Package selinux contains security context constraints SELinux strategy implementations.

Package user contains security context constraints user strategy implementations.

AssignSecurityContext creates a security context for each container in the pod and validates that the sc falls within the scc constraints.

ConstraintAppliesTo inspects the constraint's users and groups against the userInfo to determine if it is usable by the userInfo.

CreateProviderFromConstraint creates a SecurityContextConstraintProvider from a SecurityContextConstraint.

CreateProvidersFromConstraints creates providers from the constraints supplied, including looking up pre-allocated values if necessary using the pod's namespace.

DeduplicateSecurityContextConstraints ensures we have a unique slice of constraints.

NewDefaultSCCMatcher builds and initializes a DefaultSCCMatcher.

NewSimpleProvider creates a new SecurityContextConstraintsProvider instance.

DefaultSCCMatcher implements default implementation for SCCMatcher interface.

SCCMatcher defines interface for SecurityContextConstraint matcher.

SecurityContextConstraintsProvider provides the implementation to generate a new security context based on constraints or validate an existing security context against constraints.

ByRestrictions is a helper to sort SCCs based on priority.

ByRestrictions is a helper to sort SCCs in order of most restrictive to least restrictive.