add non-root directive to SC and kubelet checking

This commit is contained in:
Paul Weil
2015-08-10 13:30:34 -04:00
parent 72db123025
commit e490c20c22
11 changed files with 356 additions and 0 deletions

View File

@@ -66,3 +66,24 @@ func ParseSELinuxOptions(context string) (*api.SELinuxOptions, error) {
Level: fields[3],
}, nil
}
// HasNonRootUID returns true if the runAsUser is set and is greater than 0.
func HasRootUID(container *api.Container) bool {
if container.SecurityContext == nil {
return false
}
if container.SecurityContext.RunAsUser == nil {
return false
}
return *container.SecurityContext.RunAsUser == 0
}
// HasRunAsUser determines if the sc's runAsUser field is set.
func HasRunAsUser(container *api.Container) bool {
return container.SecurityContext != nil && container.SecurityContext.RunAsUser != nil
}
// HasRootRunAsUser returns true if the run as user is set and it is set to 0.
func HasRootRunAsUser(container *api.Container) bool {
return HasRunAsUser(container) && HasRootUID(container)
}