Documentation
¶
Index ¶
- func Asset(name string) ([]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func MustAsset(name string) []byte
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- func WriteAppArmorProfile(out io.Writer, specifiedDeclarations []string, declarationsDirectory string) error
- func WriteSeccompProfile(out io.Writer, specifiedDeclarations []string, declarationsDirectory string) error
- type AppArmorProfileConfig
- type Capabilities
- type Declaration
- type FileSystem
- type Network
- type System
- type SystemCalls
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/
foo.txt
img/
a.png
b.png
then AssetDir("data") would return []string{"foo.txt", "img"} AssetDir("data/img") would return []string{"a.png", "b.png"} AssetDir("foo.txt") and AssetDir("notexist") would return an error AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively
Types ¶
type AppArmorProfileConfig ¶
type AppArmorProfileConfig struct {
Name string
Filesystem FileSystem
Network Network
Capabilities Capabilities
}
AppArmorProfileConfig defines the options for an apparmor profile
type Capabilities ¶
Capabilities defines the allowed or denied kernel capabilities for a profile.
type Declaration ¶
type Declaration struct {
Name string
SystemCalls SystemCalls `toml:"System-Calls,omitempty"`
Capabilities Capabilities `toml:"Capabilities,omitempty"`
Filesystem FileSystem `toml:"Filesystem,omitempty"`
Network Network `toml:"Network,omitempty"`
System System `toml:"System,omitempty"`
}
Declaration holds all the data from karn declaration files
type FileSystem ¶
type FileSystem struct {
ReadOnlyPaths []string
LogOnWritePaths []string
WritablePaths []string
AllowExec []string
DenyExec []string
}
FileSystem defines the filesystem options for a profile.
type Network ¶
Network defines the network options for a profile. For example you probably don't need NetworkRaw if your application doesn't `ping`. Currently limited to AppArmor 2.3-2.6 rules.
Source Files