Documentation
¶
Index ¶
Constants ¶
View Source
const ( // VarmorPolicy Enforcer AppArmor Enforcer = 0x00000001 BPF Enforcer = 0x00000002 Seccomp Enforcer = 0x00000004 Unknown Enforcer = 0x00000008 // VarmorPolicy Mode AlwaysAllowMode varmor.VarmorPolicyMode = "AlwaysAllow" RuntimeDefaultMode varmor.VarmorPolicyMode = "RuntimeDefault" EnhanceProtectMode varmor.VarmorPolicyMode = "EnhanceProtect" BehaviorModelingMode varmor.VarmorPolicyMode = "BehaviorModeling" DefenseInDepthMode varmor.VarmorPolicyMode = "DefenseInDepth" // VarmorPolicy Phase VarmorPolicyPending varmor.VarmorPolicyPhase = "Pending" VarmorPolicyModeling varmor.VarmorPolicyPhase = "Modeling" VarmorPolicyCompleted varmor.VarmorPolicyPhase = "Completed" VarmorPolicyProtecting varmor.VarmorPolicyPhase = "Protecting" VarmorPolicyError varmor.VarmorPolicyPhase = "Error" VarmorPolicyFailed varmor.VarmorPolicyPhase = "Failed" VarmorPolicyUnknown varmor.VarmorPolicyPhase = "Unknown" VarmorPolicyUnchanged varmor.VarmorPolicyPhase = "Unchanged" // VarmorPolicy Condition Type VarmorPolicyCreated varmor.VarmorPolicyConditionType = "Created" VarmorPolicyUpdated varmor.VarmorPolicyConditionType = "Updated" VarmorPolicyReady varmor.VarmorPolicyConditionType = "Ready" // ArmorProfile Condition Type ArmorProfileReady varmor.ArmorProfileConditionType = "Ready" ArmorProfileModelReady varmor.ArmorProfileModelConditionType = "Ready" // AppArmor Profile process Status Succeeded Status = "succeeded" Failed Status = "failed" // AgentLabelSelector is the label selector for agents. AgentLabelSelector string = "app.kubernetes.io/component=varmor-agent" // Event type for the bpf tracer SchedProcessFork uint32 = 1 SchedProcessExec uint32 = 2 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AaLogRecord ¶
type AaLogRecord struct {
Resource string
ActiveHat string
AaMode string
Time int64
Operation string
Profile string
Name string
Name2 string
Attr string
Parent uint64
Pid uint64
Task uint64
Info string
ErrorCode int32
DeniedMask string
RequestedMask string
MagicToken uint64
Family string
Protocol string
SockType string
Fsuid uint64
Ouid uint64
Signal string
Peer string
PeerProfile string
Bus string
Path string
Interface string
Member string
}
type BehaviorData ¶
type BehaviorData struct {
Namespace string `json:"namespace"`
ProfileName string `json:"armorProfile"` // varmor-{namespace}-{name}
DynamicResult varmor.DynamicResult `json:"dynamicResult"`
NodeName string `json:"nodeName"`
Status Status `json:"status"`
Message string `json:"message"`
}
BehaviorData describes the behavior data of the target container that collected by agents.
type ModelingStatus ¶
type ModelingStatus struct {
CompletedNumber int
FailedNumber int
NodeMessages map[string]string // Use NodeName as its key
}
ModelingStatus used to cache the status of ArmorProfileModel objects.
type PolicyStatus ¶
type PolicyStatus struct {
SuccessedNumber int
FailedNumber int
NodeMessages map[string]string // Use NodeName as its key
}
PolicyStatus used to cache the status of ArmorProfile and VarmorProfile objects.
type ProfileStatus ¶
type ProfileStatus struct {
Namespace string `json:"namespace"`
ProfileName string `json:"armorProfile"` // varmor-{namespace}-{name} or varmor-cluster-{namespace}-{name}
NodeName string `json:"nodeName"`
Status Status `json:"status"`
Message string `json:"message"`
}
ProfileStatus describes the process result of an ArmorProfile object by agents.
type SeccompLogRecord ¶ added in v0.5.6
Source Files
Click to show internal directories.
Click to hide internal directories.