package capabilities

import "k8s.io/kubernetes/pkg/security/podsecuritypolicy/capabilities"

Package capabilities contains code for validating and defaulting a pod's kernel capabilities according to a security policy.

Index ¶

• type Strategy
• func NewDefaultCapabilities(defaultAddCapabilities, requiredDropCapabilities, allowedCaps []corev1.Capability) (Strategy, error)

Types ¶

type Strategy ¶

type Strategy interface {
	// Generate creates the capabilities based on policy rules.
	Generate(pod *api.Pod, container *api.Container) (*api.Capabilities, error)
	// Validate ensures that the specified values fall within the range of the strategy.
	Validate(fldPath *field.Path, pod *api.Pod, container *api.Container, capabilities *api.Capabilities) field.ErrorList
}

Strategy defines the interface for all cap constraint strategies.

func NewDefaultCapabilities ¶

func NewDefaultCapabilities(defaultAddCapabilities, requiredDropCapabilities, allowedCaps []corev1.Capability) (Strategy, error)

NewDefaultCapabilities creates a new defaultCapabilities strategy that will provide defaults and validation based on the configured initial caps and allowed caps.

Source Files ¶

capabilities.go doc.go types.go