package translator

import "k8s.io/kubernetes/pkg/controller/volume/selinuxwarning/translator"

Index

Types

type ControllerSELinuxTranslator 

type ControllerSELinuxTranslator struct{}

ControllerSELinuxTranslator is implementation of SELinuxLabelTranslator that can be used in kube-controller-manager (KCM). A real SELinuxLabelTranslator would be able to file empty parts of SELinuxOptions from the operating system defaults (/etc/selinux/*). KCM often runs as a container and cannot access /etc/selinux on the host. Even if it could, KCM can run on a different distro than the actual worker nodes. Therefore do not even try to file the defaults, use only fields filed in the provided SELinuxOptions.

func (*ControllerSELinuxTranslator) Conflicts 

func (c *ControllerSELinuxTranslator) Conflicts(labelA, labelB string) bool

Conflicts returns true if two SELinux labels conflict. These labels must be generated by SELinuxOptionsToFileLabel above (the function expects strict nr. of elements in the labels). Since this translator cannot default missing components, the missing components are treated as incomparable and they do not conflict with anything. Example: "system_u:system_r:container_t:s0:c1,c2" *does not* conflict with ":::s0:c1,c2", because the node that will run such a Pod may expand "":::s0:c1,c2" to "system_u:system_r:container_t:s0:c1,c2". However, "system_u:system_r:container_t:s0:c1,c2" *does* conflict with ":::s0:c98,c99".

func (*ControllerSELinuxTranslator) SELinuxEnabled 

func (c *ControllerSELinuxTranslator) SELinuxEnabled() bool

func (*ControllerSELinuxTranslator) SELinuxOptionsToFileLabel 

func (c *ControllerSELinuxTranslator) SELinuxOptionsToFileLabel(opts *v1.SELinuxOptions) (string, error)

Source Files

selinux_translator.go

Version
v1.33.0 (latest)
Published
Apr 23, 2025
Platform
linux/amd64
Imports
3 packages
Last checked
5 hours ago

Tools for package owners.