LinuxSandboxSecurityContext

cri_api::v1

Struct LinuxSandboxSecurityContext 

Source 
pub struct LinuxSandboxSecurityContext {
    pub namespace_options: Option<NamespaceOption>,
    pub selinux_options: Option<SeLinuxOption>,
    pub run_as_user: Option<Int64Value>,
    pub run_as_group: Option<Int64Value>,
    pub readonly_rootfs: bool,
    pub supplemental_groups: Vec<i64>,
    pub privileged: bool,
    pub seccomp: Option<SecurityProfile>,
    pub apparmor: Option<SecurityProfile>,
    pub seccomp_profile_path: String,
}
Expand description

LinuxSandboxSecurityContext holds linux security configuration that will be applied to a sandbox. Note that:

  1. It does not apply to containers in the pods.
  2. It may not be applicable to a PodSandbox which does not contain any running process.

Fields§

§namespace_options: Option<NamespaceOption>

Configurations for the sandbox’s namespaces. This will be used only if the PodSandbox uses namespace for isolation.

§selinux_options: Option<SeLinuxOption>

Optional SELinux context to be applied.

§run_as_user: Option<Int64Value>

UID to run sandbox processes as, when applicable.

§run_as_group: Option<Int64Value>

GID to run sandbox processes as, when applicable. run_as_group should only be specified when run_as_user is specified; otherwise, the runtime MUST error.

§readonly_rootfs: bool

If set, the root filesystem of the sandbox is read-only.

§supplemental_groups: Vec<i64>

List of groups applied to the first process run in the sandbox, in addition to the sandbox’s primary GID.

§privileged: bool

Indicates whether the sandbox will be asked to run a privileged container. If a privileged container is to be executed within it, this MUST be true. This allows a sandbox to take additional security precautions if no privileged containers are expected to be run.

§seccomp: Option<SecurityProfile>

Seccomp profile for the sandbox.

§apparmor: Option<SecurityProfile>

AppArmor profile for the sandbox.

§seccomp_profile_path: String
👎Deprecated

Seccomp profile for the sandbox, candidate values are:

  • runtime/default: the default profile for the container runtime
  • unconfined: unconfined profile, ie, no seccomp sandboxing
  • localhost/: the profile installed on the node. is the full path of the profile. Default: “”, which is identical with unconfined.

Trait Implementations§

Source§

impl Clone for LinuxSandboxSecurityContext

Source§

fn clone(&self) -> LinuxSandboxSecurityContext

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for LinuxSandboxSecurityContext

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for LinuxSandboxSecurityContext

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl<'de> Deserialize<'de> for LinuxSandboxSecurityContext

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Message for LinuxSandboxSecurityContext

Source§

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.
Source§

fn clear(&mut self)

Clears the message, resetting all fields to their default.
Source§

fn encode<B>(&self, buf: &mut B) -> Result<(), EncodeError>
where B: BufMut, Self: Sized,

Encodes the message to a buffer. Read more
Source§

fn encode_to_vec(&self) -> Vec<u8>
where Self: Sized,

Encodes the message to a newly allocated buffer.
Source§

fn encode_length_delimited<B>(&self, buf: &mut B) -> Result<(), EncodeError>
where B: BufMut, Self: Sized,

Encodes the message with a length-delimiter to a buffer. Read more
Source§

fn encode_length_delimited_to_vec(&self) -> Vec<u8>
where Self: Sized,

Encodes the message with a length-delimiter to a newly allocated buffer.
Source§

fn decode<B>(buf: B) -> Result<Self, DecodeError>
where B: Buf, Self: Default,

Decodes an instance of the message from a buffer. Read more
Source§

fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError>
where B: Buf, Self: Default,

Decodes a length-delimited instance of the message from the buffer.
Source§

fn merge<B>(&mut self, buf: B) -> Result<(), DecodeError>
where B: Buf, Self: Sized,

Decodes an instance of the message from a buffer, and merges it into self. Read more
Source§

fn merge_length_delimited<B>(&mut self, buf: B) -> Result<(), DecodeError>
where B: Buf, Self: Sized,

Decodes a length-delimited instance of the message from buffer, and merges it into self.
Source§

impl PartialEq for LinuxSandboxSecurityContext

Source§

fn eq(&self, other: &LinuxSandboxSecurityContext) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Serialize for LinuxSandboxSecurityContext

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl StructuralPartialEq for LinuxSandboxSecurityContext

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,