Documentation
¶
Overview ¶
package capbabilities manages system level capabilities
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Initialize ¶
func Initialize(c Capabilities)
Initialize the capability set. This can only be done once per binary, subsequent calls are ignored.
func SetForTests ¶
func SetForTests(c Capabilities)
SetCapabilitiesForTests. Convenience method for testing. This should only be called from tests.
func Setup ¶ added in v0.15.0
func Setup(allowPrivileged bool, privilegedSources PrivilegedSources, perConnectionBytesPerSec int64)
Setup the capability set. It wraps Initialize for improving usibility.
Types ¶
type Capabilities ¶
type Capabilities struct {
AllowPrivileged bool
// Pod sources from which to allow privileged capabilities like host networking, sharing the host
// IPC namespace, and sharing the host PID namespace.
PrivilegedSources PrivilegedSources
// PerConnectionBandwidthLimitBytesPerSec limits the throughput of each connection (currently only used for proxy, exec, attach)
PerConnectionBandwidthLimitBytesPerSec int64
}
Capabilities defines the set of capabilities available within the system. For now these are global. Eventually they may be per-user
type PrivilegedSources ¶ added in v1.1.0
type PrivilegedSources struct {
// List of pod sources for which using host network is allowed.
HostNetworkSources []string
// List of pod sources for which using host pid namespace is allowed.
HostPIDSources []string
// List of pod sources for which using host ipc is allowed.
HostIPCSources []string
}
PrivilegedSources defines the pod sources allowed to make privileged requests for certain types of capabilities like host networking, sharing the host IPC namespace, and sharing the host PID namespace.
Source Files
Click to show internal directories.
Click to hide internal directories.