apparmor

package
v0.4.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 20, 2019 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CapConfig 

type CapConfig struct {
	Allow []string
	Deny  []string
}

CapConfig defines the allowed or denied kernel capabilities for a profile.

type FsConfig 

type FsConfig struct {
	ReadOnlyPaths   []string
	LogOnWritePaths []string
	WritablePaths   []string
	AllowExec       []string
	DenyExec        []string
}

FsConfig defines the filesystem options for a profile.

type NetConfig 

type NetConfig struct {
	Raw       bool
	Packet    bool
	Protocols []string
}

NetConfig defines the network options for a profile. For example you probably don't need NetworkRaw if your application doesn't `ping`. Currently limited to AppArmor 2.3-2.6 rules.

type ProfileConfig 

type ProfileConfig struct {
	Name         string
	Filesystem   FsConfig
	Network      NetConfig
	Capabilities CapConfig

	Imports      []string
	InnerImports []string
}

ProfileConfig defines the config for an apparmor profile to be generated from.

func (*ProfileConfig) Generate 

func (profile *ProfileConfig) Generate(out io.Writer) error

Generate uses the baseTemplate to generate an apparmor profile for the ProfileConfig passed.

func (*ProfileConfig) Install 

func (profile *ProfileConfig) Install(dir string) error

Install takes a profile config, generates the profile and installs it in the given directory with `apparmor_parser`.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.