package sysctl

kubernetes – k8s.io/kubernetes/pkg/kubelet/sysctl Index | Files

import "k8s.io/kubernetes/pkg/kubelet/sysctl"

Index ¶

Constants
func ConvertPodSysctlsVariableToDotsSeparator(securityContext *v1.PodSecurityContext)
func NewAllowlist(patterns []string) (*patternAllowlist, error)
func SafeSysctlAllowlist() []string
type Namespace

func NamespacedBy(val string) Namespace

Constants ¶

const (
	ForbiddenReason = "SysctlForbidden"
)

Functions ¶

func ConvertPodSysctlsVariableToDotsSeparator ¶

func ConvertPodSysctlsVariableToDotsSeparator(securityContext *v1.PodSecurityContext)

ConvertPodSysctlsVariableToDotsSeparator converts sysctls variable in the Pod.Spec.SecurityContext.Sysctls slice into a dot as a separator according to the linux sysctl conversion rules. see https://man7.org/linux/man-pages/man5/sysctl.d.5.html for more details.

func NewAllowlist ¶

func NewAllowlist(patterns []string) (*patternAllowlist, error)

NewAllowlist creates a new Allowlist from a list of sysctls and sysctl pattern (ending in *).

func SafeSysctlAllowlist ¶

func SafeSysctlAllowlist() []string

SafeSysctlAllowlist returns the allowlist of safe sysctls and safe sysctl patterns (ending in *).

A sysctl is called safe iff - it is namespaced in the container or the pod - it is isolated, i.e. has no influence on any other pod on the same node.

Types ¶

type Namespace ¶

type Namespace string

Namespace represents a kernel namespace name.

func NamespacedBy ¶

func NamespacedBy(val string) Namespace

NamespacedBy returns the namespace of the Linux kernel for a sysctl, or unknownNamespace if the sysctl is not known to be namespaced.

Source Files ¶

allowlist.go namespace.go safe_sysctls.go util.go

Version: v1.27.8
Published: Nov 15, 2023
Platform: js/wasm
Imports: 10 packages
Last checked: 1 minute ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples