Documentation
¶
Overview ¶
Package security manages:
- Cache clearing (cache.go)
- Keyring Operations (keyring.go)
- Privilege manipulation (privileges.go)
- Maintaining the link between the root and user keyrings.
Index ¶
- Constants
- Variables
- func DropFilesystemCache() error
- func FindKey(description string, target *user.User) (int, error)
- func InsertKey(data []byte, description string, target *user.User) error
- func RemoveKey(description string, target *user.User) error
- func SetProcessPrivileges(privs *Privileges) error
- func UserKeyringID(target *user.User, checkSession bool) (int, error)
- type Privileges
Constants ¶
const KeyType = "logon"
KeyType is always logon as required by filesystem encryption.
Variables ¶
var ( ErrKeySearch = errors.New("could not find key with descriptor") ErrKeyRemove = util.SystemError("could not remove key from the keyring") ErrKeyInsert = util.SystemError("could not insert key into the keyring") ErrSessionUserKeying = errors.New("user keyring not linked into session keyring") ErrAccessUserKeyring = errors.New("could not access user keyring") ErrLinkUserKeyring = util.SystemError("could not link user keyring into root keyring") )
Keyring related error values
Functions ¶
func DropFilesystemCache ¶ added in v0.2.2
func DropFilesystemCache() error
DropFilesystemCache instructs the kernel to free the reclaimable inodes and dentries. This has the effect of making encrypted directories whose keys are not present no longer accessible. Requires root privileges.
func FindKey ¶
FindKey tries to locate a key in the kernel keyring with the provided description. The key ID is returned if we can find the key. An error is returned if the key does not exist.
func InsertKey ¶
InsertKey puts the provided data into the kernel keyring with the provided description.
func RemoveKey ¶
RemoveKey tries to remove a policy key from the kernel keyring with the provided description. An error is returned if the key does not exist.
func SetProcessPrivileges ¶ added in v0.2.4
func SetProcessPrivileges(privs *Privileges) error
SetProcessPrivileges sets the privileges of the current process to have those specified by privs. The original privileges can be obtained by first saving the output of ProcessPrivileges, calling SetProcessPrivileges with the desired privs, then calling SetProcessPrivileges with the saved privs.
func UserKeyringID ¶ added in v0.2.1
UserKeyringID returns the key id of the target user's user keyring. We also ensure that the keyring will be accessible by linking it into the process keyring and linking it into the root user keyring (permissions allowing). If checkSession is true, an error is returned if a normal user requests their user keyring, but it is not in the current session keyring.
Types ¶
type Privileges ¶
type Privileges struct {
// contains filtered or unexported fields
}
Privileges encapulate the effective uid/gid and groups of a process.
func ProcessPrivileges ¶ added in v0.2.4
func ProcessPrivileges() (*Privileges, error)
ProcessPrivileges returns the process's current effective privileges.
func UserPrivileges ¶ added in v0.2.4
func UserPrivileges(user *user.User) (*Privileges, error)
UserPrivileges returns the defualt privileges for the specified user.
Source Files