Documentation ¶
Index ¶
- Variables
- func LoadBuiltInTypes(repo *Repository) error
- func ValidateName(name string) error
- type Repository
- func (r *Repository) AddSkill(skill *Skill) error
- func (r *Repository) AddSlot(slot *Slot) error
- func (r *Repository) AddType(t Type) error
- func (r *Repository) AllSkills(skillType string) []*Skill
- func (r *Repository) AllSlots(skillType string) []*Slot
- func (r *Repository) Grant(skillSnapName, skillName, slotSnapName, slotName string) error
- func (r *Repository) GrantedBy(snapName string) map[*Skill][]*Slot
- func (r *Repository) GrantedTo(snapName string) map[*Slot][]*Skill
- func (r *Repository) GrantsOf(snapName, skillName string) []*Slot
- func (r *Repository) RemoveSkill(snapName, skillName string) error
- func (r *Repository) RemoveSlot(snapName, slotName string) error
- func (r *Repository) Revoke(skillSnapName, skillName, slotSnapName, slotName string) error
- func (r *Repository) SecurityFilesForSnap(snapName string) (map[string][]byte, error)
- func (r *Repository) SecuritySnippetsForSnap(snapName string, securitySystem SecuritySystem) (map[string][][]byte, error)
- func (r *Repository) Skill(snapName, skillName string) *Skill
- func (r *Repository) Skills(snapName string) []*Skill
- func (r *Repository) Slot(snapName, slotName string) *Slot
- func (r *Repository) Slots(snapName string) []*Slot
- func (r *Repository) Type(typeName string) Type
- type SecuritySystem
- type Skill
- type Slot
- type TestType
- func (t *TestType) Name() string
- func (t *TestType) SanitizeSkill(skill *Skill) error
- func (t *TestType) SanitizeSlot(slot *Slot) error
- func (t *TestType) SkillSecuritySnippet(skill *Skill, securitySystem SecuritySystem) ([]byte, error)
- func (t *TestType) SlotSecuritySnippet(skill *Skill, securitySystem SecuritySystem) ([]byte, error)
- func (t *TestType) String() string
- type Type
Constants ¶
This section is empty.
Variables ¶
var ( // ErrUnknownSecurity is reported when a skill type is unable to deal with a given security system. ErrUnknownSecurity = errors.New("unknown security system") )
Functions ¶
func LoadBuiltInTypes ¶
func LoadBuiltInTypes(repo *Repository) error
LoadBuiltInTypes loads built-in skill types into the provided repository.
func ValidateName ¶
ValidateName checks if a string can be used as a skill or slot name.
Types ¶
type Repository ¶
type Repository struct {
// contains filtered or unexported fields
}
Repository stores all known snappy skills and slots and types.
func NewRepository ¶
func NewRepository() *Repository
NewRepository creates an empty skill repository.
func (*Repository) AddSkill ¶
func (r *Repository) AddSkill(skill *Skill) error
AddSkill adds a skill to the repository. Skill names must be valid snap names, as defined by ValidateName. Skill name must be unique within a particular snap.
func (*Repository) AddSlot ¶
func (r *Repository) AddSlot(slot *Slot) error
AddSlot adds a new slot to the repository. Adding a slot with invalid name returns an error. Adding a slot that has the same name and snap name as another slot returns an error.
func (*Repository) AddType ¶
func (r *Repository) AddType(t Type) error
AddType adds the provided skill type to the repository.
func (*Repository) AllSkills ¶
func (r *Repository) AllSkills(skillType string) []*Skill
AllSkills returns all skills of the given type. If skillType is the empty string, all skills are returned.
func (*Repository) AllSlots ¶
func (r *Repository) AllSlots(skillType string) []*Slot
AllSlots returns all skill slots of the given type. If skillType is the empty string, all skill slots are returned.
func (*Repository) Grant ¶
func (r *Repository) Grant(skillSnapName, skillName, slotSnapName, slotName string) error
Grant grants the named skill to the named slot of the given snap. The skill and the slot must have the same type.
func (*Repository) GrantedBy ¶
func (r *Repository) GrantedBy(snapName string) map[*Skill][]*Slot
GrantedBy returns all of the skills granted by a given snap.
func (*Repository) GrantedTo ¶
func (r *Repository) GrantedTo(snapName string) map[*Slot][]*Skill
GrantedTo returns all the skills granted to a given snap.
func (*Repository) GrantsOf ¶
func (r *Repository) GrantsOf(snapName, skillName string) []*Slot
GrantsOf returns all of the slots that were granted the provided skill.
func (*Repository) RemoveSkill ¶
func (r *Repository) RemoveSkill(snapName, skillName string) error
RemoveSkill removes the named skill provided by a given snap. The removed skill must exist and must not be used anywhere.
func (*Repository) RemoveSlot ¶
func (r *Repository) RemoveSlot(snapName, slotName string) error
RemoveSlot removes a named slot from the given snap. Removing a slot that doesn't exist returns an error. Removing a slot that uses a skill returns an error.
func (*Repository) Revoke ¶
func (r *Repository) Revoke(skillSnapName, skillName, slotSnapName, slotName string) error
Revoke revokes the named skill from the slot of the given snap.
Revoke has three modes of operation that depend on the passed arguments:
- If all the arguments are specified then Revoke() finds a specific skill slot and a specific skill and revokes that skill from that skill slot. It is an error if skill or skill slot cannot be found or if the grant does not exist.
- If skillSnapName and skillName are empty then Revoke() finds the specified skill slot and revokes all the skills granted there. It is not an error if there are no such skills but it is still an error if the skill slot does not exist.
- If skillSnapName, skillName and slotName are all empty then Revoke finds the specified snap (designated by slotSnapName) and revokes all the skills from all the skill slots found therein. It is not an error if there are no such skills but it is still an error if the snap does not exist or has no slots at all.
func (*Repository) SecurityFilesForSnap ¶
func (r *Repository) SecurityFilesForSnap(snapName string) (map[string][]byte, error)
SecurityFilesForSnap returns the paths and contents of security files for a given snap.
func (*Repository) SecuritySnippetsForSnap ¶
func (r *Repository) SecuritySnippetsForSnap(snapName string, securitySystem SecuritySystem) (map[string][][]byte, error)
SecuritySnippetsForSnap collects all of the snippets of a given security system that affect a given snap. The return value is indexed by app name within that snap.
func (*Repository) Skill ¶
func (r *Repository) Skill(snapName, skillName string) *Skill
Skill returns the specified skill from the named snap.
func (*Repository) Skills ¶
func (r *Repository) Skills(snapName string) []*Skill
Skills returns the skills offered by the named snap.
func (*Repository) Slot ¶
func (r *Repository) Slot(snapName, slotName string) *Slot
Slot returns the specified skill slot from the named snap.
func (*Repository) Slots ¶
func (r *Repository) Slots(snapName string) []*Slot
Slots returns the skill slots offered by the named snap.
func (*Repository) Type ¶
func (r *Repository) Type(typeName string) Type
Type returns a type with a given name.
type SecuritySystem ¶
type SecuritySystem string
SecuritySystem is a name of a security system.
const ( // SecurityAppArmor identifies the apparmor security system. SecurityAppArmor SecuritySystem = "apparmor" // SecuritySecComp identifies the seccomp security system. SecuritySecComp SecuritySystem = "seccomp" // SecurityDBus identifies the DBus security system. SecurityDBus SecuritySystem = "dbus" // SecurityUDev identifies the UDev security system. SecurityUDev SecuritySystem = "udev" )
type Skill ¶
type Skill struct { Name string Snap string Type string Attrs map[string]interface{} Apps []string Label string }
Skill represents a capacity offered by a snap.
type Slot ¶
type Slot struct { Name string Snap string Type string Attrs map[string]interface{} Apps []string Label string }
Slot represents the potential of a given snap to use a skill.
type TestType ¶
type TestType struct { // TypeName is the name of this type TypeName string // SanitizeSkillCallback is the callback invoked inside SanitizeSkill() SanitizeSkillCallback func(skill *Skill) error // SanitizeSlotCallback is the callback invoked inside SanitizeSlot() SanitizeSlotCallback func(slot *Slot) error // SlotSecuritySnippetCallback is the callback invoked inside SlotSecuritySnippet() SlotSecuritySnippetCallback func(skill *Skill, securitySystem SecuritySystem) ([]byte, error) // SkillSecuritySnippetCallback is the callback invoked inside SkillSecuritySnippet() SkillSecuritySnippetCallback func(skill *Skill, securitySystem SecuritySystem) ([]byte, error) }
TestType is a skill type for various kind of tests. It is public so that it can be consumed from other packages.
func (*TestType) SanitizeSkill ¶
SanitizeSkill checks and possibly modifies a skill.
func (*TestType) SanitizeSlot ¶
SanitizeSlot checks and possibly modifies a slot.
func (*TestType) SkillSecuritySnippet ¶
func (t *TestType) SkillSecuritySnippet(skill *Skill, securitySystem SecuritySystem) ([]byte, error)
SkillSecuritySnippet returns the configuration snippet "required" to offer a test skill. Providers don't gain any extra permissions.
func (*TestType) SlotSecuritySnippet ¶
func (t *TestType) SlotSecuritySnippet(skill *Skill, securitySystem SecuritySystem) ([]byte, error)
SlotSecuritySnippet returns the configuration snippet "required" to use a test skill. Consumers don't gain any extra permissions.
type Type ¶
type Type interface { // Unique and public name of this type. Name() string // SanitizeSkill checks if a skill is correct, altering if necessary. SanitizeSkill(skill *Skill) error // SanitizeSlot checks if a slot is correct, altering if necessary. SanitizeSlot(slot *Slot) error // SkillSecuritySnippet returns the configuration snippet needed by the // given security system to allow a snap to offer a skill of this type. // // An empty snippet is returned when the skill doesn't require anything // from the security system to work, in addition to the default // configuration. ErrUnknownSecurity is returned when the skill cannot // deal with the requested security system. SkillSecuritySnippet(skill *Skill, securitySystem SecuritySystem) ([]byte, error) // SlotSecuritySnippet returns the configuration snippet needed by the // given security system to allow a snap to use a skill of this type. // // An empty snippet is returned when the skill doesn't require anything // from the security system to work, in addition to the default // configuration. ErrUnknownSecurity is returned when the skill cannot // deal with the requested security system. SlotSecuritySnippet(skill *Skill, securitySystem SecuritySystem) ([]byte, error) }
Type describes a group of interchangeable capabilities with common features. Types are managed centrally and act as a contract between system builders, application developers and end users.