Documentation ¶
Overview ¶
Package kfilters holds kfilters related files
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files
Index ¶
- Constants
- Variables
- func AddRuleExpr(t testing.TB, rs *rules.RuleSet, exprs ...string)
- func GetCapababilities() map[eval.EventType]rules.FieldCapabilities
- type ActiveApprovers
- type ApplyRuleSetReport
- type Capabilities
- type Capability
- type FilterPolicy
- type PolicyFlag
- type PolicyMode
- type PolicyReport
Constants ¶
const BasenameApproverKernelMapName = "basename_approvers"
BasenameApproverKernelMapName defines the basename approver kernel map name
Variables ¶
var AllApproversHandlers = make(map[eval.EventType]onApproverHandler)
AllApproversHandlers var contains all the approvers handlers
Functions ¶
func AddRuleExpr ¶
AddRuleExpr adds a rule expression
func GetCapababilities ¶
func GetCapababilities() map[eval.EventType]rules.FieldCapabilities
GetCapababilities returns all the filtering capabilities
Types ¶
type ActiveApprovers ¶
type ActiveApprovers = activeKFilters
ActiveApprovers defines the active approvers type
type ApplyRuleSetReport ¶
type ApplyRuleSetReport struct {
Policies map[string]*PolicyReport
}
ApplyRuleSetReport describes the event types and their associated policy policies
func NewApplyRuleSetReport ¶
NewApplyRuleSetReport returns filtering policy applied per event type
type Capabilities ¶
type Capabilities map[eval.Field]Capability
Capabilities represents the filtering capabilities for a set of fields
func (Capabilities) GetFieldCapabilities ¶
func (caps Capabilities) GetFieldCapabilities() rules.FieldCapabilities
GetFieldCapabilities returns the field capabilities for a set of capabilities
func (Capabilities) GetFields ¶
func (caps Capabilities) GetFields() []eval.Field
GetFields returns the fields associated with a set of capabilities
func (Capabilities) GetFlags ¶
func (caps Capabilities) GetFlags() PolicyFlag
GetFlags returns the policy flags for the set of capabilities
type Capability ¶
type Capability struct { PolicyFlags PolicyFlag FieldValueTypes eval.FieldValueType ValidateFnc func(value rules.FilterValue) bool FilterWeight int }
Capability represents the type of values we are able to filter kernel side
type FilterPolicy ¶
type FilterPolicy struct { Mode PolicyMode Flags PolicyFlag }
FilterPolicy describes a filtering policy
func (*FilterPolicy) Bytes ¶
func (f *FilterPolicy) Bytes() ([]byte, error)
Bytes returns the binary representation of a FilterPolicy
type PolicyFlag ¶
type PolicyFlag uint8
PolicyFlag is a bitmask of the active filtering policies
const ( PolicyFlagBasename PolicyFlag = 1 PolicyFlagFlags PolicyFlag = 2 PolicyFlagMode PolicyFlag = 4 // need to be aligned with the kernel size BasenameFilterSize = 256 )
Policy flags
func (PolicyFlag) MarshalJSON ¶
func (f PolicyFlag) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON encoding of the policy flags
func (PolicyFlag) StringArray ¶
func (f PolicyFlag) StringArray() []string
StringArray returns the policy flags as a string array
type PolicyMode ¶
type PolicyMode uint8
PolicyMode represents the policy mode (accept or deny)
const ( PolicyModeNoFilter PolicyMode = iota PolicyModeAccept PolicyModeDeny )
Policy modes
func (PolicyMode) MarshalJSON ¶
func (m PolicyMode) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON encoding of the policy mode
func (PolicyMode) String ¶
func (m PolicyMode) String() string
type PolicyReport ¶
type PolicyReport struct { Mode PolicyMode Flags PolicyFlag Approvers rules.Approvers }
PolicyReport describes the result of the kernel policy and the approvers for an event type