Documentation
¶
Overview ¶
Package v1beta1 contains API Schema definitions for the varmor v1beta1 API group +kubebuilder:object:generate=true +groupName=crd.varmor.org
Index ¶
- Variables
- func Resource(resource string) schema.GroupResource
- type ArmorProfile
- type ArmorProfileCondition
- type ArmorProfileConditionType
- type ArmorProfileList
- type ArmorProfileModel
- type ArmorProfileModelCondition
- type ArmorProfileModelConditionType
- type ArmorProfileModelList
- type ArmorProfileModelSpec
- type ArmorProfileModelStatus
- type ArmorProfileSpec
- type ArmorProfileStatus
- type AttackProtectionRules
- type BehaviorModeling
- type BpfContent
- type BpfRawRules
- type CapabilitiesCapabilityType
- type CapabilitiesType
- type CustomPolicy
- type DefenseInDepth
- type DynamicResult
- type EnhanceProtect
- type File
- type FileContent
- type FileDirectoryType
- type FilePathType
- type FilePatternType
- type FileRule
- type FileType
- type MatchSourceType
- type Network
- type NetworkContent
- type NetworkEgressRule
- type NetworkProtocolType
- type NetworkRule
- type NetworkType
- type Policy
- type ProcessDirectoryType
- type ProcessPathType
- type ProcessPatternType
- type ProcessType
- type Profile
- type Ptrace
- type PtraceContent
- type PtraceRule
- type Signal
- type StaticResult
- type Target
- type VarmorPolicy
- type VarmorPolicyCondition
- type VarmorPolicyConditionType
- type VarmorPolicyList
- type VarmorPolicyMode
- type VarmorPolicyPhase
- type VarmorPolicySpec
- type VarmorPolicyStatus
Constants ¶
This section is empty.
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "crd.varmor.org", Version: "v1beta1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = GroupVersion
SchemeGroupVersion is group version used to register these objects.
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Types ¶
type ArmorProfile ¶
type ArmorProfile struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ArmorProfileSpec `json:"spec"`
Status ArmorProfileStatus `json:"status,omitempty"`
}
ArmorProfile is the Schema for the armorprofiles API
func (*ArmorProfile) DeepCopy ¶
func (in *ArmorProfile) DeepCopy() *ArmorProfile
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfile.
func (*ArmorProfile) DeepCopyInto ¶
func (in *ArmorProfile) DeepCopyInto(out *ArmorProfile)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ArmorProfile) DeepCopyObject ¶
func (in *ArmorProfile) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ArmorProfileCondition ¶
type ArmorProfileCondition struct {
// Type of ArmorProfile condition.
Type ArmorProfileConditionType `json:"type"`
// Status of the condition, one of True, False, Unknown.
Status v1.ConditionStatus `json:"status"`
// Last time the condition transitioned from one status to another.
// +optional
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
// The reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty"`
// A human readable message indicating details about the transition.
// +optional
Message string `json:"message,omitempty"`
NodeName string `json:"nodeName"`
}
func (*ArmorProfileCondition) DeepCopy ¶
func (in *ArmorProfileCondition) DeepCopy() *ArmorProfileCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileCondition.
func (*ArmorProfileCondition) DeepCopyInto ¶
func (in *ArmorProfileCondition) DeepCopyInto(out *ArmorProfileCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ArmorProfileConditionType ¶
type ArmorProfileConditionType string
type ArmorProfileList ¶
type ArmorProfileList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ArmorProfile `json:"items"`
}
ArmorProfileList contains a list of ArmorProfile
func (*ArmorProfileList) DeepCopy ¶
func (in *ArmorProfileList) DeepCopy() *ArmorProfileList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileList.
func (*ArmorProfileList) DeepCopyInto ¶
func (in *ArmorProfileList) DeepCopyInto(out *ArmorProfileList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ArmorProfileList) DeepCopyObject ¶
func (in *ArmorProfileList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ArmorProfileModel ¶
type ArmorProfileModel struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ArmorProfileModelSpec `json:"spec"`
Status ArmorProfileModelStatus `json:"status,omitempty"`
}
ArmorProfileModel is the Schema for the armorprofilemodels API
func (*ArmorProfileModel) DeepCopy ¶
func (in *ArmorProfileModel) DeepCopy() *ArmorProfileModel
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModel.
func (*ArmorProfileModel) DeepCopyInto ¶
func (in *ArmorProfileModel) DeepCopyInto(out *ArmorProfileModel)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ArmorProfileModel) DeepCopyObject ¶
func (in *ArmorProfileModel) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ArmorProfileModelCondition ¶
type ArmorProfileModelCondition struct {
// Type of ArmorProfile condition.
Type ArmorProfileModelConditionType `json:"type"`
// Status of the condition, one of True, False, Unknown.
Status v1.ConditionStatus `json:"status"`
// Last time the condition transitioned from one status to another.
// +optional
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
// The reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty"`
// A human readable message indicating details about the transition.
// +optional
Message string `json:"message,omitempty"`
NodeName string `json:"nodeName"`
}
func (*ArmorProfileModelCondition) DeepCopy ¶
func (in *ArmorProfileModelCondition) DeepCopy() *ArmorProfileModelCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelCondition.
func (*ArmorProfileModelCondition) DeepCopyInto ¶
func (in *ArmorProfileModelCondition) DeepCopyInto(out *ArmorProfileModelCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ArmorProfileModelConditionType ¶
type ArmorProfileModelConditionType string
type ArmorProfileModelList ¶
type ArmorProfileModelList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ArmorProfileModel `json:"items"`
}
ArmorProfileModelList contains a list of ArmorProfileModel
func (*ArmorProfileModelList) DeepCopy ¶
func (in *ArmorProfileModelList) DeepCopy() *ArmorProfileModelList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelList.
func (*ArmorProfileModelList) DeepCopyInto ¶
func (in *ArmorProfileModelList) DeepCopyInto(out *ArmorProfileModelList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ArmorProfileModelList) DeepCopyObject ¶
func (in *ArmorProfileModelList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ArmorProfileModelSpec ¶
type ArmorProfileModelSpec struct {
DynamicResult DynamicResult `json:"dynamicResult,omitempty"`
StaticResult StaticResult `json:"staticResult,omitempty"`
Profile Profile `json:"profile,omitempty"`
}
ArmorProfileModelSpec defines the desired state of ArmorProfileModel
func (*ArmorProfileModelSpec) DeepCopy ¶
func (in *ArmorProfileModelSpec) DeepCopy() *ArmorProfileModelSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelSpec.
func (*ArmorProfileModelSpec) DeepCopyInto ¶
func (in *ArmorProfileModelSpec) DeepCopyInto(out *ArmorProfileModelSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ArmorProfileModelStatus ¶
type ArmorProfileModelStatus struct {
DesiredNumber int `json:"desiredNumber,omitempty"`
CompletedNumber int `json:"completedNumber,omitempty"`
// It indicate whether the AppArmor Profile for target is built successfully
Ready bool `json:"ready"`
Conditions []ArmorProfileModelCondition `json:"conditions,omitempty"`
}
ArmorProfileModelStatus defines the observed state of ArmorProfileModel
func (*ArmorProfileModelStatus) DeepCopy ¶
func (in *ArmorProfileModelStatus) DeepCopy() *ArmorProfileModelStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileModelStatus.
func (*ArmorProfileModelStatus) DeepCopyInto ¶
func (in *ArmorProfileModelStatus) DeepCopyInto(out *ArmorProfileModelStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ArmorProfileSpec ¶
type ArmorProfileSpec struct {
Target Target `json:"target,omitempty"`
Profile Profile `json:"profile"`
BehaviorModeling BehaviorModeling `json:"behaviorModeling,omitempty"`
}
ArmorProfileSpec defines the desired state of ArmorProfile
func (*ArmorProfileSpec) DeepCopy ¶
func (in *ArmorProfileSpec) DeepCopy() *ArmorProfileSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileSpec.
func (*ArmorProfileSpec) DeepCopyInto ¶
func (in *ArmorProfileSpec) DeepCopyInto(out *ArmorProfileSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ArmorProfileStatus ¶
type ArmorProfileStatus struct {
DesiredNumberLoaded int `json:"desiredNumberLoaded"`
CurrentNumberLoaded int `json:"currentNumberLoaded"`
Conditions []ArmorProfileCondition `json:"conditions,omitempty"`
}
ArmorProfileStatus defines the observed state of ArmorProfile
func (*ArmorProfileStatus) DeepCopy ¶
func (in *ArmorProfileStatus) DeepCopy() *ArmorProfileStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ArmorProfileStatus.
func (*ArmorProfileStatus) DeepCopyInto ¶
func (in *ArmorProfileStatus) DeepCopyInto(out *ArmorProfileStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttackProtectionRules ¶
type AttackProtectionRules struct {
// Rules is the list of built-in attack protection rules to be used.
Rules []string `json:"rules"`
// Targets are used to specify the workloads to which the policy applies. They must be specified as full paths to executable files,
// and this feature is only effective when using AppArmor as the enforcer.
Targets []string `json:"targets,omitempty"`
}
func (*AttackProtectionRules) DeepCopy ¶
func (in *AttackProtectionRules) DeepCopy() *AttackProtectionRules
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttackProtectionRules.
func (*AttackProtectionRules) DeepCopyInto ¶
func (in *AttackProtectionRules) DeepCopyInto(out *AttackProtectionRules)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BehaviorModeling ¶
type BehaviorModeling struct {
// Enable is the switch for modeling
Enable bool `json:"enable"`
// ModelingDuration is the duration in minutes to modeling
ModelingDuration int `json:"modelingDuration"`
// UniqueID used to mark container through environment variable
UniqueID string `json:"uniqueID"`
}
func (*BehaviorModeling) DeepCopy ¶
func (in *BehaviorModeling) DeepCopy() *BehaviorModeling
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BehaviorModeling.
func (*BehaviorModeling) DeepCopyInto ¶
func (in *BehaviorModeling) DeepCopyInto(out *BehaviorModeling)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BpfContent ¶
type BpfContent struct {
Capabilities uint64 `json:"capabilities,omitempty"`
Files []FileContent `json:"files,omitempty"`
Processes []FileContent `json:"processes,omitempty"`
Networks []NetworkContent `json:"networks,omitempty"`
Ptrace PtraceContent `json:"ptrace,omitempty"`
}
func (*BpfContent) DeepCopy ¶
func (in *BpfContent) DeepCopy() *BpfContent
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfContent.
func (*BpfContent) DeepCopyInto ¶
func (in *BpfContent) DeepCopyInto(out *BpfContent)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BpfRawRules ¶
type BpfRawRules struct {
Files []FileRule `json:"files,omitempty"`
Processes []FileRule `json:"processes,omitempty"`
Network NetworkRule `json:"network,omitempty"`
Ptrace PtraceRule `json:"ptrace,omitempty"`
}
func (*BpfRawRules) DeepCopy ¶
func (in *BpfRawRules) DeepCopy() *BpfRawRules
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BpfRawRules.
func (*BpfRawRules) DeepCopyInto ¶
func (in *BpfRawRules) DeepCopyInto(out *BpfRawRules)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CapabilitiesCapabilityType ¶
type CapabilitiesCapabilityType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
Capability string `json:"capability"`
FromSource []MatchSourceType `json:"fromSource,omitempty"`
Action string `json:"action,omitempty"`
}
CapabilitiesCapabilityType Structure
func (*CapabilitiesCapabilityType) DeepCopy ¶
func (in *CapabilitiesCapabilityType) DeepCopy() *CapabilitiesCapabilityType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilitiesCapabilityType.
func (*CapabilitiesCapabilityType) DeepCopyInto ¶
func (in *CapabilitiesCapabilityType) DeepCopyInto(out *CapabilitiesCapabilityType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CapabilitiesType ¶
type CapabilitiesType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
MatchCapabilities []CapabilitiesCapabilityType `json:"matchCapabilities,omitempty"`
Action string `json:"action,omitempty"`
}
CapabilitiesType Structure
func (*CapabilitiesType) DeepCopy ¶
func (in *CapabilitiesType) DeepCopy() *CapabilitiesType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CapabilitiesType.
func (*CapabilitiesType) DeepCopyInto ¶
func (in *CapabilitiesType) DeepCopyInto(out *CapabilitiesType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type CustomPolicy ¶
type CustomPolicy struct {
Process ProcessType `json:"process,omitempty"`
File FileType `json:"file,omitempty"`
Network NetworkType `json:"network,omitempty"`
Capabilities CapabilitiesType `json:"capabilities,omitempty"`
// AppArmor Profile Raw Rules
AppArmor string `json:"apparmor,omitempty"`
Action string `json:"action"`
}
See SecuritySpec in https://github.com/kubearmor/KubeArmor/blob/main/KubeArmor/types/types.go
func (*CustomPolicy) DeepCopy ¶
func (in *CustomPolicy) DeepCopy() *CustomPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomPolicy.
func (*CustomPolicy) DeepCopyInto ¶
func (in *CustomPolicy) DeepCopyInto(out *CustomPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DefenseInDepth ¶
type DefenseInDepth struct {
// ModelingDuration is the duration in minutes to modeling
ModelingDuration int `json:"modelingDuration"`
// AutoEnable decides whether or not to enable the access control after modeling is complete
AutoEnable bool `json:"autoEnable,omitempty"`
}
func (*DefenseInDepth) DeepCopy ¶
func (in *DefenseInDepth) DeepCopy() *DefenseInDepth
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefenseInDepth.
func (*DefenseInDepth) DeepCopyInto ¶
func (in *DefenseInDepth) DeepCopyInto(out *DefenseInDepth)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type DynamicResult ¶
type DynamicResult struct {
Profiles []string `json:"profiles,omitempty"`
Executions []string `json:"executions,omitempty"`
Files []File `json:"files,omitempty"`
Capabilities []string `json:"capabilities,omitempty"`
Networks []Network `json:"networks,omitempty"`
Ptraces []Ptrace `json:"ptraces,omitempty"`
Signals []Signal `json:"signals,omitempty"`
Unhandled []string `json:"unhandled,omitempty"`
}
func (*DynamicResult) DeepCopy ¶
func (in *DynamicResult) DeepCopy() *DynamicResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicResult.
func (*DynamicResult) DeepCopyInto ¶
func (in *DynamicResult) DeepCopyInto(out *DynamicResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EnhanceProtect ¶
type EnhanceProtect struct {
// HardeningRules are used to specify the built-in hardening rules
HardeningRules []string `json:"hardeningRules,omitempty"`
// AttackProtectionRules are used to specify the built-in attack protection rules
AttackProtectionRules []AttackProtectionRules `json:"attackProtectionRules,omitempty"`
// VulMitigationRules are used to specify the built-in vulnerability mitigation rules
VulMitigationRules []string `json:"vulMitigationRules,omitempty"`
// AppArmorRawRules is used to set native AppArmor rules, each rule must end with a comma
AppArmorRawRules []string `json:"appArmorRawRules,omitempty"`
// BpfRawRules is used to set native BPF rules
BpfRawRules BpfRawRules `json:"bpfRawRules,omitempty"`
}
func (*EnhanceProtect) DeepCopy ¶
func (in *EnhanceProtect) DeepCopy() *EnhanceProtect
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnhanceProtect.
func (*EnhanceProtect) DeepCopyInto ¶
func (in *EnhanceProtect) DeepCopyInto(out *EnhanceProtect)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type File ¶
type File struct {
Path string `json:"path"`
Owner bool `json:"owner"`
Permissions []string `json:"permissions"`
OldPath string `json:"oldPath"`
}
func (*File) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new File.
func (*File) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FileContent ¶
type FileContent struct {
Permissions uint32 `json:"permissions"`
Flags uint32 `json:"flags"`
Prefix string `json:"prefix,omitempty"`
Suffix string `json:"suffix,omitempty"`
}
func (*FileContent) DeepCopy ¶
func (in *FileContent) DeepCopy() *FileContent
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileContent.
func (*FileContent) DeepCopyInto ¶
func (in *FileContent) DeepCopyInto(out *FileContent)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FileDirectoryType ¶
type FileDirectoryType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
Directory string `json:"dir"`
ReadOnly bool `json:"readOnly,omitempty"`
Recursive bool `json:"recursive,omitempty"`
OwnerOnly bool `json:"ownerOnly,omitempty"`
FromSource []MatchSourceType `json:"fromSource,omitempty"`
Action string `json:"action,omitempty"`
}
FileDirectoryType Structure
func (*FileDirectoryType) DeepCopy ¶
func (in *FileDirectoryType) DeepCopy() *FileDirectoryType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileDirectoryType.
func (*FileDirectoryType) DeepCopyInto ¶
func (in *FileDirectoryType) DeepCopyInto(out *FileDirectoryType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FilePathType ¶
type FilePathType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
Path string `json:"path"`
ReadOnly bool `json:"readOnly,omitempty"`
OwnerOnly bool `json:"ownerOnly,omitempty"`
FromSource []MatchSourceType `json:"fromSource,omitempty"`
Action string `json:"action,omitempty"`
}
FilePathType Structure
func (*FilePathType) DeepCopy ¶
func (in *FilePathType) DeepCopy() *FilePathType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilePathType.
func (*FilePathType) DeepCopyInto ¶
func (in *FilePathType) DeepCopyInto(out *FilePathType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FilePatternType ¶
type FilePatternType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
Pattern string `json:"pattern"`
ReadOnly bool `json:"readOnly,omitempty"`
OwnerOnly bool `json:"ownerOnly,omitempty"`
Action string `json:"action,omitempty"`
}
FilePatternType Structure
func (*FilePatternType) DeepCopy ¶
func (in *FilePatternType) DeepCopy() *FilePatternType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilePatternType.
func (*FilePatternType) DeepCopyInto ¶
func (in *FilePatternType) DeepCopyInto(out *FilePatternType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FileRule ¶
type FileRule struct {
// Pattern can be any string (maximum length 64 bytes) that conforms to the policy syntax, used for matching file paths and filenames
Pattern string `json:"pattern"`
// Permissions are used to specify the file permissions to be disabled.
Permissions []string `json:"permissions"`
}
func (*FileRule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileRule.
func (*FileRule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FileType ¶
type FileType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
MatchPaths []FilePathType `json:"matchPaths,omitempty"`
MatchDirectories []FileDirectoryType `json:"matchDirectories,omitempty"`
MatchPatterns []FilePatternType `json:"matchPatterns,omitempty"`
Action string `json:"action,omitempty"`
}
FileType Structure
func (*FileType) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FileType.
func (*FileType) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MatchSourceType ¶
type MatchSourceType struct {
Path string `json:"path,omitempty"`
Directory string `json:"dir,omitempty"`
Recursive bool `json:"recursive,omitempty"`
}
MatchSourceType Structure
func (*MatchSourceType) DeepCopy ¶
func (in *MatchSourceType) DeepCopy() *MatchSourceType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MatchSourceType.
func (*MatchSourceType) DeepCopyInto ¶
func (in *MatchSourceType) DeepCopyInto(out *MatchSourceType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Network ¶
type Network struct {
Family string `json:"family"`
SockType string `json:"sockType"`
Protocol string `json:"protocol"`
}
func (*Network) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Network.
func (*Network) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkContent ¶
type NetworkContent struct {
Flags uint32 `json:"flags"`
Address string `json:"address,omitempty"`
CIDR string `json:"cidr,omitempty"`
Port uint32 `json:"port,omitempty"`
}
func (*NetworkContent) DeepCopy ¶
func (in *NetworkContent) DeepCopy() *NetworkContent
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkContent.
func (*NetworkContent) DeepCopyInto ¶
func (in *NetworkContent) DeepCopyInto(out *NetworkContent)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkEgressRule ¶
type NetworkEgressRule struct {
// IPBlock defines policy on a particular IPBlock with CIDR. If this field is set then neither of the IP field can be.
IPBlock string `json:"ipBlock,omitempty"`
// IP defines policy on a particular IP. If this field is set then neither of the IPBlock field can be.
IP string `json:"ip,omitempty"`
// Port defines policy on a particular port. If this field is zero or missing, this rule matches all ports.
Port int `json:"port,omitempty"`
}
func (*NetworkEgressRule) DeepCopy ¶
func (in *NetworkEgressRule) DeepCopy() *NetworkEgressRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkEgressRule.
func (*NetworkEgressRule) DeepCopyInto ¶
func (in *NetworkEgressRule) DeepCopyInto(out *NetworkEgressRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkProtocolType ¶
type NetworkProtocolType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
Protocol string `json:"protocol"`
FromSource []MatchSourceType `json:"fromSource,omitempty"`
Action string `json:"action,omitempty"`
}
NetworkProtocolType Structure
func (*NetworkProtocolType) DeepCopy ¶
func (in *NetworkProtocolType) DeepCopy() *NetworkProtocolType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkProtocolType.
func (*NetworkProtocolType) DeepCopyInto ¶
func (in *NetworkProtocolType) DeepCopyInto(out *NetworkProtocolType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkRule ¶
type NetworkRule struct {
// Egresses are the list of egress rules to be applied to restrict particular IPs and ports.
Egresses []NetworkEgressRule `json:"egresses"`
}
func (*NetworkRule) DeepCopy ¶
func (in *NetworkRule) DeepCopy() *NetworkRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkRule.
func (*NetworkRule) DeepCopyInto ¶
func (in *NetworkRule) DeepCopyInto(out *NetworkRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkType ¶
type NetworkType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
MatchProtocols []NetworkProtocolType `json:"matchProtocols,omitempty"`
Action string `json:"action,omitempty"`
}
NetworkType Structure
func (*NetworkType) DeepCopy ¶
func (in *NetworkType) DeepCopy() *NetworkType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkType.
func (*NetworkType) DeepCopyInto ¶
func (in *NetworkType) DeepCopyInto(out *NetworkType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Policy ¶
type Policy struct {
// Enforcer is used to specify which LSM to use for mandatory access control.
// Available values: AppArmor, BPF
Enforcer string `json:"enforcer"`
// Available values: AlwaysAllow, RuntimeDefault, EnhanceProtect, CustomPolicy, DefenseInDepth
Mode VarmorPolicyMode `json:"mode"`
// EnhanceProtect is used for building a policy for Hardening & AttackProtection & VulMitigation rules from templates.
EnhanceProtect EnhanceProtect `json:"enhanceProtect,omitempty"`
// [Experimental] CustomPolicy is almost the same as KubeArmor's SecuritySpec to increase compatibility.
// Only worked with the AppArmor enforcer.
CustomPolicy CustomPolicy `json:"customPolicy,omitempty"`
// [Experimental] DefenseInDepth is used for the defense-in-depth sandbox features.
// Only worked with the AppArmor enforcer.
DefenseInDepth DefenseInDepth `json:"defenseInDepth,omitempty"`
// Privileged is used to identify whether the policy is for the privileged container.
// Only used for the AppArmor enforcer.
Privileged bool `json:"privileged,omitempty"`
}
func (*Policy) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy.
func (*Policy) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProcessDirectoryType ¶
type ProcessDirectoryType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
Directory string `json:"dir"`
Recursive bool `json:"recursive,omitempty"`
OwnerOnly bool `json:"ownerOnly,omitempty"`
FromSource []MatchSourceType `json:"fromSource,omitempty"`
Action string `json:"action,omitempty"`
}
ProcessDirectoryType Structure
func (*ProcessDirectoryType) DeepCopy ¶
func (in *ProcessDirectoryType) DeepCopy() *ProcessDirectoryType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessDirectoryType.
func (*ProcessDirectoryType) DeepCopyInto ¶
func (in *ProcessDirectoryType) DeepCopyInto(out *ProcessDirectoryType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProcessPathType ¶
type ProcessPathType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
Path string `json:"path"`
OwnerOnly bool `json:"ownerOnly,omitempty"`
FromSource []MatchSourceType `json:"fromSource,omitempty"`
Action string `json:"action,omitempty"`
}
ProcessPathType Structure
func (*ProcessPathType) DeepCopy ¶
func (in *ProcessPathType) DeepCopy() *ProcessPathType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessPathType.
func (*ProcessPathType) DeepCopyInto ¶
func (in *ProcessPathType) DeepCopyInto(out *ProcessPathType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProcessPatternType ¶
type ProcessPatternType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
Pattern string `json:"pattern"`
OwnerOnly bool `json:"ownerOnly,omitempty"`
Action string `json:"action,omitempty"`
}
ProcessPatternType Structure
func (*ProcessPatternType) DeepCopy ¶
func (in *ProcessPatternType) DeepCopy() *ProcessPatternType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessPatternType.
func (*ProcessPatternType) DeepCopyInto ¶
func (in *ProcessPatternType) DeepCopyInto(out *ProcessPatternType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProcessType ¶
type ProcessType struct {
Severity int `json:"severity,omitempty"`
Tags []string `json:"tags,omitempty"`
Message string `json:"message,omitempty"`
MatchPaths []ProcessPathType `json:"matchPaths,omitempty"`
MatchDirectories []ProcessDirectoryType `json:"matchDirectories,omitempty"`
MatchPatterns []ProcessPatternType `json:"matchPatterns,omitempty"`
Action string `json:"action,omitempty"`
}
ProcessType Structure
func (*ProcessType) DeepCopy ¶
func (in *ProcessType) DeepCopy() *ProcessType
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProcessType.
func (*ProcessType) DeepCopyInto ¶
func (in *ProcessType) DeepCopyInto(out *ProcessType)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Profile ¶
type Profile struct {
Name string `json:"name"`
Enforcer string `json:"enforcer,omitempty"`
Mode string `json:"mode"`
Content string `json:"content,omitempty"`
BpfContent BpfContent `json:"bpfContent,omitempty"`
}
func (*Profile) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Profile.
func (*Profile) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Ptrace ¶
func (*Ptrace) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ptrace.
func (*Ptrace) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PtraceContent ¶ added in v0.5.3
func (*PtraceContent) DeepCopy ¶ added in v0.5.3
func (in *PtraceContent) DeepCopy() *PtraceContent
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PtraceContent.
func (*PtraceContent) DeepCopyInto ¶ added in v0.5.3
func (in *PtraceContent) DeepCopyInto(out *PtraceContent)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PtraceRule ¶ added in v0.5.3
type PtraceRule struct {
// StrictMode is used to indicate whether to restrict ptrace permissions for all source and destination processes.
// Default: false
// If set to false, it restricts ptrace-related permissions only for processes in other containers.
// If set to true, it restricts ptrace-related permissions for all processes, except those within the init mnt namespace.
StrictMode bool `json:"strictMode,omitempty"`
// Permissions are used to indicate which ptrace-related permissions of the target container should be restricted.
// Available values: trace, traceby, read, readby.
//
// trace, traceby
// For "write" operations, or other operations that are more dangerous, such as: ptrace attaching (PTRACE_ATTACH) to
// another process or calling process_vm_writev(2).
// read, readby
// For "read" operations or other operations that are less dangerous, such as: get_robust_list(2); kcmp(2); reading
// /proc/pid/auxv, /proc/pid/environ, or /proc/pid/stat; or readlink(2) of a /proc/pid/ns/* file.
Permissions []string `json:"permissions,omitempty"`
}
func (*PtraceRule) DeepCopy ¶ added in v0.5.3
func (in *PtraceRule) DeepCopy() *PtraceRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PtraceRule.
func (*PtraceRule) DeepCopyInto ¶ added in v0.5.3
func (in *PtraceRule) DeepCopyInto(out *PtraceRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Signal ¶
type Signal struct {
Peer string `json:"peer"`
Permissions []string `json:"permissions"`
Signals []string `json:"signals"`
}
func (*Signal) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Signal.
func (*Signal) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type StaticResult ¶
type StaticResult struct {
}
func (*StaticResult) DeepCopy ¶
func (in *StaticResult) DeepCopy() *StaticResult
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StaticResult.
func (*StaticResult) DeepCopyInto ¶
func (in *StaticResult) DeepCopyInto(out *StaticResult)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Target ¶
type Target struct {
// Kind is used to specify the type of workloads for the protection targets.
// Available values: Deployment, StatefulSet, DaemonSet, Pod.
Kind string `json:"kind"`
// Name is used to specify a specific workload name.
Name string `json:"name,omitempty"`
// Containers are used to specify the names of the protected containers. If it is empty, sandbox protection
// will be enabled for all containers within the workload (excluding initContainers and ephemeralContainers).
Containers []string `json:"containers,omitempty"`
// LabelSelector is used to match workloads that meet the specified conditions (Note: the type of workloads
// is determined by the KIND field)
Selector *metav1.LabelSelector `json:"selector,omitempty"`
}
Target Structure
func (*Target) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Target.
func (*Target) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VarmorPolicy ¶
type VarmorPolicy struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec VarmorPolicySpec `json:"spec,omitempty"`
Status VarmorPolicyStatus `json:"status,omitempty"`
}
VarmorPolicy is the Schema for the varmorpolicies API
func (*VarmorPolicy) DeepCopy ¶
func (in *VarmorPolicy) DeepCopy() *VarmorPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicy.
func (*VarmorPolicy) DeepCopyInto ¶
func (in *VarmorPolicy) DeepCopyInto(out *VarmorPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VarmorPolicy) DeepCopyObject ¶
func (in *VarmorPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VarmorPolicyCondition ¶
type VarmorPolicyCondition struct {
// Type of ArmorProfile condition.
Type VarmorPolicyConditionType `json:"type"`
// Status of the condition, one of True, False, Unknown.
Status v1.ConditionStatus `json:"status"`
// Last time the condition transitioned from one status to another.
// +optional
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
// The reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty"`
// A human readable message indicating details about the transition.
// +optional
Message string `json:"message,omitempty"`
}
func (*VarmorPolicyCondition) DeepCopy ¶
func (in *VarmorPolicyCondition) DeepCopy() *VarmorPolicyCondition
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicyCondition.
func (*VarmorPolicyCondition) DeepCopyInto ¶
func (in *VarmorPolicyCondition) DeepCopyInto(out *VarmorPolicyCondition)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VarmorPolicyConditionType ¶
type VarmorPolicyConditionType string
type VarmorPolicyList ¶
type VarmorPolicyList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []VarmorPolicy `json:"items"`
}
VarmorPolicyList contains a list of VarmorPolicy
func (*VarmorPolicyList) DeepCopy ¶
func (in *VarmorPolicyList) DeepCopy() *VarmorPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicyList.
func (*VarmorPolicyList) DeepCopyInto ¶
func (in *VarmorPolicyList) DeepCopyInto(out *VarmorPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*VarmorPolicyList) DeepCopyObject ¶
func (in *VarmorPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type VarmorPolicyMode ¶
type VarmorPolicyMode string
type VarmorPolicyPhase ¶
type VarmorPolicyPhase string
type VarmorPolicySpec ¶
type VarmorPolicySpec struct {
// A label query over ArmorProfile that are managed by VarmorPolicy.
// Must match in order to be controlled.
// It must match the VarmorPolicy's labels.
Target Target `json:"target"`
Policy Policy `json:"policy"`
}
VarmorPolicySpec defines the desired state of VarmorPolicy
func (*VarmorPolicySpec) DeepCopy ¶
func (in *VarmorPolicySpec) DeepCopy() *VarmorPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicySpec.
func (*VarmorPolicySpec) DeepCopyInto ¶
func (in *VarmorPolicySpec) DeepCopyInto(out *VarmorPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type VarmorPolicyStatus ¶
type VarmorPolicyStatus struct {
ProfileName string `json:"profileName"`
// Conditions
Conditions []VarmorPolicyCondition `json:"conditions,omitempty"`
// Ready is used to indicate whether the profile of policy is loaded.
Ready bool `json:"ready"`
// Phase is used to indicate the processing phase of the policy.
// Possible values: Pending, Modeling, Completed, Protecting, Error.
// (Note: You can find out which varmor-agent has an error by reading the ArmorProfile/status corresponding to the current VarmorPolicy)
Phase VarmorPolicyPhase `json:"phase,omitempty"`
}
VarmorPolicyStatus defines the observed state of VarmorPolicy
func (*VarmorPolicyStatus) DeepCopy ¶
func (in *VarmorPolicyStatus) DeepCopy() *VarmorPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VarmorPolicyStatus.
func (*VarmorPolicyStatus) DeepCopyInto ¶
func (in *VarmorPolicyStatus) DeepCopyInto(out *VarmorPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files