// createSELinuxStrategy creates a new selinux strategy. func createSELinuxStrategy(opts *api.SELinuxContextStrategyOptions) (selinux.SELinuxSecurityContextConstraintsStrategy, error) { switch opts.Type { case api.SELinuxStrategyMustRunAs: return selinux.NewMustRunAs(opts) case api.SELinuxStrategyRunAsAny: return selinux.NewRunAsAny(opts) default: return nil, fmt.Errorf("Unrecognized SELinuxContext strategy type %s", opts.Type) } }
// NewSimpleProvider creates a new SecurityContextConstraintsProvider instance. func NewSimpleProvider(scc *api.SecurityContextConstraints) (SecurityContextConstraintsProvider, error) { if scc == nil { return nil, fmt.Errorf("NewSimpleProvider requires a SecurityContextConstraints") } var userStrat user.RunAsUserSecurityContextConstraintsStrategy = nil var err error = nil switch scc.RunAsUser.Type { case api.RunAsUserStrategyMustRunAs: userStrat, err = user.NewMustRunAs(&scc.RunAsUser) case api.RunAsUserStrategyMustRunAsRange: userStrat, err = user.NewMustRunAsRange(&scc.RunAsUser) case api.RunAsUserStrategyMustRunAsNonRoot: userStrat, err = user.NewRunAsNonRoot(&scc.RunAsUser) case api.RunAsUserStrategyRunAsAny: userStrat, err = user.NewRunAsAny(&scc.RunAsUser) default: err = fmt.Errorf("Unrecognized RunAsUser strategy type %s", scc.RunAsUser.Type) } if err != nil { return nil, err } var seLinuxStrat selinux.SELinuxSecurityContextConstraintsStrategy = nil err = nil switch scc.SELinuxContext.Type { case api.SELinuxStrategyMustRunAs: seLinuxStrat, err = selinux.NewMustRunAs(&scc.SELinuxContext) case api.SELinuxStrategyRunAsAny: seLinuxStrat, err = selinux.NewRunAsAny(&scc.SELinuxContext) default: err = fmt.Errorf("Unrecognized SELinuxContext strategy type %s", scc.SELinuxContext.Type) } if err != nil { return nil, err } return &simpleProvider{ scc: scc, runAsUserStrategy: userStrat, seLinuxStrategy: seLinuxStrat, }, nil }