apparmor

package

v0.0.0-...-80ec3b1 Latest Latest Go to latest Published: Dec 21, 2017 License: Apache-2.0 Imports: 4 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/moby/libentitlement

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateAppArmorProfile(p ProfileData, out io.Writer) error
func SetAppArmorProfileDirectory(path string)
type CapabilitiesSetup
type FilesSetup
type NetworkSetup
type ProfileData
- func NewEmptyProfileData(name string) *ProfileData

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateAppArmorProfile ¶

func GenerateAppArmorProfile(p ProfileData, out io.Writer) error

GenerateAppArmorProfile creates an AppArmor profile and writes it to the io.Writer argument

func SetAppArmorProfileDirectory ¶

func SetAppArmorProfileDirectory(path string)

SetAppArmorProfileDirectory sets AppArmor's profile directory

Types ¶

type CapabilitiesSetup ¶

type CapabilitiesSetup struct {
	Allowed []string
	Denied  []string
}

CapabilitiesSetup contains flags and data to configure capability rules in AppArmor. See http://manpages.ubuntu.com/manpages/precise/man5/apparmor.d.5.html for more information regarding supported capabilities.

type FilesSetup ¶

type FilesSetup struct {
	// Denied is a list of filepaths to deny any access to
	Denied []string
	// ReadOnly is a list of filepaths to restrict to read access only
	ReadOnly []string
	// NoExec is a list of filepaths for which execution is denied
	NoExec []string
}

FilesSetup contains data to configure filesystem access rules in AppArmor.

type NetworkSetup ¶

type NetworkSetup struct {
	Denied           bool
	AllowedProtocols []string
	Raw              networkRawSetup
}

NetworkSetup contains flags and data to configure network rules in AppArmor. See http://manpages.ubuntu.com/manpages/precise/man5/apparmor.d.5.html for more information regarding supported protocols, network data types and domains.

type ProfileData ¶

type ProfileData struct {
	// Name is profile name.
	Name string
	// Imports defines the apparmor functions to import, before defining the profile.
	Imports []string
	// InnerImports defines the apparmor functions to import in the profile.
	InnerImports []string
	// Version is the {major, minor, patch} version of apparmor_parser as a single number.
	Version int

	// Network defines the network setup we want, see NetworkSetup type definition
	Network NetworkSetup

	// Capabilities defines the capabilities setup we want, see CapabiltitiesSetup type definition
	Capabilities CapabilitiesSetup

	// Files defines the files access setup we want, see FilesSetup type definition
	Files FilesSetup
}

ProfileData holds information about the given profile for generation.

func NewEmptyProfileData ¶

func NewEmptyProfileData(name string) *ProfileData

NewEmptyProfileData creates an empty ProfileData object with its name.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL