apparmor

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 25, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultProfile = "crio-default"

DefaultProfile is the default profile name

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	// contains filtered or unexported fields
}

Config is the global AppArmor configuration type

func New 

func New() *Config

New creates a new default AppArmor configuration instance

func (*Config) Apply 

func (c *Config) Apply(p *runtimeapi.LinuxContainerSecurityContext) (string, error)

Apply returns the trimmed AppArmor profile to be used and reloads if the default profile is specified. The AppArmor profile to the CRI via the deprecated apparmor_profile field in favor of the newer structured apparmor field. CRI provides the AppArmor profile via both fields to maintain backwards compatibility. ref https://github.com/kubernetes/kubernetes/pull/123811 Process new field and fallback to deprecated. From the kubernetes side both fields are populated. TODO: Clean off deprecated AppArmorProfile usage

func (*Config) IsEnabled 

func (c *Config) IsEnabled() bool

IsEnabled returns true if AppArmor is enabled via the `apparmor` buildtag and globally by the system.

func (*Config) LoadProfile 

func (c *Config) LoadProfile(profile string) error

LoadProfile can be used to load a AppArmor profile from the provided path. This method will not fail if AppArmor is disabled.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.