type debugStyle …
const ephemeral …
const podCopy …
const node …
const unsupported …
const ProfileLegacy …
const ProfileGeneral …
const ProfileBaseline …
const ProfileRestricted …
const ProfileNetadmin …
const ProfileSysadmin …
type ProfileApplier …
func NewProfileApplier(profile string, kflags KeepFlags) (ProfileApplier, error) { … }
type legacyProfile …
type generalProfile …
type baselineProfile …
type restrictedProfile …
type netadminProfile …
type sysadminProfile …
type KeepFlags …
func (kflags KeepFlags) RemoveLabels(p *corev1.Pod) { … }
func (kflags KeepFlags) RemoveAnnotations(p *corev1.Pod) { … }
func (kflags KeepFlags) RemoveProbes(p *corev1.Pod) { … }
func (kflags KeepFlags) RemoveInitContainers(p *corev1.Pod) { … }
func getDebugStyle(pod *corev1.Pod, target runtime.Object) (debugStyle, error) { … }
func (p *legacyProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error { … }
func (p *generalProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error { … }
func (p *baselineProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error { … }
func (p *restrictedProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error { … }
func (p *netadminProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error { … }
func (p *sysadminProfile) Apply(pod *corev1.Pod, containerName string, target runtime.Object) error { … }
func mountRootPartition(p *corev1.Pod, containerName string) { … }
func useHostNamespaces(p *corev1.Pod) { … }
func shareProcessNamespace(p *corev1.Pod) { … }
func clearSecurityContext(p *corev1.Pod, containerName string) { … }
func setPrivileged(p *corev1.Pod, containerName string) { … }
func disallowRoot(p *corev1.Pod, containerName string) { … }
func dropCapabilities(p *corev1.Pod, containerName string) { … }
func allowProcessTracing(p *corev1.Pod, containerName string) { … }
func allowNetadminCapability(p *corev1.Pod, containerName string) { … }
func addCapability(c *corev1.Container, capability corev1.Capability) { … }
func disallowPrivilegeEscalation(p *corev1.Pod, containerName string) { … }
func setSeccompProfile(p *corev1.Pod, containerName string) { … }