 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Overview ¶
package capbabilities manages system level capabilities
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Initialize ¶
func Initialize(c Capabilities)
Initialize the capability set. This can only be done once per binary, subsequent calls are ignored.
func SetForTests ¶
func SetForTests(c Capabilities)
SetCapabilitiesForTests. Convenience method for testing. This should only be called from tests.
func Setup ¶
func Setup(allowPrivileged bool, privilegedSources PrivilegedSources, perConnectionBytesPerSec int64)
Setup the capability set. It wraps Initialize for improving usibility.
Types ¶
type Capabilities ¶
type Capabilities struct {
	AllowPrivileged bool
	// Pod sources from which to allow privileged capabilities like host networking, sharing the host
	// IPC namespace, and sharing the host PID namespace.
	PrivilegedSources PrivilegedSources
	// PerConnectionBandwidthLimitBytesPerSec limits the throughput of each connection (currently only used for proxy, exec, attach)
	PerConnectionBandwidthLimitBytesPerSec int64
}
    Capabilities defines the set of capabilities available within the system. For now these are global. Eventually they may be per-user
type PrivilegedSources ¶
type PrivilegedSources struct {
	// List of pod sources for which using host network is allowed.
	HostNetworkSources []string
	// List of pod sources for which using host pid namespace is allowed.
	HostPIDSources []string
	// List of pod sources for which using host ipc is allowed.
	HostIPCSources []string
}
    PrivilegedSources defines the pod sources allowed to make privileged requests for certain types of capabilities like host networking, sharing the host IPC namespace, and sharing the host PID namespace.