package capabilities

kubernetes – k8s.io/kubernetes/pkg/security/podsecuritypolicy/capabilities Index | Files

package capabilities

import "k8s.io/kubernetes/pkg/security/podsecuritypolicy/capabilities"

Package capabilities contains code for validating and defaulting a pod's kernel capabilities according to a security policy.

Index ¶

type Strategy

func NewDefaultCapabilities(defaultAddCapabilities, requiredDropCapabilities, allowedCaps []api.Capability) (Strategy, error)

Types ¶

type Strategy ¶

type Strategy interface {
	// Generate creates the capabilities based on policy rules.
	Generate(pod *api.Pod, container *api.Container) (*api.Capabilities, error)
	// Validate ensures that the specified values fall within the range of the strategy.
	Validate(pod *api.Pod, container *api.Container) field.ErrorList
}

Strategy defines the interface for all cap constraint strategies.

func NewDefaultCapabilities ¶

func NewDefaultCapabilities(defaultAddCapabilities, requiredDropCapabilities, allowedCaps []api.Capability) (Strategy, error)

NewDefaultCapabilities creates a new defaultCapabilities strategy that will provide defaults and validation based on the configured initial caps and allowed caps.

Source Files ¶

doc.go mustrunas.go types.go

Version: v1.7.7
Published: Sep 28, 2017
Platform: linux/amd64
Imports: 4 packages
Last checked: 11 minutes ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples