pathpolicy

package

v0.25.0 Latest Latest Go to latest Published: Dec 15, 2023 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/osbuild/images

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type PathPolicies
- func NewPathPolicies(entries map[string]PathPolicy) *PathPolicies
- func (pol *PathPolicies) Check(fsPath string) error
type PathPolicy
type PathTrie
- func NewPathTrieFromMap(entries map[string]interface{}) *PathTrie
- func (root *PathTrie) Lookup(path string) (*PathTrie, []string)

Constants ¶

This section is empty.

Variables ¶

View Source

var CustomDirectoriesPolicies = NewPathPolicies(map[string]PathPolicy{
	"/":    {Deny: true},
	"/etc": {},
})

CustomDirectoriesPolicies is a set of default policies for custom directories

View Source

var CustomFilesPolicies = NewPathPolicies(map[string]PathPolicy{
	"/":           {Deny: true},
	"/etc":        {},
	"/root":       {},
	"/etc/fstab":  {Deny: true},
	"/etc/shadow": {Deny: true},
	"/etc/passwd": {Deny: true},
	"/etc/group":  {Deny: true},
})

CustomFilesPolicies is a set of default policies for custom files

View Source

var MountpointPolicies = NewPathPolicies(map[string]PathPolicy{
	"/": {},

	"/etc": {Deny: true},

	"/usr": {Exact: true},

	"/sys":  {Deny: true},
	"/proc": {Deny: true},
	"/dev":  {Deny: true},
	"/run":  {Deny: true},

	"/bin":   {Deny: true},
	"/sbin":  {Deny: true},
	"/lib":   {Deny: true},
	"/lib64": {Deny: true},

	"/lost+found": {Deny: true},

	"/boot/efi": {Deny: true},

	"/sysroot": {Deny: true},

	"/var/run": {Deny: true},

	"/var/lock": {Deny: true},
})

MountpointPolicies is a set of default mountpoint policies used for filesystem customizations

View Source

var OstreeMountpointPolicies = NewPathPolicies(map[string]PathPolicy{
	"/":             {},
	"/ostree":       {Deny: true},
	"/home":         {Deny: true},
	"/var/home":     {Deny: true},
	"/var/opt":      {Deny: true},
	"/var/srv":      {Deny: true},
	"/var/roothome": {Deny: true},
	"/var/usrlocal": {Deny: true},
	"/var/mnt":      {Deny: true},
})

MountpointPolicies for ostree

Functions ¶

This section is empty.

Types ¶

type PathPolicies ¶

type PathPolicies = PathTrie

func NewPathPolicies ¶

func NewPathPolicies(entries map[string]PathPolicy) *PathPolicies

Create a new PathPolicies trie from a map of path to PathPolicy

func (*PathPolicies) Check ¶

func (pol *PathPolicies) Check(fsPath string) error

Check a given path against the PathPolicies

type PathPolicy ¶

type PathPolicy struct {
	Deny  bool // explicitly do not allow this entry
	Exact bool // require and exact match, no subdirs
}

type PathTrie ¶

type PathTrie struct {
	Name    []string
	Paths   []*PathTrie
	Payload interface{}
}

func NewPathTrieFromMap ¶

func NewPathTrieFromMap(entries map[string]interface{}) *PathTrie

Construct a new trie from a map of paths to their payloads. Returns the root node of the trie.

func (*PathTrie) Lookup ¶

func (root *PathTrie) Lookup(path string) (*PathTrie, []string)

Lookup returns the node that is the prefix of path and the unmatched path segment. Must be called on the root trie node.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL