Documentation ¶
Index ¶
- func Asset(name string) ([]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func MustAsset(name string) []byte
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- func WriteAppArmorProfile(out io.Writer, specifiedDeclarations []string, declarationsDirectory string) error
- func WriteSeccompProfile(out io.Writer, specifiedDeclarations []string, declarationsDirectory string) error
- type AppArmorProfileConfig
- type Capabilities
- type Declaration
- type FileSystem
- type Network
- type System
- type SystemCalls
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/ foo.txt img/ a.png b.png
then AssetDir("data") would return []string{"foo.txt", "img"} AssetDir("data/img") would return []string{"a.png", "b.png"} AssetDir("foo.txt") and AssetDir("notexist") would return an error AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively
Types ¶
type AppArmorProfileConfig ¶
type AppArmorProfileConfig struct { Name string Filesystem FileSystem Network Network Capabilities Capabilities }
AppArmorProfileConfig defines the options for an apparmor profile
type Capabilities ¶
Capabilities defines the allowed or denied kernel capabilities for a profile.
type Declaration ¶
type Declaration struct { Name string SystemCalls SystemCalls `toml:"System-Calls,omitempty"` Capabilities Capabilities `toml:"Capabilities,omitempty"` Filesystem FileSystem `toml:"Filesystem,omitempty"` Network Network `toml:"Network,omitempty"` System System `toml:"System,omitempty"` }
Declaration holds all the data from karn declaration files
type FileSystem ¶
type FileSystem struct { ReadOnlyPaths []string LogOnWritePaths []string WritablePaths []string AllowExec []string DenyExec []string }
FileSystem defines the filesystem options for a profile.
type Network ¶
Network defines the network options for a profile. For example you probably don't need NetworkRaw if your application doesn't `ping`. Currently limited to AppArmor 2.3-2.6 rules.