securitycontext

package
v1.6.11-beta.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 13, 2017 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package securitycontext contains security context api implementations

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DockerLabelDisable 

func DockerLabelDisable(separator rune) string

DockerLaelDisable returns the Docker security opt that disables SELinux for the container.

func DockerLabelLevel 

func DockerLabelLevel(separator rune) string

DockerLabelLevel returns the fragment of a Docker security opt that describes the SELinux level. Note that strictly speaking this is not actually the name of the security opt, but a fragment of the whole key- value pair necessary to set the opt.

func DockerLabelRole 

func DockerLabelRole(separator rune) string

DockerLabelRole returns the fragment of a Docker security opt that describes the SELinux role. Note that strictly speaking this is not actually the name of the security opt, but a fragment of the whole key- value pair necessary to set the opt.

func DockerLabelType 

func DockerLabelType(separator rune) string

DockerLabelType returns the fragment of a Docker security opt that describes the SELinux type. Note that strictly speaking this is not actually the name of the security opt, but a fragment of the whole key- value pair necessary to set the opt.

func DockerLabelUser 

func DockerLabelUser(separator rune) string

DockerLabelUser returns the fragment of a Docker security opt that describes the SELinux user. Note that strictly speaking this is not actually the name of the security opt, but a fragment of the whole key- value pair necessary to set the opt.

func ModifySecurityOptions 

func ModifySecurityOptions(config []string, selinuxOpts *v1.SELinuxOptions, separator rune) []string

ModifySecurityOptions adds SELinux options to config using the given separator.

Types

type FakeSecurityContextProvider 

type FakeSecurityContextProvider struct{}

func (FakeSecurityContextProvider) ModifyContainerConfig 

func (p FakeSecurityContextProvider) ModifyContainerConfig(pod *v1.Pod, container *v1.Container, config *dockercontainer.Config)

func (FakeSecurityContextProvider) ModifyHostConfig 

func (p FakeSecurityContextProvider) ModifyHostConfig(pod *v1.Pod, container *v1.Container, hostConfig *dockercontainer.HostConfig, supplementalGids []int64)

type SecurityContextProvider 

type SecurityContextProvider interface {
	// ModifyContainerConfig is called before the Docker createContainer call.
	// The security context provider can make changes to the Config with which
	// the container is created.
	ModifyContainerConfig(pod *v1.Pod, container *v1.Container, config *dockercontainer.Config)

	// ModifyHostConfig is called before the Docker createContainer call.
	// The security context provider can make changes to the HostConfig, affecting
	// security options, whether the container is privileged, volume binds, etc.
	// An error is returned if it's not possible to secure the container as requested
	// with a security context.
	//
	// - pod: the pod to modify the docker hostconfig for
	// - container: the container to modify the hostconfig for
	// - supplementalGids: additional supplemental GIDs associated with the pod's volumes
	ModifyHostConfig(pod *v1.Pod, container *v1.Container, hostConfig *dockercontainer.HostConfig, supplementalGids []int64)
}

func NewFakeSecurityContextProvider 

func NewFakeSecurityContextProvider() SecurityContextProvider

NewFakeSecurityContextProvider creates a new, no-op security context provider.

func NewSimpleSecurityContextProvider 

func NewSimpleSecurityContextProvider(securityOptSeparator rune) SecurityContextProvider

NewSimpleSecurityContextProvider creates a new SimpleSecurityContextProvider.

type SimpleSecurityContextProvider 

type SimpleSecurityContextProvider struct {
	// contains filtered or unexported fields
}

SimpleSecurityContextProvider is the default implementation of a SecurityContextProvider.

func (SimpleSecurityContextProvider) ModifyContainerConfig 

func (p SimpleSecurityContextProvider) ModifyContainerConfig(pod *v1.Pod, container *v1.Container, config *dockercontainer.Config)

ModifyContainerConfig is called before the Docker createContainer call. The security context provider can make changes to the Config with which the container is created.

func (SimpleSecurityContextProvider) ModifyHostConfig 

func (p SimpleSecurityContextProvider) ModifyHostConfig(pod *v1.Pod, container *v1.Container, hostConfig *dockercontainer.HostConfig, supplementalGids []int64)

ModifyHostConfig is called before the Docker runContainer call. The security context provider can make changes to the HostConfig, affecting security options, whether the container is privileged, volume binds, etc.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳