package translator

import "k8s.io/kubernetes/pkg/controller/volume/selinuxwarning/translator"

Index

Types

type ControllerSELinuxTranslator 

type ControllerSELinuxTranslator struct{}

ControllerSELinuxTranslator is implementation of SELinuxLabelTranslator that can be used in kube-controller-manager (KCM). A real SELinuxLabelTranslator would be able to file empty parts of SELinuxOptions from the operating system defaults (/etc/selinux/*). KCM often runs as a container and cannot access /etc/selinux on the host. Even if it could, KCM can run on a different distro than the actual worker nodes. Therefore do not even try to file the defaults, use only fields filed in the provided SELinuxOptions.

func (*ControllerSELinuxTranslator) Conflicts 

func (c *ControllerSELinuxTranslator) Conflicts(labelA, labelB string) bool

Conflicts returns true if two SELinux labels conflict. These labels must be generated by SELinuxOptionsToFileLabel above (the function expects strict nr. of elements in the labels). Since this translator cannot default missing label components from the operating system, the first three components can be empty. In this case, the empty components don't lead to a conflict when compared to a real SELinux label and this function returns false (as no conflict can be detected). The last component (level) is always compared, as it is not defaulted by the operating system. Example: "system_u:system_r:container_t:s0:c1,c2" *does not* conflict with ":::s0:c1,c2", because the node that will run such a Pod may expand ":::s0:c1,c2" to "system_u:system_r:container_t:s0:c1,c2". However: "system_u:system_r:container_t:s0:c1,c2" *does* conflict with ":::s0:c98,c99". And ":::s0:c1,c2" *does* conflict with "" or ":::", because it's never defaulted by the OS.

func (*ControllerSELinuxTranslator) SELinuxEnabled 

func (c *ControllerSELinuxTranslator) SELinuxEnabled() bool

func (*ControllerSELinuxTranslator) SELinuxOptionsToFileLabel 

func (c *ControllerSELinuxTranslator) SELinuxOptionsToFileLabel(opts *v1.SELinuxOptions) (string, error)

Source Files

selinux_translator.go

Version
v1.35.1 (latest)
Published
Feb 10, 2026
Platform
linux/amd64
Imports
3 packages
Last checked
2 months ago

Tools for package owners.