// HasWindowsHostProcessRequest returns true if container should run as HostProcess container, // taking into account nils func HasWindowsHostProcessRequest(pod *v1.Pod, container *v1.Container) bool { … } // DetermineEffectiveSecurityContext returns a synthesized SecurityContext for reading effective configurations // from the provided pod's and container's security context. Container's fields take precedence in cases where both // are set func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext { … } // DetermineEffectiveRunAsUser returns a pointer of UID from the provided pod's // and container's security context and a bool value to indicate if it is absent. // Container's runAsUser take precedence in cases where both are set. func DetermineEffectiveRunAsUser(pod *v1.Pod, container *v1.Container) (*int64, bool) { … } func securityContextFromPodSecurityContext(pod *v1.Pod) *v1.SecurityContext { … } // AddNoNewPrivileges returns if we should add the no_new_privs option. func AddNoNewPrivileges(sc *v1.SecurityContext) bool { … } var defaultMaskedPaths … var defaultReadonlyPaths … // ConvertToRuntimeMaskedPaths converts the ProcMountType to the specified or default // masked paths. func ConvertToRuntimeMaskedPaths(opt *v1.ProcMountType) []string { … } // ConvertToRuntimeReadonlyPaths converts the ProcMountType to the specified or default // readonly paths. func ConvertToRuntimeReadonlyPaths(opt *v1.ProcMountType) []string { … }
Codebase Browser
kubernetes