apparmor

package

v0.0.0-...-288c4de Latest Latest Go to latest Published: Jul 5, 2023 License: Apache-2.0 Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/lxc/lxd

Documentation ¶

Index ¶

func ArchiveDelete(sysOS *sys.OS, outputPath string) error
func ArchiveLoad(sysOS *sys.OS, outputPath string, allowedCommandPaths []string) error
func ArchiveProfileFilename(outputPath string) string
func ArchiveProfileName(outputPath string) string
func ArchiveUnload(sysOS *sys.OS, outputPath string) error
func DnsmasqProfileName(n network) string
func ForkdnsProfileName(n network) string
func ForkproxyDelete(sysOS *sys.OS, inst instance, dev device) error
func ForkproxyLoad(sysOS *sys.OS, inst instance, dev device) error
func ForkproxyProfileName(inst instance, dev device) string
func ForkproxyUnload(sysOS *sys.OS, inst instance, dev device) error
func InstanceDelete(sysOS *sys.OS, inst instance) error
func InstanceLoad(sysOS *sys.OS, inst instance) error
func InstanceNamespaceName(inst instance) string
func InstanceProfileName(inst instance) string
func InstanceUnload(sysOS *sys.OS, inst instance) error
func InstanceValidate(sysOS *sys.OS, inst instance) error
func NetworkDelete(sysOS *sys.OS, n network) error
func NetworkLoad(sysOS *sys.OS, n network) error
func NetworkUnload(sysOS *sys.OS, n network) error
func QemuImg(sysOS *sys.OS, cmd []string, imgPath string, dstPath string) (string, error)
func RsyncWrapper(sysOS *sys.OS, cmd *exec.Cmd, sourcePath string, dstPath string) (func(), error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func ArchiveDelete ¶

func ArchiveDelete(sysOS *sys.OS, outputPath string) error

ArchiveDelete removes the profile from cache/disk.

func ArchiveLoad ¶

func ArchiveLoad(sysOS *sys.OS, outputPath string, allowedCommandPaths []string) error

ArchiveLoad ensures that the archive's policy is loaded into the kernel.

func ArchiveProfileFilename ¶

func ArchiveProfileFilename(outputPath string) string

ArchiveProfileFilename returns the name of the on-disk profile name.

func ArchiveProfileName ¶

func ArchiveProfileName(outputPath string) string

ArchiveProfileName returns the AppArmor profile name.

func ArchiveUnload ¶

func ArchiveUnload(sysOS *sys.OS, outputPath string) error

ArchiveUnload ensures that the archive's policy namespace is unloaded to free kernel memory. This does not delete the policy from disk or cache.

func DnsmasqProfileName ¶

func DnsmasqProfileName(n network) string

DnsmasqProfileName returns the AppArmor profile name.

func ForkdnsProfileName ¶

func ForkdnsProfileName(n network) string

ForkdnsProfileName returns the AppArmor profile name.

func ForkproxyDelete ¶

func ForkproxyDelete(sysOS *sys.OS, inst instance, dev device) error

ForkproxyDelete removes the policy from cache/disk.

func ForkproxyLoad ¶

func ForkproxyLoad(sysOS *sys.OS, inst instance, dev device) error

ForkproxyLoad ensures that the instances's policy is loaded into the kernel so the it can boot.

func ForkproxyProfileName ¶

func ForkproxyProfileName(inst instance, dev device) string

ForkproxyProfileName returns the AppArmor profile name.

func ForkproxyUnload ¶

func ForkproxyUnload(sysOS *sys.OS, inst instance, dev device) error

ForkproxyUnload ensures that the instances's policy namespace is unloaded to free kernel memory. This does not delete the policy from disk or cache.

func InstanceDelete ¶

func InstanceDelete(sysOS *sys.OS, inst instance) error

InstanceDelete removes the policy from cache/disk.

func InstanceLoad ¶

func InstanceLoad(sysOS *sys.OS, inst instance) error

InstanceLoad ensures that the instances's policy is loaded into the kernel so the it can boot.

func InstanceNamespaceName ¶

func InstanceNamespaceName(inst instance) string

InstanceNamespaceName returns the instance's AppArmor namespace.

func InstanceProfileName ¶

func InstanceProfileName(inst instance) string

InstanceProfileName returns the instance's AppArmor profile name.

func InstanceUnload ¶

func InstanceUnload(sysOS *sys.OS, inst instance) error

InstanceUnload ensures that the instances's policy namespace is unloaded to free kernel memory. This does not delete the policy from disk or cache.

func InstanceValidate ¶

func InstanceValidate(sysOS *sys.OS, inst instance) error

InstanceValidate generates the instance profile file and validates it.

func NetworkDelete ¶

func NetworkDelete(sysOS *sys.OS, n network) error

NetworkDelete removes the profiles from cache/disk.

func NetworkLoad ¶

func NetworkLoad(sysOS *sys.OS, n network) error

NetworkLoad ensures that the network's profiles are loaded into the kernel.

func NetworkUnload ¶

func NetworkUnload(sysOS *sys.OS, n network) error

NetworkUnload ensures that the network's profiles are unloaded to free kernel memory. This does not delete the policy from disk or cache.

func QemuImg ¶

func QemuImg(sysOS *sys.OS, cmd []string, imgPath string, dstPath string) (string, error)

QemuImg runs qemu-img with an AppArmor profile based on the imgPath and dstPath supplied. The first element of the cmd slice is expected to be a priority limiting command (such as nice or prlimit) and will be added as an allowed command to the AppArmor profile. The remaining elements of the cmd slice are expected to be the qemu-img command and its arguments.

func RsyncWrapper ¶

func RsyncWrapper(sysOS *sys.OS, cmd *exec.Cmd, sourcePath string, dstPath string) (func(), error)

RsyncWrapper is used as a RunWrapper in the rsync package.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL