Package util contains utility code shared amongst different parts of the pod security policy apparatus.
const ( ValidatedPSPAnnotation = "kubernetes.io/psp" )
func AllowsHostVolumePath(psp *policy.PodSecurityPolicy, hostPath string) (pathIsAllowed, mustBeReadOnly bool)
AllowsHostVolumePath is a utility for checking if a PSP allows the host volume path. This only checks the path. You should still check to make sure the host volume fs type is allowed.
EqualStringSlices compares string slices for equality. Slices are equal when their sizes and elements on similar positions are equal.
FSTypeToStringSet converts an FSType slice to a string set.
getVolumeFSType gets the FSType for a volume.
GroupFallsInRange is a utility to determine it the id falls in the valid range.
PSPAllowsAllVolumes checks for FSTypeAll in the psp's allowed volumes.
PSPAllowsFSType is a utility for checking if a PSP allows a particular FSType. If all volumes are allowed then this will return true for any FSType passed.
UserFallsInRange is a utility to determine it the id falls in the valid range.