kubernetes: k8s.io/kubernetes/pkg/security/podsecuritypolicy/util Index | Files

package util

import "k8s.io/kubernetes/pkg/security/podsecuritypolicy/util"

Package util contains utility code shared amongst different parts of the pod security policy apparatus.


Package Files

doc.go util.go


const (
    ValidatedPSPAnnotation = "kubernetes.io/psp"

func AllowsHostVolumePath Uses

func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) (pathIsAllowed, mustBeReadOnly bool)

AllowsHostVolumePath is a utility for checking if a PSP allows the host volume path. This only checks the path. You should still check to make sure the host volume fs type is allowed.

func EqualStringSlices Uses

func EqualStringSlices(a, b []string) bool

EqualStringSlices compares string slices for equality. Slices are equal when their sizes and elements on similar positions are equal.

func FSTypeToStringSet Uses

func FSTypeToStringSet(fsTypes []policy.FSType) sets.String

FSTypeToStringSet converts an FSType slice to a string set.

func GetAllFSTypesAsSet Uses

func GetAllFSTypesAsSet() sets.String

func GetAllFSTypesExcept Uses

func GetAllFSTypesExcept(exceptions ...string) sets.String

func GetVolumeFSType Uses

func GetVolumeFSType(v api.Volume) (policy.FSType, error)

getVolumeFSType gets the FSType for a volume.

func GroupFallsInRange Uses

func GroupFallsInRange(id int64, rng policy.IDRange) bool

GroupFallsInRange is a utility to determine it the id falls in the valid range.

func IsOnlyServiceAccountTokenSources Uses

func IsOnlyServiceAccountTokenSources(v *api.ProjectedVolumeSource) bool

func PSPAllowsAllVolumes Uses

func PSPAllowsAllVolumes(psp *policy.PodSecurityPolicy) bool

PSPAllowsAllVolumes checks for FSTypeAll in the psp's allowed volumes.

func PSPAllowsFSType Uses

func PSPAllowsFSType(psp *policy.PodSecurityPolicy, fsType policy.FSType) bool

PSPAllowsFSType is a utility for checking if a PSP allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.

func UserFallsInRange Uses

func UserFallsInRange(id int64, rng policy.IDRange) bool

UserFallsInRange is a utility to determine it the id falls in the valid range.

Package util imports 5 packages (graph) and is imported by 418 packages. Updated 2020-07-20. Refresh now. Tools for package owners.