Documentation
¶
Overview ¶
Package enforcer is responsible for setting up and handling policy updates for supported enforcers including AppArmor, SELinux and BPFLSM
Package enforcer is responsible for setting up and handling policy updates for supported enforcers including AppArmor, SELinux and BPFLSM
Index ¶
- Constants
- type AppArmorEnforcer
- func (ae *AppArmorEnforcer) AllowedHostCapabilitiesMatchCapabilities(cap tp.CapabilitiesCapabilityType, fromSources map[string][]string)
- func (ae *AppArmorEnforcer) AllowedHostFileMatchDirectories(dir tp.FileDirectoryType, fromSources map[string][]string)
- func (ae *AppArmorEnforcer) AllowedHostFileMatchPaths(path tp.FilePathType, fromSources map[string][]string)
- func (ae *AppArmorEnforcer) AllowedHostNetworkMatchProtocols(proto tp.NetworkProtocolType, fromSources map[string][]string)
- func (ae *AppArmorEnforcer) AllowedHostProcessMatchDirectories(dir tp.ProcessDirectoryType, fromSources map[string][]string)
- func (ae *AppArmorEnforcer) AllowedHostProcessMatchPaths(path tp.ProcessPathType, fromSources map[string][]string)
- func (ae *AppArmorEnforcer) BlockedHostCapabilitiesMatchCapabilities(cap tp.CapabilitiesCapabilityType, fromSources map[string][]string)
- func (ae *AppArmorEnforcer) BlockedHostFileMatchDirectories(dir tp.FileDirectoryType, fileBlackList *[]string, ...)
- func (ae *AppArmorEnforcer) BlockedHostFileMatchPaths(path tp.FilePathType, fileBlackList *[]string, fromSources map[string][]string)
- func (ae *AppArmorEnforcer) BlockedHostFileMatchPatterns(pat tp.FilePatternType, fileBlackList *[]string)
- func (ae *AppArmorEnforcer) BlockedHostNetworkMatchProtocols(proto tp.NetworkProtocolType, fromSources map[string][]string)
- func (ae *AppArmorEnforcer) BlockedHostProcessMatchDirectories(dir tp.ProcessDirectoryType, processBlackList *[]string, ...)
- func (ae *AppArmorEnforcer) BlockedHostProcessMatchPaths(path tp.ProcessPathType, processBlackList *[]string, ...)
- func (ae *AppArmorEnforcer) BlockedHostProcessMatchPatterns(pat tp.ProcessPatternType, processBlackList *[]string)
- func (ae *AppArmorEnforcer) ClearKubeArmorHostFile(fileName string)
- func (ae *AppArmorEnforcer) CreateAppArmorHostProfile() error
- func (ae *AppArmorEnforcer) DestroyAppArmorEnforcer() error
- func (ae *AppArmorEnforcer) GenerateAppArmorHostProfile(secPolicies []tp.HostSecurityPolicy, defaultPosture tp.DefaultPosture) (int, string, bool)
- func (ae *AppArmorEnforcer) GenerateAppArmorProfile(appArmorProfile string, securityPolicies []tp.SecurityPolicy, ...) (int, string, bool)
- func (ae *AppArmorEnforcer) GenerateHostProfileBody(securityPolicies []tp.HostSecurityPolicy, defaultPosture tp.DefaultPosture) (int, string)
- func (ae *AppArmorEnforcer) GenerateHostProfileFoot() string
- func (ae *AppArmorEnforcer) GenerateHostProfileHead() string
- func (ae *AppArmorEnforcer) GenerateProfileBody(securityPolicies []tp.SecurityPolicy, defaultPosture tp.DefaultPosture, ...) (int, Profile)
- func (ae *AppArmorEnforcer) RegisterAppArmorHostProfile() bool
- func (ae *AppArmorEnforcer) RegisterAppArmorProfile(podName, profileName string, privileged bool) bool
- func (ae *AppArmorEnforcer) ResolvedProcessWhiteListConflicts(prof *Profile)
- func (ae *AppArmorEnforcer) SetCapabilitiesMatchCapabilities(cap tp.CapabilitiesCapabilityType, prof *Profile, deny bool, head bool)
- func (ae *AppArmorEnforcer) SetFileMatchDirectories(dir tp.FileDirectoryType, prof *Profile, deny bool, head bool)
- func (ae *AppArmorEnforcer) SetFileMatchPaths(path tp.FilePathType, prof *Profile, deny bool, head bool)
- func (ae *AppArmorEnforcer) SetFileMatchPatterns(pat tp.FilePatternType, prof *Profile, deny bool, head bool)
- func (ae *AppArmorEnforcer) SetNetworkMatchProtocols(proto tp.NetworkProtocolType, prof *Profile, deny bool, head bool)
- func (ae *AppArmorEnforcer) SetProcessMatchDirectories(dir tp.ProcessDirectoryType, prof *Profile, deny bool, head bool)
- func (ae *AppArmorEnforcer) SetProcessMatchPaths(path tp.ProcessPathType, prof *Profile, deny bool, head bool)
- func (ae *AppArmorEnforcer) SetProcessMatchPatterns(pat tp.ProcessPatternType, prof *Profile, deny bool, head bool)
- func (ae *AppArmorEnforcer) UnregisterAppArmorHostProfile() bool
- func (ae *AppArmorEnforcer) UnregisterAppArmorProfile(podName, profileName string, privileged bool) bool
- func (ae *AppArmorEnforcer) UpdateAppArmorHostProfile(secPolicies []tp.HostSecurityPolicy)
- func (ae *AppArmorEnforcer) UpdateAppArmorProfile(endPoint tp.EndPoint, appArmorProfile string, ...)
- func (ae *AppArmorEnforcer) UpdateHostSecurityPolicies(secPolicies []tp.HostSecurityPolicy)
- func (ae *AppArmorEnforcer) UpdateSecurityPolicies(endPoint tp.EndPoint)
- type FromSourceConfig
- type Profile
- type ProfileHeader
- type RuleConfig
- type Rules
- type RuntimeEnforcer
- func (re *RuntimeEnforcer) DestroyRuntimeEnforcer() error
- func (re *RuntimeEnforcer) RegisterContainer(containerID string, pidns, mntns uint32)
- func (re *RuntimeEnforcer) UnregisterContainer(containerID string)
- func (re *RuntimeEnforcer) UpdateAppArmorProfiles(podName string, action string, profiles map[string]string, ...)
- func (re *RuntimeEnforcer) UpdateHostSecurityPolicies(secPolicies []tp.HostSecurityPolicy)
- func (re *RuntimeEnforcer) UpdateSecurityPolicies(endPoint tp.EndPoint)
- type SELinuxEnforcer
- func (se *SELinuxEnforcer) AllowedHostFileMatchDirectories(dir tp.FileDirectoryType, fromSources map[string][]tp.SELinuxRule)
- func (se *SELinuxEnforcer) AllowedHostFileMatchPaths(path tp.FilePathType, fromSources map[string][]tp.SELinuxRule)
- func (se *SELinuxEnforcer) AllowedHostNetworkMatchProtocols(proto tp.NetworkProtocolType, networkFromSources map[string]string)
- func (se *SELinuxEnforcer) AllowedHostProcessMatchDirectories(dir tp.ProcessDirectoryType, fromSources map[string][]tp.SELinuxRule)
- func (se *SELinuxEnforcer) AllowedHostProcessMatchPaths(path tp.ProcessPathType, fromSources map[string][]tp.SELinuxRule)
- func (se *SELinuxEnforcer) BlockedHostFileMatchDirectories(dir tp.FileDirectoryType, fileBlackList *[]tp.SELinuxRule, ...)
- func (se *SELinuxEnforcer) BlockedHostFileMatchPaths(path tp.FilePathType, fileBlackList *[]tp.SELinuxRule, ...)
- func (se *SELinuxEnforcer) BlockedHostNetworkMatchProtocols(proto tp.NetworkProtocolType, networkFromSources map[string]string)
- func (se *SELinuxEnforcer) BlockedHostProcessMatchDirectories(dir tp.ProcessDirectoryType, processBlackList *[]tp.SELinuxRule, ...)
- func (se *SELinuxEnforcer) BlockedHostProcessMatchPaths(path tp.ProcessPathType, processBlackList *[]tp.SELinuxRule, ...)
- func (se *SELinuxEnforcer) ContainsElement(rules []tp.SELinuxRule, newRule tp.SELinuxRule) bool
- func (se *SELinuxEnforcer) DestroySELinuxEnforcer() error
- func (se *SELinuxEnforcer) GenerateSELinuxHostProfile(securityPolicies []tp.HostSecurityPolicy, defaultPosture tp.DefaultPosture) (int, string, bool)
- func (se *SELinuxEnforcer) InstallSELinuxModulesIfNeeded() bool
- func (se *SELinuxEnforcer) RegisterSELinuxHostProfile() bool
- func (se *SELinuxEnforcer) RestoreSELinuxLabels(profilePath string) bool
- func (se *SELinuxEnforcer) UnregisterSELinuxHostProfile() bool
- func (se *SELinuxEnforcer) UpdateHostSecurityPolicies(secPolicies []tp.HostSecurityPolicy)
- func (se *SELinuxEnforcer) UpdateSELinuxHostProfile(secPolicies []tp.HostSecurityPolicy)
- func (se *SELinuxEnforcer) UpdateSELinuxLabels(profilePath string) bool
Constants ¶
const ( AppArmorDefaultPreStart = ` #include <abstractions/base> umount, file, network, capability, ` AppArmorPrivilegedPreStart = AppArmorDefaultPreStart + ` ## == For privileged workloads == ## mount, signal, unix, ptrace, ` AppArmorPrivilegedPostStart = `` /* 410-byte string literal not displayed */ AppArmorDefaultPostStart = AppArmorPrivilegedPostStart + ` deny mount, ` )
const BaseTemplate = `` /* 6564-byte string literal not displayed */
BaseTemplate for AppArmor profiles
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppArmorEnforcer ¶
type AppArmorEnforcer struct { // logs Logger *fd.Feeder // default profile ApparmorDefault string // default privileged profile ApparmorDefaultPrivileged string // host profile HostProfile string // profiles for containers AppArmorProfiles map[string][]string AppArmorProfilesLock *sync.RWMutex // to keep track of privileged profiles for clean deletion AppArmorPrivilegedProfiles map[string]struct{} AppArmorPrivilegedProfilesLock *sync.RWMutex // contains filtered or unexported fields }
AppArmorEnforcer Structure
func NewAppArmorEnforcer ¶
func NewAppArmorEnforcer(node tp.Node, logger *fd.Feeder) *AppArmorEnforcer
NewAppArmorEnforcer Function
func (*AppArmorEnforcer) AllowedHostCapabilitiesMatchCapabilities ¶
func (ae *AppArmorEnforcer) AllowedHostCapabilitiesMatchCapabilities(cap tp.CapabilitiesCapabilityType, fromSources map[string][]string)
AllowedHostCapabilitiesMatchCapabilities Function
func (*AppArmorEnforcer) AllowedHostFileMatchDirectories ¶
func (ae *AppArmorEnforcer) AllowedHostFileMatchDirectories(dir tp.FileDirectoryType, fromSources map[string][]string)
AllowedHostFileMatchDirectories Function
func (*AppArmorEnforcer) AllowedHostFileMatchPaths ¶
func (ae *AppArmorEnforcer) AllowedHostFileMatchPaths(path tp.FilePathType, fromSources map[string][]string)
AllowedHostFileMatchPaths Function
func (*AppArmorEnforcer) AllowedHostNetworkMatchProtocols ¶
func (ae *AppArmorEnforcer) AllowedHostNetworkMatchProtocols(proto tp.NetworkProtocolType, fromSources map[string][]string)
AllowedHostNetworkMatchProtocols Function
func (*AppArmorEnforcer) AllowedHostProcessMatchDirectories ¶
func (ae *AppArmorEnforcer) AllowedHostProcessMatchDirectories(dir tp.ProcessDirectoryType, fromSources map[string][]string)
AllowedHostProcessMatchDirectories Function
func (*AppArmorEnforcer) AllowedHostProcessMatchPaths ¶
func (ae *AppArmorEnforcer) AllowedHostProcessMatchPaths(path tp.ProcessPathType, fromSources map[string][]string)
AllowedHostProcessMatchPaths Function
func (*AppArmorEnforcer) BlockedHostCapabilitiesMatchCapabilities ¶
func (ae *AppArmorEnforcer) BlockedHostCapabilitiesMatchCapabilities(cap tp.CapabilitiesCapabilityType, fromSources map[string][]string)
BlockedHostCapabilitiesMatchCapabilities Function
func (*AppArmorEnforcer) BlockedHostFileMatchDirectories ¶
func (ae *AppArmorEnforcer) BlockedHostFileMatchDirectories(dir tp.FileDirectoryType, fileBlackList *[]string, fromSources map[string][]string)
BlockedHostFileMatchDirectories Function
func (*AppArmorEnforcer) BlockedHostFileMatchPaths ¶
func (ae *AppArmorEnforcer) BlockedHostFileMatchPaths(path tp.FilePathType, fileBlackList *[]string, fromSources map[string][]string)
BlockedHostFileMatchPaths Function
func (*AppArmorEnforcer) BlockedHostFileMatchPatterns ¶
func (ae *AppArmorEnforcer) BlockedHostFileMatchPatterns(pat tp.FilePatternType, fileBlackList *[]string)
BlockedHostFileMatchPatterns Function
func (*AppArmorEnforcer) BlockedHostNetworkMatchProtocols ¶
func (ae *AppArmorEnforcer) BlockedHostNetworkMatchProtocols(proto tp.NetworkProtocolType, fromSources map[string][]string)
BlockedHostNetworkMatchProtocols Function
func (*AppArmorEnforcer) BlockedHostProcessMatchDirectories ¶
func (ae *AppArmorEnforcer) BlockedHostProcessMatchDirectories(dir tp.ProcessDirectoryType, processBlackList *[]string, fromSources map[string][]string)
BlockedHostProcessMatchDirectories Function
func (*AppArmorEnforcer) BlockedHostProcessMatchPaths ¶
func (ae *AppArmorEnforcer) BlockedHostProcessMatchPaths(path tp.ProcessPathType, processBlackList *[]string, fromSources map[string][]string)
BlockedHostProcessMatchPaths Function
func (*AppArmorEnforcer) BlockedHostProcessMatchPatterns ¶
func (ae *AppArmorEnforcer) BlockedHostProcessMatchPatterns(pat tp.ProcessPatternType, processBlackList *[]string)
BlockedHostProcessMatchPatterns Function
func (*AppArmorEnforcer) ClearKubeArmorHostFile ¶
func (ae *AppArmorEnforcer) ClearKubeArmorHostFile(fileName string)
ClearKubeArmorHostFile Function
func (*AppArmorEnforcer) CreateAppArmorHostProfile ¶
func (ae *AppArmorEnforcer) CreateAppArmorHostProfile() error
CreateAppArmorHostProfile Function
func (*AppArmorEnforcer) DestroyAppArmorEnforcer ¶
func (ae *AppArmorEnforcer) DestroyAppArmorEnforcer() error
DestroyAppArmorEnforcer Function
func (*AppArmorEnforcer) GenerateAppArmorHostProfile ¶
func (ae *AppArmorEnforcer) GenerateAppArmorHostProfile(secPolicies []tp.HostSecurityPolicy, defaultPosture tp.DefaultPosture) (int, string, bool)
GenerateAppArmorHostProfile Function
func (*AppArmorEnforcer) GenerateAppArmorProfile ¶
func (ae *AppArmorEnforcer) GenerateAppArmorProfile(appArmorProfile string, securityPolicies []tp.SecurityPolicy, defaultPosture tp.DefaultPosture, privileged bool) (int, string, bool)
GenerateAppArmorProfile Function
func (*AppArmorEnforcer) GenerateHostProfileBody ¶
func (ae *AppArmorEnforcer) GenerateHostProfileBody(securityPolicies []tp.HostSecurityPolicy, defaultPosture tp.DefaultPosture) (int, string)
GenerateHostProfileBody Function
func (*AppArmorEnforcer) GenerateHostProfileFoot ¶
func (ae *AppArmorEnforcer) GenerateHostProfileFoot() string
GenerateHostProfileFoot Function
func (*AppArmorEnforcer) GenerateHostProfileHead ¶
func (ae *AppArmorEnforcer) GenerateHostProfileHead() string
GenerateHostProfileHead Function
func (*AppArmorEnforcer) GenerateProfileBody ¶
func (ae *AppArmorEnforcer) GenerateProfileBody(securityPolicies []tp.SecurityPolicy, defaultPosture tp.DefaultPosture, privileged bool) (int, Profile)
GenerateProfileBody Function
func (*AppArmorEnforcer) RegisterAppArmorHostProfile ¶
func (ae *AppArmorEnforcer) RegisterAppArmorHostProfile() bool
RegisterAppArmorHostProfile Function
func (*AppArmorEnforcer) RegisterAppArmorProfile ¶
func (ae *AppArmorEnforcer) RegisterAppArmorProfile(podName, profileName string, privileged bool) bool
RegisterAppArmorProfile Function
func (*AppArmorEnforcer) ResolvedProcessWhiteListConflicts ¶
func (ae *AppArmorEnforcer) ResolvedProcessWhiteListConflicts(prof *Profile)
ResolvedProcessWhiteListConflicts Function
func (*AppArmorEnforcer) SetCapabilitiesMatchCapabilities ¶
func (ae *AppArmorEnforcer) SetCapabilitiesMatchCapabilities(cap tp.CapabilitiesCapabilityType, prof *Profile, deny bool, head bool)
SetCapabilitiesMatchCapabilities Function
func (*AppArmorEnforcer) SetFileMatchDirectories ¶
func (ae *AppArmorEnforcer) SetFileMatchDirectories(dir tp.FileDirectoryType, prof *Profile, deny bool, head bool)
SetFileMatchDirectories Function
func (*AppArmorEnforcer) SetFileMatchPaths ¶
func (ae *AppArmorEnforcer) SetFileMatchPaths(path tp.FilePathType, prof *Profile, deny bool, head bool)
SetFileMatchPaths Function
func (*AppArmorEnforcer) SetFileMatchPatterns ¶
func (ae *AppArmorEnforcer) SetFileMatchPatterns(pat tp.FilePatternType, prof *Profile, deny bool, head bool)
SetFileMatchPatterns Function
func (*AppArmorEnforcer) SetNetworkMatchProtocols ¶
func (ae *AppArmorEnforcer) SetNetworkMatchProtocols(proto tp.NetworkProtocolType, prof *Profile, deny bool, head bool)
SetNetworkMatchProtocols Function
func (*AppArmorEnforcer) SetProcessMatchDirectories ¶
func (ae *AppArmorEnforcer) SetProcessMatchDirectories(dir tp.ProcessDirectoryType, prof *Profile, deny bool, head bool)
SetProcessMatchDirectories Function
func (*AppArmorEnforcer) SetProcessMatchPaths ¶
func (ae *AppArmorEnforcer) SetProcessMatchPaths(path tp.ProcessPathType, prof *Profile, deny bool, head bool)
SetProcessMatchPaths Function
func (*AppArmorEnforcer) SetProcessMatchPatterns ¶
func (ae *AppArmorEnforcer) SetProcessMatchPatterns(pat tp.ProcessPatternType, prof *Profile, deny bool, head bool)
SetProcessMatchPatterns Function
func (*AppArmorEnforcer) UnregisterAppArmorHostProfile ¶
func (ae *AppArmorEnforcer) UnregisterAppArmorHostProfile() bool
UnregisterAppArmorHostProfile Function
func (*AppArmorEnforcer) UnregisterAppArmorProfile ¶
func (ae *AppArmorEnforcer) UnregisterAppArmorProfile(podName, profileName string, privileged bool) bool
UnregisterAppArmorProfile Function
func (*AppArmorEnforcer) UpdateAppArmorHostProfile ¶
func (ae *AppArmorEnforcer) UpdateAppArmorHostProfile(secPolicies []tp.HostSecurityPolicy)
UpdateAppArmorHostProfile Function
func (*AppArmorEnforcer) UpdateAppArmorProfile ¶
func (ae *AppArmorEnforcer) UpdateAppArmorProfile(endPoint tp.EndPoint, appArmorProfile string, securityPolicies []tp.SecurityPolicy)
UpdateAppArmorProfile Function
func (*AppArmorEnforcer) UpdateHostSecurityPolicies ¶
func (ae *AppArmorEnforcer) UpdateHostSecurityPolicies(secPolicies []tp.HostSecurityPolicy)
UpdateHostSecurityPolicies Function
func (*AppArmorEnforcer) UpdateSecurityPolicies ¶
func (ae *AppArmorEnforcer) UpdateSecurityPolicies(endPoint tp.EndPoint)
UpdateSecurityPolicies Function
type FromSourceConfig ¶
type FromSourceConfig struct { Fusion bool ProfileHeader Rules }
FromSourceConfig has details for individual from source subprofiles
type Profile ¶
type Profile struct { Name string ProfileHeader Rules FromSource map[string]FromSourceConfig NativeRules []string }
Profile header has all the details for a new AppArmor profile
type ProfileHeader ¶
type ProfileHeader struct {
File, Network, Capabilities, Privileged bool
}
ProfileHeader contain sAppArmor Profile/SubProfile header config
func (*ProfileHeader) Init ¶
func (h *ProfileHeader) Init()
Init sets the presence of Entity headers to true by default
type RuleConfig ¶
type RuleConfig struct {
Dir, Recursive, ReadOnly, OwnerOnly, Deny, Allow bool
}
RuleConfig contains details for individual apparmor rules
type Rules ¶
type Rules struct { FilePaths map[string]RuleConfig ProcessPaths map[string]RuleConfig NetworkRules map[string]RuleConfig CapabilitiesRules map[string]RuleConfig }
Rules contains configuration for the AppArmor Profile/SubProfile Body
type RuntimeEnforcer ¶
type RuntimeEnforcer struct { // logger Logger *fd.Feeder // LSM type EnforcerType string // contains filtered or unexported fields }
RuntimeEnforcer Structure
func NewRuntimeEnforcer ¶
func NewRuntimeEnforcer(node tp.Node, pinpath string, logger *fd.Feeder, monitor *mon.SystemMonitor) *RuntimeEnforcer
NewRuntimeEnforcer Function
func (*RuntimeEnforcer) DestroyRuntimeEnforcer ¶
func (re *RuntimeEnforcer) DestroyRuntimeEnforcer() error
DestroyRuntimeEnforcer Function
func (*RuntimeEnforcer) RegisterContainer ¶
func (re *RuntimeEnforcer) RegisterContainer(containerID string, pidns, mntns uint32)
RegisterContainer registers container identifiers to BPFEnforcer Map
func (*RuntimeEnforcer) UnregisterContainer ¶
func (re *RuntimeEnforcer) UnregisterContainer(containerID string)
UnregisterContainer removes container identifiers from BPFEnforcer Map
func (*RuntimeEnforcer) UpdateAppArmorProfiles ¶
func (re *RuntimeEnforcer) UpdateAppArmorProfiles(podName string, action string, profiles map[string]string, privilegedProfiles map[string]struct{})
UpdateAppArmorProfiles Function
func (*RuntimeEnforcer) UpdateHostSecurityPolicies ¶
func (re *RuntimeEnforcer) UpdateHostSecurityPolicies(secPolicies []tp.HostSecurityPolicy)
UpdateHostSecurityPolicies Function
func (*RuntimeEnforcer) UpdateSecurityPolicies ¶
func (re *RuntimeEnforcer) UpdateSecurityPolicies(endPoint tp.EndPoint)
UpdateSecurityPolicies Function
type SELinuxEnforcer ¶
type SELinuxEnforcer struct { // logs Logger *fd.Feeder // policy enforcer SELinuxTemplatePath string // host profile HostProfile string SELinuxProfilesLock *sync.Mutex }
SELinuxEnforcer Structure
func NewSELinuxEnforcer ¶
func NewSELinuxEnforcer(node tp.Node, logger *fd.Feeder) *SELinuxEnforcer
NewSELinuxEnforcer Function
func (*SELinuxEnforcer) AllowedHostFileMatchDirectories ¶
func (se *SELinuxEnforcer) AllowedHostFileMatchDirectories(dir tp.FileDirectoryType, fromSources map[string][]tp.SELinuxRule)
AllowedHostFileMatchDirectories Function
func (*SELinuxEnforcer) AllowedHostFileMatchPaths ¶
func (se *SELinuxEnforcer) AllowedHostFileMatchPaths(path tp.FilePathType, fromSources map[string][]tp.SELinuxRule)
AllowedHostFileMatchPaths Function
func (*SELinuxEnforcer) AllowedHostNetworkMatchProtocols ¶
func (se *SELinuxEnforcer) AllowedHostNetworkMatchProtocols(proto tp.NetworkProtocolType, networkFromSources map[string]string)
AllowedHostNetworkMatchProtocols Function
func (*SELinuxEnforcer) AllowedHostProcessMatchDirectories ¶
func (se *SELinuxEnforcer) AllowedHostProcessMatchDirectories(dir tp.ProcessDirectoryType, fromSources map[string][]tp.SELinuxRule)
AllowedHostProcessMatchDirectories Function
func (*SELinuxEnforcer) AllowedHostProcessMatchPaths ¶
func (se *SELinuxEnforcer) AllowedHostProcessMatchPaths(path tp.ProcessPathType, fromSources map[string][]tp.SELinuxRule)
AllowedHostProcessMatchPaths Function
func (*SELinuxEnforcer) BlockedHostFileMatchDirectories ¶
func (se *SELinuxEnforcer) BlockedHostFileMatchDirectories(dir tp.FileDirectoryType, fileBlackList *[]tp.SELinuxRule, fromSources map[string][]tp.SELinuxRule)
BlockedHostFileMatchDirectories Function
func (*SELinuxEnforcer) BlockedHostFileMatchPaths ¶
func (se *SELinuxEnforcer) BlockedHostFileMatchPaths(path tp.FilePathType, fileBlackList *[]tp.SELinuxRule, fromSources map[string][]tp.SELinuxRule)
BlockedHostFileMatchPaths Function
func (*SELinuxEnforcer) BlockedHostNetworkMatchProtocols ¶
func (se *SELinuxEnforcer) BlockedHostNetworkMatchProtocols(proto tp.NetworkProtocolType, networkFromSources map[string]string)
BlockedHostNetworkMatchProtocols Function
func (*SELinuxEnforcer) BlockedHostProcessMatchDirectories ¶
func (se *SELinuxEnforcer) BlockedHostProcessMatchDirectories(dir tp.ProcessDirectoryType, processBlackList *[]tp.SELinuxRule, fromSources map[string][]tp.SELinuxRule)
BlockedHostProcessMatchDirectories Function
func (*SELinuxEnforcer) BlockedHostProcessMatchPaths ¶
func (se *SELinuxEnforcer) BlockedHostProcessMatchPaths(path tp.ProcessPathType, processBlackList *[]tp.SELinuxRule, fromSources map[string][]tp.SELinuxRule)
BlockedHostProcessMatchPaths Function
func (*SELinuxEnforcer) ContainsElement ¶
func (se *SELinuxEnforcer) ContainsElement(rules []tp.SELinuxRule, newRule tp.SELinuxRule) bool
ContainsElement Function
func (*SELinuxEnforcer) DestroySELinuxEnforcer ¶
func (se *SELinuxEnforcer) DestroySELinuxEnforcer() error
DestroySELinuxEnforcer Function
func (*SELinuxEnforcer) GenerateSELinuxHostProfile ¶
func (se *SELinuxEnforcer) GenerateSELinuxHostProfile(securityPolicies []tp.HostSecurityPolicy, defaultPosture tp.DefaultPosture) (int, string, bool)
GenerateSELinuxHostProfile Function
func (*SELinuxEnforcer) InstallSELinuxModulesIfNeeded ¶
func (se *SELinuxEnforcer) InstallSELinuxModulesIfNeeded() bool
InstallSELinuxModulesIfNeeded Function
func (*SELinuxEnforcer) RegisterSELinuxHostProfile ¶
func (se *SELinuxEnforcer) RegisterSELinuxHostProfile() bool
RegisterSELinuxHostProfile Function
func (*SELinuxEnforcer) RestoreSELinuxLabels ¶
func (se *SELinuxEnforcer) RestoreSELinuxLabels(profilePath string) bool
RestoreSELinuxLabels Function
func (*SELinuxEnforcer) UnregisterSELinuxHostProfile ¶
func (se *SELinuxEnforcer) UnregisterSELinuxHostProfile() bool
UnregisterSELinuxHostProfile Function
func (*SELinuxEnforcer) UpdateHostSecurityPolicies ¶
func (se *SELinuxEnforcer) UpdateHostSecurityPolicies(secPolicies []tp.HostSecurityPolicy)
UpdateHostSecurityPolicies Function
func (*SELinuxEnforcer) UpdateSELinuxHostProfile ¶
func (se *SELinuxEnforcer) UpdateSELinuxHostProfile(secPolicies []tp.HostSecurityPolicy)
UpdateSELinuxHostProfile Function
func (*SELinuxEnforcer) UpdateSELinuxLabels ¶
func (se *SELinuxEnforcer) UpdateSELinuxLabels(profilePath string) bool
UpdateSELinuxLabels Function