generate

package

v0.0.0-...-4cde3aa Latest Latest Go to latest Published: Mar 8, 2019 License: GPL-3.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/GrantSeltzer/karn

Documentation ¶

Index ¶

func Asset(name string) ([]byte, error)
func AssetDir(name string) ([]string, error)
func AssetInfo(name string) (os.FileInfo, error)
func AssetNames() []string
func MustAsset(name string) []byte
func RestoreAsset(dir, name string) error
func RestoreAssets(dir, name string) error
func WriteAppArmorProfile(out io.Writer, specifiedDeclarations []string, declarationsDirectory string) error
func WriteSeccompProfile(out io.Writer, specifiedDeclarations []string, declarationsDirectory string) error
type AppArmorProfileConfig
- func (profile *AppArmorProfileConfig) Generate(out io.Writer) error
type Capabilities
type Declaration
type FileSystem
type Network
type System
type SystemCalls

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Asset ¶

func Asset(name string) ([]byte, error)

Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetDir ¶

func AssetDir(name string) ([]string, error)

AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:

data/
  foo.txt
  img/
    a.png
    b.png

then AssetDir("data") would return []string{"foo.txt", "img"} AssetDir("data/img") would return []string{"a.png", "b.png"} AssetDir("foo.txt") and AssetDir("notexist") would return an error AssetDir("") will return []string{"data"}.

func AssetInfo ¶

func AssetInfo(name string) (os.FileInfo, error)

AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.

func AssetNames ¶

func AssetNames() []string

AssetNames returns the names of the assets.

func MustAsset ¶

func MustAsset(name string) []byte

MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.

func RestoreAsset ¶

func RestoreAsset(dir, name string) error

RestoreAsset restores an asset under the given directory

func RestoreAssets ¶

func RestoreAssets(dir, name string) error

RestoreAssets restores an asset under the given directory recursively

func WriteAppArmorProfile ¶

func WriteAppArmorProfile(out io.Writer, specifiedDeclarations []string, declarationsDirectory string) error

WriteAppArmorProfile takes the specified declarations and writes an apparmor profile to out

func WriteSeccompProfile ¶

func WriteSeccompProfile(out io.Writer, specifiedDeclarations []string, declarationsDirectory string) error

TODO: Should be part of main WriteSeccompProfile takes the specified declarations and writes a seccomp profile

Types ¶

type AppArmorProfileConfig ¶

type AppArmorProfileConfig struct {
	Name         string
	Filesystem   FileSystem
	Network      Network
	Capabilities Capabilities
}

AppArmorProfileConfig defines the options for an apparmor profile

func (*AppArmorProfileConfig) Generate ¶

func (profile *AppArmorProfileConfig) Generate(out io.Writer) error

Generate uses the baseTemplate to generate an apparmor profile for the ProfileConfig passed.

type Capabilities ¶

type Capabilities struct {
	Allow []string
	Deny  []string
}

Capabilities defines the allowed or denied kernel capabilities for a profile.

type Declaration ¶

type Declaration struct {
	Name         string
	SystemCalls  SystemCalls  `toml:"System-Calls,omitempty"`
	Capabilities Capabilities `toml:"Capabilities,omitempty"`
	Filesystem   FileSystem   `toml:"Filesystem,omitempty"`
	Network      Network      `toml:"Network,omitempty"`
	System       System       `toml:"System,omitempty"`
}

Declaration holds all the data from karn declaration files

type FileSystem ¶

type FileSystem struct {
	ReadOnlyPaths   []string
	LogOnWritePaths []string
	WritablePaths   []string
	AllowExec       []string
	DenyExec        []string
}

FileSystem defines the filesystem options for a profile.

type Network ¶

type Network struct {
	Raw       bool
	Packet    bool
	Protocols []string
}

Network defines the network options for a profile. For example you probably don't need NetworkRaw if your application doesn't `ping`. Currently limited to AppArmor 2.3-2.6 rules.

type System ¶

type System struct {
	Architectures        []string `toml:"Architectures,omitempty"`
	DefaultSyscallAction string   `toml:"DefaultSyscallAction,omitempty"`
}

System holds OS/Arch specific arguments

type SystemCalls ¶

type SystemCalls struct {
	Allow []string `toml:"Allow,omitempty"`
	Trap  []string `toml:"Trap,omitempty"`
	Trace []string `toml:"Trace,omitempty"`
	Kill  []string `toml:"Kill,omitempty"`
	Errno []string `toml:"Errno,omitempty"`
}

SystemCalls to handle with each supported action

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL