import "k8s.io/kubernetes/pkg/security/apparmor"
const (
// The prefix to an annotation key specifying a container profile.
ContainerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/"
// The annotation key specifying the default AppArmor profile.
DefaultProfileAnnotationKey = "apparmor.security.beta.kubernetes.io/defaultProfileName"
// The annotation key specifying the allowed AppArmor profiles.
AllowedProfilesAnnotationKey = "apparmor.security.beta.kubernetes.io/allowedProfileNames"
// The profile specifying the runtime default.
ProfileRuntimeDefault = "runtime/default"
// The prefix for specifying profiles loaded on the node.
ProfileNamePrefix = "localhost/"
// Unconfined profile
ProfileNameUnconfined = "unconfined"
)TODO: Move these values into the API package.
GetProfileName returns the name of the profile to use with the container.
GetProfileNameFromPodAnnotations gets the name of the profile to use with container from pod annotations
IsAppArmorEnabled returns true if apparmor is enabled for the host. This function is forked from https://github.com/opencontainers/runc/blob/1a81e9ab1f138c091fe5c86d0883f87716088527/libcontainer/apparmor/apparmor.go to avoid the libapparmor dependency.
SetProfileName sets the name of the profile to use with the container.
func SetProfileNameFromPodAnnotations(annotations map[string]string, containerName, profileName string) error
SetProfileNameFromPodAnnotations sets the name of the profile to use with the container.
ValidateProfileFormat checks the format of the profile.
Validator is a interface for validating that a pod with an AppArmor profile can be run by a Node.
NewValidator is in order to find AppArmor FS
Package apparmor imports 13 packages (graph) and is imported by 234 packages. Updated 2019-11-11. Refresh now. Tools for package owners.