kubernetes: k8s.io/kubernetes/pkg/security/podsecuritypolicy/sysctl Index | Files

package sysctl

import "k8s.io/kubernetes/pkg/security/podsecuritypolicy/sysctl"


Package Files

mustmatchpatterns.go types.go

func SafeSysctlWhitelist Uses

func SafeSysctlWhitelist() []string

SafeSysctlWhitelist returns the whitelist of safe sysctls and safe sysctl patterns (ending in *).

A sysctl is called safe iff - it is namespaced in the container or the pod - it is isolated, i.e. has no influence on any other pod on the same node.

type SysctlsStrategy Uses

type SysctlsStrategy interface {
    // Validate ensures that the specified values fall within the range of the strategy.
    Validate(pod *api.Pod) field.ErrorList

SysctlsStrategy defines the interface for all sysctl strategies.

func NewMustMatchPatterns Uses

func NewMustMatchPatterns(safeWhitelist, allowedUnsafeSysctls, forbiddenSysctls []string) SysctlsStrategy

NewMustMatchPatterns creates a new mustMatchPatterns strategy that will provide validation. Passing nil means the default pattern, passing an empty list means to disallow all sysctls.

Package sysctl imports 4 packages (graph) and is imported by 42 packages. Updated 2019-09-20. Refresh now. Tools for package owners.