github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-05 15:37:24 +00:00
Code Issues Projects Releases Wiki Activity

AppArmor PodSecurityPolicy implementation

Browse Source
This commit is contained in:
Tim St. Clair
2016-08-17 17:24:47 -07:00
parent 52b3ef6f9c
commit 293770ef31
11 changed files with 493 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/security/apparmor/helpers.go
View File

@@ -26,6 +26,10 @@ import (
const (
// The prefix to an annotation key specifying a container profile.
ContainerAnnotationKeyPrefix = "container.apparmor.security.alpha.kubernetes.io/"
// The annotation key specifying the default AppArmor profile.
DefaultProfileAnnotationKey = "apparmor.security.alpha.kubernetes.io/defaultProfileName"
// The annotation key specifying the allowed AppArmor profiles.
AllowedProfilesAnnotationKey = "apparmor.security.alpha.kubernetes.io/allowedProfileNames"
// The profile specifying the runtime default.
ProfileRuntimeDefault = "runtime/default"
@@ -47,3 +51,12 @@ func isRequired(pod *api.Pod) bool {
func GetProfileName(pod *api.Pod, containerName string) string {
return pod.Annotations[ContainerAnnotationKeyPrefix+containerName]
}
// Sets the name of the profile to use with the container.
func SetProfileName(pod *api.Pod, containerName, profileName string) error {
if pod.Annotations == nil {
pod.Annotations = map[string]string{}
}
pod.Annotations[ContainerAnnotationKeyPrefix+containerName] = profileName
return nil
}