfileName,omitempty"`

	// the default action for seccomp
	//nolint:lll // required for kubebuilder
	// +kubebuilder:validation:Enum=SCMP_ACT_KILL;SCMP_ACT_KILL_PROCESS;SCMP_ACT_KILL_THREAD;SCMP_ACT_TRAP;SCMP_ACT_ERRNO;SCMP_ACT_TRACE;SCMP_ACT_ALLOW;SCMP_ACT_LOG;SCMP_ACT_NOTIFY
	DefaultAction seccomp.Action `json:"defaultAction"`
	// the architecture used for system calls
	Architectures []Arch `json:"architectures,omitempty"`
	// path of UNIX domain socket to contact a seccomp agent for SCMP_ACT_NOTIFY
	ListenerPath string `json:"listenerPath,omitempty"`
	// opaque data to pass to the seccomp agent
	ListenerMetadata string `json:"listenerMetadata,omitempty"`
	// match a syscall in seccomp. While this property is OPTIONAL, some values
	// of defaultAction are not useful without syscalls entries. For example,
	// if defaultAction is SCMP_ACT_KILL and syscalls is empty or unset, the
	// kernel will kill the container process on its first syscall
	Syscalls []*Syscall `json:"syscalls,omitempty"`

	// list of flags to use with seccomp(2)
	Flags []*Flag `json:"flags,omitempty"`
}

SeccompProfileSpec defines the desired state of SeccompProfile.

func (*SeccompProfileSpec) DeepCopy 

func (in *SeccompProfileSpec) DeepCopy() *SeccompProfileSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SeccompProfileSpec.

func (*SeccompProfileSpec) DeepCopyInto 

func (in *SeccompProfileSpec) DeepCopyInto(out *SeccompProfileSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SeccompProfileStatus 

type SeccompProfileStatus struct {
	profilebase.StatusBase `json:",inline"`
	Path                   string   `json:"path,omitempty"`
	ActiveWorkloads        []string `json:"activeWorkloads,omitempty"`
	// The path that should be provided to the `securityContext.seccompProfile.localhostProfile`
	// field of a Pod or container spec
	LocalhostProfile string `json:"localhostProfile,omitempty"`
}

SeccompProfileStatus contains status of the deployed SeccompProfile.

func (*SeccompProfileStatus) DeepCopy 

func (in *SeccompProfileStatus) DeepCopy() *SeccompProfileStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SeccompProfileStatus.

func (*SeccompProfileStatus) DeepCopyInto 

func (in *SeccompProfileStatus) DeepCopyInto(out *SeccompProfileStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Syscall 

type Syscall struct {
	// the names of the syscalls
	Names []string `json:"names"`
	// the action for seccomp rules
	//nolint:lll // required for kubebuilder
	// +kubebuilder:validation:Enum=SCMP_ACT_KILL;SCMP_ACT_KILL_PROCESS;SCMP_ACT_KILL_THREAD;SCMP_ACT_TRAP;SCMP_ACT_ERRNO;SCMP_ACT_TRACE;SCMP_ACT_ALLOW;SCMP_ACT_LOG;SCMP_ACT_NOTIFY
	Action seccomp.Action `json:"action"`
	// the errno return code to use. Some actions like SCMP_ACT_ERRNO and
	// SCMP_ACT_TRACE allow to specify the errno code to return
	ErrnoRet uint `json:"errnoRet,omitempty"`
	// the specific syscall in seccomp
	// +kubebuilder:validation:MaxItems=6
	Args []*Arg `json:"args,omitempty"`
}

Syscall defines a syscall in seccomp.

func (*Syscall) DeepCopy 

func (in *Syscall) DeepCopy() *Syscall

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Syscall.

func (*Syscall) DeepCopyInto 

func (in *Syscall) DeepCopyInto(out *Syscall)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.