func ComputeLayerHashes(img v1.Image) ([]string, error)
ComputeLayerHashes computes cryptographic digests of image layers and returns them as slice of string hashes.
func DefaultContainerConfigs() []sp.ContainerConfig
DefaultContainerConfigs returns a hardcoded slice of container configs, which should be included by default in the security policy. The slice includes only a sandbox pause container.
func ParseCommandFromImage(img v1.Image) ([]string, error)
ParseCommandFromImage inspects the image and returns the command args, which is a combination of ENTRYPOINT and CMD Docker directives.
func ParseEnvFromImage(img v1.Image) ([]string, error)
ParseEnvFromImage inspects the image spec and adds security policy rules for environment variables from the spec. Additionally, includes "TERM=xterm" rule, which is added for linux containers by CRI.
func ParseUserFromImage(img v1.Image) (sp.IDNameConfig, sp.IDNameConfig, error)
ParseUserFromImage inspects the image and returns the user and group
func ParseWorkingDirFromImage(img v1.Image) (string, error)
ParseWorkingDirFromImage inspects the image spec and returns working directory if one was set via CWD Docker directive, otherwise returns "/".
func PolicyContainersFromConfigs(containerConfigs []sp.ContainerConfig) ([]*sp.Container, error)
PolicyContainersFromConfigs returns a slice of sp.Container generated from a slice of sp.ContainerConfig's
func RemoteImageFromImageName(imageName string, opts ...remote.Option) (v1.Image, error)
RemoteImageFromImageName parses a given imageName reference and creates a v1.Image with provided remote.Option opts.