apparmor

package

v0.0.0-...-677ed08 Latest Latest Go to latest Published: Sep 28, 2016 License: GPL-3.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/absoludity/snapd

Links

Open Source Insights

Documentation ¶

Overview ¶

Package apparmor contains primitives for working with apparmor.

References:

Package apparmor implements integration between snappy and ubuntu-core-launcher around apparmor.

Snappy creates apparmor profiles for each application (for each snap) present in the system. Upon each execution of ubuntu-core-launcher application process is launched under the profile. Prior to that the profile must be parsed, compiled and loaded into the kernel using the support tool "apparmor_parser".

Each apparmor profile contains a simple <header><content><footer> structure. The header specifies the profile name that the launcher will use to launch a process under this profile. Snappy uses "abstract identifiers" as profile names.

The actual profiles are stored in /var/lib/snappy/apparmor/profiles.

NOTE: A systemd job (apparmor.service) loads all snappy-specific apparmor profiles into the kernel during the boot process.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LoadProfile ¶

func LoadProfile(fname string) error

LoadProfile loads an apparmor profile from the given file.

If no such profile was previously loaded then it is simply added to the kernel. If there was a profile with the same name before, that profile is replaced.

func LoadedProfiles ¶

func LoadedProfiles() ([]string, error)

LoadedProfiles interrogates the kernel and returns a list of loaded apparmor profiles.

Snappy manages apparmor profiles named "snap.*". Other profiles might exist on the system (via snappy dimension) and those are filtered-out.

func UnloadProfile ¶

func UnloadProfile(name string) error

UnloadProfile removes the named profile from the running kernel.

The operation is done with: apparmor_parser --remove $name The binary cache file is removed from /var/cache/apparmor

Types ¶

type Backend ¶

type Backend struct{}

Backend is responsible for maintaining apparmor profiles for ubuntu-core-launcher.

func (*Backend) Name ¶

func (b *Backend) Name() string

Name returns the name of the backend.

func (*Backend) Remove ¶

func (b *Backend) Remove(snapName string) error

Remove removes and unloads apparmor profiles of a given snap.

func (*Backend) Setup ¶

func (b *Backend) Setup(snapInfo *snap.Info, devMode bool, repo *interfaces.Repository) error

Setup creates and loads apparmor profiles specific to a given snap. The snap can be in developer mode to make security violations non-fatal to the offending application process.

This method should be called after changing plug, slots, connections between them or application present in the snap.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL