package sysctl

kubernetes – k8s.io/kubernetes/pkg/security/podsecuritypolicy/sysctl Index | Files

import "k8s.io/kubernetes/pkg/security/podsecuritypolicy/sysctl"

Index ¶

func SafeSysctlAllowlist() []string
type SysctlsStrategy

func NewMustMatchPatterns(safeAllowlist, allowedUnsafeSysctls, forbiddenSysctls []string) SysctlsStrategy

Functions ¶

func SafeSysctlAllowlist ¶

func SafeSysctlAllowlist() []string

SafeSysctlAllowlist returns the allowlist of safe sysctls and safe sysctl patterns (ending in *).

A sysctl is called safe iff - it is namespaced in the container or the pod - it is isolated, i.e. has no influence on any other pod on the same node.

Types ¶

type SysctlsStrategy ¶

type SysctlsStrategy interface {
	// Validate ensures that the specified values fall within the range of the strategy.
	Validate(pod *api.Pod) field.ErrorList
}

SysctlsStrategy defines the interface for all sysctl strategies.

func NewMustMatchPatterns ¶

func NewMustMatchPatterns(safeAllowlist, allowedUnsafeSysctls, forbiddenSysctls []string) SysctlsStrategy

NewMustMatchPatterns creates a new mustMatchPatterns strategy that will provide validation. Passing nil means the default pattern, passing an empty list means to disallow all sysctls.

Source Files ¶

mustmatchpatterns.go types.go

Version: v1.23.9-rc.0
Published: Jun 16, 2022
Platform: js/wasm
Imports: 4 packages
Last checked: 2 minutes ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples