Documentation
¶
Index ¶
- Variables
- func ApplyFileContexts(ctx context.Context, out io.Writer, paths ...string) error
- func Bootstrap(ctx context.Context, config BootstrapConfig) error
- func IsSystemSupported(systemID string) bool
- func IsValidLabel(label string) bool
- func MustNewContext(label string) selinux.Context
- func Unload(ctx context.Context, config BootstrapConfig) error
- func WriteBootstrapScript(w io.Writer, config BootstrapConfig) error
- type BootstrapConfig
- type DistributionNotSupportedError
- type Path
- type Paths
- type UpdateConfig
Constants ¶
This section is empty.
Variables ¶
var GravityInstallerProcessContext = MustNewContext(defaults.GravityInstallerProcessLabel)
GravityInstallerProcessContext specifies the expected SELinux process domain. During bootstrapping, after the policy has been loaded, the process is configured to start under a new domain (if not already) and restarted.
Functions ¶
func ApplyFileContexts ¶
ApplyFileContexts restores the file contexts in specified list of paths
func Bootstrap ¶
func Bootstrap(ctx context.Context, config BootstrapConfig) error
Bootstrap configures SELinux on the node.
Bootstrap configuration is comprised of the two policy modules: container-selinux policy and gravity-specific policy. Also, the process configures the immediately known ports and local file contexts for dynamic paths like custom state directory and the installer directory.
User-specified port requirements as well custom volumes are configured at a later point during the install operation.
func IsSystemSupported ¶
IsSystemSupported returns true if the system specified with given ID is supported
func IsValidLabel ¶
IsValidLabel returns whether the specified label is valid. Empty label is valid and will be replaced with the default container file type
func MustNewContext ¶
func MustNewContext(label string) selinux.Context
MustNewContext parses the specified label as SELinux context. Panics if label is not a valid SELinux label
func Unload ¶
func Unload(ctx context.Context, config BootstrapConfig) error
Unload removes the policy modules and local modifications
func WriteBootstrapScript ¶
func WriteBootstrapScript(w io.Writer, config BootstrapConfig) error
WriteBootstrapScript writes the bootstrap script to the specified writer
Types ¶
type BootstrapConfig ¶
type BootstrapConfig struct {
// Path specifies the location of the installer files
Path string
// StateDir specifies the custom system state directory.
// Will be used only if specified
StateDir string
// OS specifies the OS distribution metadata
OS *monitoring.OSRelease
// contains filtered or unexported fields
}
BootstrapConfig defines the SELinux bootstrap configuration
type DistributionNotSupportedError ¶
type DistributionNotSupportedError struct {
// ID specifies the OS distribution id
ID string
}
DistributionNotSupportedError describes an error configuring SELinux on an distribution that we do not support SELinux on
func (DistributionNotSupportedError) Error ¶
func (r DistributionNotSupportedError) Error() string
Error returns the readable error message
type Path ¶
type Path struct {
// Path specifies the directory path
Path string
// Label specifies the SELinux label
Label string
}
Path describes a local file context change for a directory
type UpdateConfig ¶
type UpdateConfig struct {
liblog.Logger
// Generic lists additional port configuration
Generic []libschema.PortRange
// VxlanPort optionally specifies the new vxlan port.
// If unspecified, will not be updated.
VxlanPort *int
// Paths optionally lists additional paths to add file contexts for
Paths Paths
// contains filtered or unexported fields
}
UpdateConfig describes the additional local configuration changes
Source Files
Directories