package capabilities
import "k8s.io/kubernetes/pkg/security/podsecuritypolicy/capabilities"
Package capabilities contains code for validating and defaulting a pod's kernel capabilities according to a security policy.
Index ¶
Types ¶
type Strategy ¶
type Strategy interface {
// Generate creates the capabilities based on policy rules.
Generate(pod *api.Pod, container *api.Container) (*api.Capabilities, error)
// Validate ensures that the specified values fall within the range of the strategy.
Validate(pod *api.Pod, container *api.Container) field.ErrorList
}
Strategy defines the interface for all cap constraint strategies.
func NewDefaultCapabilities ¶
func NewDefaultCapabilities(defaultAddCapabilities, requiredDropCapabilities, allowedCaps []api.Capability) (Strategy, error)
NewDefaultCapabilities creates a new defaultCapabilities strategy that will provide defaults and validation based on the configured initial caps and allowed caps.
Source Files ¶
doc.go mustrunas.go types.go
- Version
- v1.6.2
- Published
- Apr 19, 2017
- Platform
- js/wasm
- Imports
- 4 packages
- Last checked
- 3 minutes ago –
Tools for package owners.