bane: github.com/genuinetools/bane/apparmor Index | Files

package apparmor

import "github.com/genuinetools/bane/apparmor"

Index

Package Files

apparmor.go template.go

type CapConfig Uses

type CapConfig struct {
    Allow []string
    Deny  []string
}

CapConfig defines the allowed or denied kernel capabilities for a profile.

type FsConfig Uses

type FsConfig struct {
    ReadOnlyPaths   []string
    LogOnWritePaths []string
    WritablePaths   []string
    AllowExec       []string
    DenyExec        []string
}

FsConfig defines the filesystem options for a profile.

type NetConfig Uses

type NetConfig struct {
    Raw       bool
    Packet    bool
    Protocols []string
}

NetConfig defines the network options for a profile. For example you probably don't need NetworkRaw if your application doesn't `ping`. Currently limited to AppArmor 2.3-2.6 rules.

type ProfileConfig Uses

type ProfileConfig struct {
    Name         string
    Filesystem   FsConfig
    Network      NetConfig
    Capabilities CapConfig

    Imports      []string
    InnerImports []string
}

ProfileConfig defines the config for an apparmor profile to be generated from.

func (*ProfileConfig) Generate Uses

func (profile *ProfileConfig) Generate(out io.Writer) error

Generate uses the baseTemplate to generate an apparmor profile for the ProfileConfig passed.

func (*ProfileConfig) Install Uses

func (profile *ProfileConfig) Install(dir string) error

Install takes a profile config, generates the profile and installs it in the given directory with `apparmor_parser`.

Package apparmor imports 7 packages (graph) and is imported by 3 packages. Updated 2019-06-28. Refresh now. Tools for package owners.