package apparmor
import "k8s.io/client-go/1.4/pkg/security/apparmor"
Index ¶
- Constants
- func GetProfileName(pod *api.Pod, containerName string) string
- func IsAppArmorEnabled() bool
- func SetProfileName(pod *api.Pod, containerName, profileName string) error
- func ValidateProfileFormat(profile string) error
- type Validator
Constants ¶
const ( // The prefix to an annotation key specifying a container profile. ContainerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/" // The annotation key specifying the default AppArmor profile. DefaultProfileAnnotationKey = "apparmor.security.beta.kubernetes.io/defaultProfileName" // The annotation key specifying the allowed AppArmor profiles. AllowedProfilesAnnotationKey = "apparmor.security.beta.kubernetes.io/allowedProfileNames" // The profile specifying the runtime default. ProfileRuntimeDefault = "runtime/default" // The prefix for specifying profiles loaded on the node. ProfileNamePrefix = "localhost/" )
TODO: Move these values into the API package.
Functions ¶
func GetProfileName ¶
Returns the name of the profile to use with the container.
func IsAppArmorEnabled ¶
func IsAppArmorEnabled() bool
IsAppArmorEnabled returns true if apparmor is enabled for the host. This function is forked from https://github.com/opencontainers/runc/blob/1a81e9ab1f138c091fe5c86d0883f87716088527/libcontainer/apparmor/apparmor.go to avoid the libapparmor dependency.
func SetProfileName ¶
Sets the name of the profile to use with the container.
func ValidateProfileFormat ¶
Types ¶
type Validator ¶
Interface for validating that a pod with with an AppArmor profile can be run by a Node.
func NewValidator ¶
Source Files ¶
helpers.go validate.go validate_disabled.go
- Version
- v1.4.0
- Published
- Oct 17, 2016
- Platform
- js/wasm
- Imports
- 10 packages
- Last checked
- 1 second ago –
Tools for package owners.