當前位置: 首頁>>代碼示例>>Golang>>正文

Golang LinuxContainerSecurityContext.GetNamespaceOptions方法代碼示例

本文整理匯總了Golang中k8s/io/kubernetes/pkg/kubelet/api/v1alpha1/runtime.LinuxContainerSecurityContext.GetNamespaceOptions方法的典型用法代碼示例。如果您正苦於以下問題:Golang LinuxContainerSecurityContext.GetNamespaceOptions方法的具體用法?Golang LinuxContainerSecurityContext.GetNamespaceOptions怎麽用?Golang LinuxContainerSecurityContext.GetNamespaceOptions使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在k8s/io/kubernetes/pkg/kubelet/api/v1alpha1/runtime.LinuxContainerSecurityContext的用法示例。


在下文中一共展示了LinuxContainerSecurityContext.GetNamespaceOptions方法的2個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。

示例1: applySandboxSecurityContext

// applySandboxSecurityContext updates docker sandbox options according to security context.
func applySandboxSecurityContext(lc *runtimeapi.LinuxPodSandboxConfig, config *dockercontainer.Config, hc *dockercontainer.HostConfig, networkPlugin network.NetworkPlugin) {
	if lc == nil {
		return
	}

	var sc *runtimeapi.LinuxContainerSecurityContext
	if lc.SecurityContext != nil {
		sc = &runtimeapi.LinuxContainerSecurityContext{
			SupplementalGroups: lc.SecurityContext.SupplementalGroups,
			RunAsUser:          lc.SecurityContext.RunAsUser,
			ReadonlyRootfs:     lc.SecurityContext.ReadonlyRootfs,
			SelinuxOptions:     lc.SecurityContext.SelinuxOptions,
			NamespaceOptions:   lc.SecurityContext.NamespaceOptions,
		}
	}

	modifyContainerConfig(sc, config)
	modifyHostConfig(sc, hc)
	modifySandboxNamespaceOptions(sc.GetNamespaceOptions(), hc, networkPlugin)

}
開發者ID:jonboulle,項目名稱:kubernetes,代碼行數:22,代碼來源:security_context.go

示例2: modifyHostConfig

// modifyHostConfig applies security context config to dockercontainer.HostConfig.
func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, sandboxID string, hostConfig *dockercontainer.HostConfig) {
	// Apply namespace options.
	modifyNamespaceOptions(sc.GetNamespaceOptions(), sandboxID, hostConfig)

	if sc == nil {
		return
	}

	// Apply supplemental groups.
	for _, group := range sc.SupplementalGroups {
		hostConfig.GroupAdd = append(hostConfig.GroupAdd, strconv.FormatInt(group, 10))
	}

	// Apply security context for the container.
	if sc.Privileged != nil {
		hostConfig.Privileged = sc.GetPrivileged()
	}
	if sc.ReadonlyRootfs != nil {
		hostConfig.ReadonlyRootfs = sc.GetReadonlyRootfs()
	}
	if sc.Capabilities != nil {
		hostConfig.CapAdd = sc.GetCapabilities().GetAddCapabilities()
		hostConfig.CapDrop = sc.GetCapabilities().GetDropCapabilities()
	}
	if sc.SelinuxOptions != nil {
		hostConfig.SecurityOpt = securitycontext.ModifySecurityOptions(
			hostConfig.SecurityOpt,
			&api.SELinuxOptions{
				User:  sc.SelinuxOptions.GetUser(),
				Role:  sc.SelinuxOptions.GetRole(),
				Type:  sc.SelinuxOptions.GetType(),
				Level: sc.SelinuxOptions.GetLevel(),
			},
		)
	}
}
開發者ID:Q-Lee,項目名稱:kubernetes,代碼行數:37,代碼來源:security_context.go


注:本文中的k8s/io/kubernetes/pkg/kubelet/api/v1alpha1/runtime.LinuxContainerSecurityContext.GetNamespaceOptions方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。