kubernetes: k8s.io/kubernetes/pkg/securitycontext Index | Files

package securitycontext

import "k8s.io/kubernetes/pkg/securitycontext"

Package securitycontext contains security context api implementations

Index

Package Files

accessors.go doc.go fake.go util.go

func AddNoNewPrivileges Uses

func AddNoNewPrivileges(sc *v1.SecurityContext) bool

AddNoNewPrivileges returns if we should add the no_new_privs option.

func ConvertToRuntimeMaskedPaths Uses

func ConvertToRuntimeMaskedPaths(opt *v1.ProcMountType) []string

ConvertToRuntimeMaskedPaths converts the ProcMountType to the specified or default masked paths.

func ConvertToRuntimeReadonlyPaths Uses

func ConvertToRuntimeReadonlyPaths(opt *v1.ProcMountType) []string

ConvertToRuntimeReadonlyPaths converts the ProcMountType to the specified or default readonly paths.

func DetermineEffectiveSecurityContext Uses

func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext

DetermineEffectiveSecurityContext returns a synthesized SecurityContext for reading effective configurations from the provided pod's and container's security context. Container's fields take precedence in cases where both are set

func HasCapabilitiesRequest Uses

func HasCapabilitiesRequest(container *v1.Container) bool

HasCapabilitiesRequest returns true if Adds or Drops are defined in the security context capabilities, taking into account nils

func HasPrivilegedRequest Uses

func HasPrivilegedRequest(container *v1.Container) bool

HasPrivilegedRequest returns the value of SecurityContext.Privileged, taking into account the possibility of nils

func ValidInternalSecurityContextWithContainerDefaults Uses

func ValidInternalSecurityContextWithContainerDefaults() *api.SecurityContext

ValidInternalSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.

func ValidSecurityContextWithContainerDefaults Uses

func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext

ValidSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.

type ContainerSecurityContextAccessor Uses

type ContainerSecurityContextAccessor interface {
    Capabilities() *api.Capabilities
    Privileged() *bool
    ProcMount() api.ProcMountType
    SELinuxOptions() *api.SELinuxOptions
    RunAsUser() *int64
    RunAsGroup() *int64
    RunAsNonRoot() *bool
    ReadOnlyRootFilesystem() *bool
    AllowPrivilegeEscalation() *bool
}

ContainerSecurityContextAccessor allows reading the values of a SecurityContext object

func NewContainerSecurityContextAccessor Uses

func NewContainerSecurityContextAccessor(containerSC *api.SecurityContext) ContainerSecurityContextAccessor

NewContainerSecurityContextAccessor returns an accessor for the provided container security context May be initialized with a nil SecurityContext

func NewEffectiveContainerSecurityContextAccessor Uses

func NewEffectiveContainerSecurityContextAccessor(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextAccessor

NewEffectiveContainerSecurityContextAccessor returns an accessor for reading effective values for the provided pod security context and container security context

type ContainerSecurityContextMutator Uses

type ContainerSecurityContextMutator interface {
    ContainerSecurityContextAccessor

    ContainerSecurityContext() *api.SecurityContext

    SetCapabilities(*api.Capabilities)
    SetPrivileged(*bool)
    SetSELinuxOptions(*api.SELinuxOptions)
    SetRunAsUser(*int64)
    SetRunAsGroup(*int64)
    SetRunAsNonRoot(*bool)
    SetReadOnlyRootFilesystem(*bool)
    SetAllowPrivilegeEscalation(*bool)
}

ContainerSecurityContextMutator allows reading and writing the values of a SecurityContext object

func NewContainerSecurityContextMutator Uses

func NewContainerSecurityContextMutator(containerSC *api.SecurityContext) ContainerSecurityContextMutator

NewContainerSecurityContextMutator returns a mutator for the provided container security context May be initialized with a nil SecurityContext

func NewEffectiveContainerSecurityContextMutator Uses

func NewEffectiveContainerSecurityContextMutator(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextMutator

NewEffectiveContainerSecurityContextMutator returns a mutator for reading and writing effective values for the provided pod security context and container security context

type PodSecurityContextAccessor Uses

type PodSecurityContextAccessor interface {
    HostNetwork() bool
    HostPID() bool
    HostIPC() bool
    SELinuxOptions() *api.SELinuxOptions
    RunAsUser() *int64
    RunAsGroup() *int64
    RunAsNonRoot() *bool
    SupplementalGroups() []int64
    FSGroup() *int64
}

PodSecurityContextAccessor allows reading the values of a PodSecurityContext object

func NewPodSecurityContextAccessor Uses

func NewPodSecurityContextAccessor(podSC *api.PodSecurityContext) PodSecurityContextAccessor

NewPodSecurityContextAccessor returns an accessor for the given pod security context. May be initialized with a nil PodSecurityContext.

type PodSecurityContextMutator Uses

type PodSecurityContextMutator interface {
    PodSecurityContextAccessor

    SetHostNetwork(bool)
    SetHostPID(bool)
    SetHostIPC(bool)
    SetSELinuxOptions(*api.SELinuxOptions)
    SetRunAsUser(*int64)
    SetRunAsGroup(*int64)
    SetRunAsNonRoot(*bool)
    SetSupplementalGroups([]int64)
    SetFSGroup(*int64)

    // PodSecurityContext returns the current PodSecurityContext object
    PodSecurityContext() *api.PodSecurityContext
}

PodSecurityContextMutator allows reading and writing the values of a PodSecurityContext object

func NewPodSecurityContextMutator Uses

func NewPodSecurityContextMutator(podSC *api.PodSecurityContext) PodSecurityContextMutator

NewPodSecurityContextMutator returns a mutator for the given pod security context. May be initialized with a nil PodSecurityContext.

Package securitycontext imports 3 packages (graph) and is imported by 372 packages. Updated 2019-07-19. Refresh now. Tools for package owners.