type SELinuxLabelTranslator … type translator … var _ … // NewSELinuxLabelTranslator returns new SELinuxLabelTranslator for the platform. func NewSELinuxLabelTranslator() SELinuxLabelTranslator { … } // SELinuxOptionsToFileLabel returns SELinux file label for given SELinuxOptions // of a container process. // When Role, User or Type are empty, they're read from the system defaults. // It returns "" and no error on platforms that do not have SELinux enabled // or don't support SELinux at all. func (l *translator) SELinuxOptionsToFileLabel(opts *v1.SELinuxOptions) (string, error) { … } // Convert SELinuxOptions to []string accepted by label.InitLabels func contextOptions(opts *v1.SELinuxOptions) []string { … } func (l *translator) SELinuxEnabled() bool { … } type fakeTranslator … var _ … // NewFakeSELinuxLabelTranslator returns a fake translator for unit tests. // It imitates a real translator on platforms that do not have SELinux enabled // or don't support SELinux at all. func NewFakeSELinuxLabelTranslator() SELinuxLabelTranslator { … } // SELinuxOptionsToFileLabel returns SELinux file label for given options. func (l *fakeTranslator) SELinuxOptionsToFileLabel(opts *v1.SELinuxOptions) (string, error) { … } func (l *fakeTranslator) SELinuxEnabled() bool { … } // SupportsSELinuxContextMount checks if the given volumeSpec supports with mount -o context func SupportsSELinuxContextMount(volumeSpec *volume.Spec, volumePluginMgr *volume.VolumePluginMgr) (bool, error) { … } // VolumeSupportsSELinuxMount returns true if given volume access mode can support mount with SELinux mount options. func VolumeSupportsSELinuxMount(volumeSpec *volume.Spec) bool { … } // AddSELinuxMountOption adds -o context="XYZ" mount option to a given list func AddSELinuxMountOption(options []string, seLinuxContext string) []string { … }
Codebase Browser
kubernetes