diff --git a/hack/.golint_failures b/hack/.golint_failures
index 8ab29fc3b7a..564542b39c6 100644
--- a/hack/.golint_failures
+++ b/hack/.golint_failures
@@ -314,7 +314,6 @@ pkg/security/podsecuritypolicy/seccomp
 pkg/security/podsecuritypolicy/selinux
 pkg/security/podsecuritypolicy/user
 pkg/security/podsecuritypolicy/util
-pkg/securitycontext
 pkg/serviceaccount
 pkg/ssh
 pkg/util/bandwidth
diff --git a/pkg/securitycontext/accessors.go b/pkg/securitycontext/accessors.go
index 739ca126f62..283181a7792 100644
--- a/pkg/securitycontext/accessors.go
+++ b/pkg/securitycontext/accessors.go
@@ -201,6 +201,7 @@ func (w *podSecurityContextWrapper) SetFSGroup(v *int64) {
 	w.podSC.FSGroup = v
 }
 
+// ContainerSecurityContextAccessor allows reading the values of a SecurityContext object
 type ContainerSecurityContextAccessor interface {
 	Capabilities() *api.Capabilities
 	Privileged() *bool
@@ -213,6 +214,7 @@ type ContainerSecurityContextAccessor interface {
 	AllowPrivilegeEscalation() *bool
 }
 
+// ContainerSecurityContextMutator allows reading and writing the values of a SecurityContext object
 type ContainerSecurityContextMutator interface {
 	ContainerSecurityContextAccessor
 
@@ -228,10 +230,14 @@ type ContainerSecurityContextMutator interface {
 	SetAllowPrivilegeEscalation(*bool)
 }
 
+// NewContainerSecurityContextAccessor returns an accessor for the provided container security context
+// May be initialized with a nil SecurityContext
 func NewContainerSecurityContextAccessor(containerSC *api.SecurityContext) ContainerSecurityContextAccessor {
 	return &containerSecurityContextWrapper{containerSC: containerSC}
 }
 
+// NewContainerSecurityContextMutator returns a mutator for the provided container security context
+// May be initialized with a nil SecurityContext
 func NewContainerSecurityContextMutator(containerSC *api.SecurityContext) ContainerSecurityContextMutator {
 	return &containerSecurityContextWrapper{containerSC: containerSC}
 }
@@ -365,10 +371,14 @@ func (w *containerSecurityContextWrapper) SetAllowPrivilegeEscalation(v *bool) {
 	w.containerSC.AllowPrivilegeEscalation = v
 }
 
+// NewEffectiveContainerSecurityContextAccessor returns an accessor for reading effective values
+// for the provided pod security context and container security context
 func NewEffectiveContainerSecurityContextAccessor(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextAccessor {
 	return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC}
 }
 
+// NewEffectiveContainerSecurityContextMutator returns a mutator for reading and writing effective values
+// for the provided pod security context and container security context
 func NewEffectiveContainerSecurityContextMutator(podSC PodSecurityContextAccessor, containerSC ContainerSecurityContextMutator) ContainerSecurityContextMutator {
 	return &effectiveContainerSecurityContextWrapper{podSC: podSC, containerSC: containerSC}
 }
diff --git a/pkg/securitycontext/util.go b/pkg/securitycontext/util.go
index f324f7d1216..a39ee7571a8 100644
--- a/pkg/securitycontext/util.go
+++ b/pkg/securitycontext/util.go
@@ -44,6 +44,9 @@ func HasCapabilitiesRequest(container *v1.Container) bool {
 	return len(container.SecurityContext.Capabilities.Add) > 0 || len(container.SecurityContext.Capabilities.Drop) > 0
 }
 
+// DetermineEffectiveSecurityContext returns a synthesized SecurityContext for reading effective configurations
+// from the provided pod's and container's security context. Container's fields take precedence in cases where both
+// are set
 func DetermineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container) *v1.SecurityContext {
 	effectiveSc := securityContextFromPodSecurityContext(pod)
 	containerSc := container.SecurityContext