This section is empty.


This section is empty.


This section is empty.


type CapConfig

type CapConfig struct {
	Allow []string
	Deny  []string

    CapConfig defines the allowed or denied kernel capabilities for a profile.

    type FsConfig

    type FsConfig struct {
    	ReadOnlyPaths   []string
    	LogOnWritePaths []string
    	WritablePaths   []string
    	AllowExec       []string
    	DenyExec        []string

      FsConfig defines the filesystem options for a profile.

      type NetConfig

      type NetConfig struct {
      	Raw       bool
      	Packet    bool
      	Protocols []string

        NetConfig defines the network options for a profile. For example you probably don't need NetworkRaw if your application doesn't `ping`. Currently limited to AppArmor 2.3-2.6 rules.

        type ProfileConfig

        type ProfileConfig struct {
        	Name         string
        	Filesystem   FsConfig
        	Network      NetConfig
        	Capabilities CapConfig
        	Imports      []string
        	InnerImports []string

          ProfileConfig defines the config for an apparmor profile to be generated from.

          func (*ProfileConfig) Generate

          func (profile *ProfileConfig) Generate(out io.Writer) error

            Generate uses the baseTemplate to generate an apparmor profile for the ProfileConfig passed.

            func (*ProfileConfig) Install

            func (profile *ProfileConfig) Install(dir string) error

              Install takes a profile config, generates the profile and installs it in the given directory with `apparmor_parser`.