package securitycontext

import "k8s.io/kubernetes/pkg/securitycontext"

Package securitycontext contains security context api implementations

Index ¶

• func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext
• func HasCapabilitiesRequest(container *v1.Container) bool
• func HasPrivilegedRequest(container *v1.Container) bool
• func HasRootRunAsUser(container *v1.Container) bool
• func HasRootUID(container *v1.Container) bool
• func HasRunAsUser(container *v1.Container) bool
• func InternalDetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *api.SecurityContext
• func ParseSELinuxOptions(context string) (*v1.SELinuxOptions, error)
• func ValidInternalSecurityContextWithContainerDefaults() *api.SecurityContext
• func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext

Functions ¶

func DetermineEffectiveSecurityContext ¶

func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext

func HasCapabilitiesRequest ¶

func HasCapabilitiesRequest(container *v1.Container) bool

HasCapabilitiesRequest returns true if Adds or Drops are defined in the security context capabilities, taking into account nils

func HasPrivilegedRequest ¶

func HasPrivilegedRequest(container *v1.Container) bool

HasPrivilegedRequest returns the value of SecurityContext.Privileged, taking into account the possibility of nils

func HasRootRunAsUser ¶

func HasRootRunAsUser(container *v1.Container) bool

HasRootRunAsUser returns true if the run as user is set and it is set to 0.

func HasRootUID ¶

func HasRootUID(container *v1.Container) bool

HasNonRootUID returns true if the runAsUser is set and is greater than 0.

func HasRunAsUser ¶

func HasRunAsUser(container *v1.Container) bool

HasRunAsUser determines if the sc's runAsUser field is set.

func InternalDetermineEffectiveSecurityContext ¶

func InternalDetermineEffectiveSecurityContext(pod *api.Pod, container *api.Container) *api.SecurityContext

TODO: remove the duplicate code

func ParseSELinuxOptions ¶

func ParseSELinuxOptions(context string) (*v1.SELinuxOptions, error)

ParseSELinuxOptions parses a string containing a full SELinux context (user, role, type, and level) into an SELinuxOptions object. If the context is malformed, an error is returned.

func ValidInternalSecurityContextWithContainerDefaults ¶

func ValidInternalSecurityContextWithContainerDefaults() *api.SecurityContext

ValidInternalSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.

func ValidSecurityContextWithContainerDefaults ¶

func ValidSecurityContextWithContainerDefaults() *v1.SecurityContext

ValidSecurityContextWithContainerDefaults creates a valid security context provider based on empty container defaults. Used for testing.

Source Files ¶

doc.go fake.go util.go