package securitycontext

kubernetes – k8s.io/kubernetes/pkg/securitycontext Index | Files

package securitycontext

import "k8s.io/kubernetes/pkg/securitycontext"

Package securitycontext contains security context api implementations

Index ¶

func HasCapabilitiesRequest(container *api.Container) bool
func HasPrivilegedRequest(container *api.Container) bool
func HasRootRunAsUser(container *api.Container) bool
func HasRootUID(container *api.Container) bool
func HasRunAsUser(container *api.Container) bool
func ParseSELinuxOptions(context string) (*api.SELinuxOptions, error)
func ValidSecurityContextWithContainerDefaults() *api.SecurityContext
type FakeSecurityContextProvider

func (p FakeSecurityContextProvider) ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)
func (p FakeSecurityContextProvider) ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)

type SecurityContextProvider

func NewFakeSecurityContextProvider() SecurityContextProvider
func NewSimpleSecurityContextProvider() SecurityContextProvider

type SimpleSecurityContextProvider

func (p SimpleSecurityContextProvider) ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)
func (p SimpleSecurityContextProvider) ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)

Functions ¶

func HasCapabilitiesRequest ¶

func HasCapabilitiesRequest(container *api.Container) bool

HasCapabilitiesRequest returns true if Adds or Drops are defined in the security context capabilities, taking into account nils

func HasPrivilegedRequest ¶

func HasPrivilegedRequest(container *api.Container) bool

HasPrivilegedRequest returns the value of SecurityContext.Privileged, taking into account the possibility of nils

func HasRootRunAsUser ¶

func HasRootRunAsUser(container *api.Container) bool

HasRootRunAsUser returns true if the run as user is set and it is set to 0.

func HasRootUID ¶

func HasRootUID(container *api.Container) bool

HasNonRootUID returns true if the runAsUser is set and is greater than 0.

func HasRunAsUser ¶

func HasRunAsUser(container *api.Container) bool

HasRunAsUser determines if the sc's runAsUser field is set.

func ParseSELinuxOptions ¶

func ParseSELinuxOptions(context string) (*api.SELinuxOptions, error)

ParseSELinuxOptions parses a string containing a full SELinux context (user, role, type, and level) into an SELinuxOptions object. If the context is malformed, an error is returned.

func ValidSecurityContextWithContainerDefaults ¶

func ValidSecurityContextWithContainerDefaults() *api.SecurityContext

ValidSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.

Types ¶

type FakeSecurityContextProvider ¶

type FakeSecurityContextProvider struct{}

func (FakeSecurityContextProvider) ModifyContainerConfig ¶

func (p FakeSecurityContextProvider) ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)

func (FakeSecurityContextProvider) ModifyHostConfig ¶

func (p FakeSecurityContextProvider) ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)

type SecurityContextProvider ¶

type SecurityContextProvider interface {
	// ModifyContainerConfig is called before the Docker createContainer call.
	// The security context provider can make changes to the Config with which
	// the container is created.
	ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)

	// ModifyHostConfig is called before the Docker runContainer call.
	// The security context provider can make changes to the HostConfig, affecting
	// security options, whether the container is privileged, volume binds, etc.
	// An error is returned if it's not possible to secure the container as requested
	// with a security context.
	ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)
}

func NewFakeSecurityContextProvider ¶

func NewFakeSecurityContextProvider() SecurityContextProvider

NewFakeSecurityContextProvider creates a new, no-op security context provider.

func NewSimpleSecurityContextProvider ¶

func NewSimpleSecurityContextProvider() SecurityContextProvider

NewSimpleSecurityContextProvider creates a new SimpleSecurityContextProvider.

type SimpleSecurityContextProvider ¶

type SimpleSecurityContextProvider struct{}

SimpleSecurityContextProvider is the default implementation of a SecurityContextProvider.

func (SimpleSecurityContextProvider) ModifyContainerConfig ¶

func (p SimpleSecurityContextProvider) ModifyContainerConfig(pod *api.Pod, container *api.Container, config *docker.Config)

ModifyContainerConfig is called before the Docker createContainer call. The security context provider can make changes to the Config with which the container is created.

func (SimpleSecurityContextProvider) ModifyHostConfig ¶

func (p SimpleSecurityContextProvider) ModifyHostConfig(pod *api.Pod, container *api.Container, hostConfig *docker.HostConfig)

ModifyHostConfig is called before the Docker runContainer call. The security context provider can make changes to the HostConfig, affecting security options, whether the container is privileged, volume binds, etc. An error is returned if it's not possible to secure the container as requested with a security context.

Source Files ¶

doc.go fake.go provider.go types.go util.go

Version: v1.1.2
Published: Nov 19, 2015
Platform: js/wasm
Imports: 5 packages
Last checked: 9 seconds ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples