syecl

package
v4.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 1, 2024 License: BSD-3-Clause Imports: 11 Imported by: 0

Documentation

Overview

Package syecl implements the loading and management of the container execution control list feature. This code uses the TOML config file standard to extract the structured configuration for activating or disabling the list and for the implementation of the execution groups.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func PutConfig

func PutConfig(ecl EclConfig, confPath string) (err error)

PutConfig takes the content of an EclConfig struct and Marshals it to file

Types

type EclConfig

type EclConfig struct {
	Activated  bool        `toml:"activated"`           // toggle the activation of the ECL rules
	Legacy     bool        `toml:"legacyinsecure"`      // Legacy (insecure) signature mode
	ExecGroups []Execgroup `toml:"execgroup,omitempty"` // Slice of all execution groups
}

EclConfig describes the structure of an execution control list configuration file

func LoadConfig

func LoadConfig(confPath string) (ecl EclConfig, err error)

LoadConfig opens an ECL config file and unmarshals it into structures

func (*EclConfig) ShouldRun

func (ecl *EclConfig) ShouldRun(ctx context.Context, cpath string, kr openpgp.KeyRing) (ok bool, err error)

ShouldRun determines if a container should run according to its execgroup rules

func (*EclConfig) ShouldRunFp

func (ecl *EclConfig) ShouldRunFp(ctx context.Context, fp *os.File, kr openpgp.KeyRing) (ok bool, err error)

ShouldRunFp determines if an already opened container should run according to its execgroup rules

func (*EclConfig) ValidateConfig

func (ecl *EclConfig) ValidateConfig() error

ValidateConfig makes sure paths from configs are fully resolved and that values from an execgroup are logically correct.

type Execgroup

type Execgroup struct {
	TagName  string   `toml:"tagname"`
	ListMode string   `toml:"mode"`
	DirPath  string   `toml:"dirpath"`
	KeyFPs   []string `toml:"keyfp"`
}

Execgroup describes an execution group, the main unit of configuration:

TagName: a descriptive identifier
ListMode: whether the execgroup follows a whitelist, whitestrict or blacklist model
	whitelist: one or more KeyFP's present and verified,
	whitestrict: all KeyFP's present and verified,
	blacklist: none of the KeyFP should be present
DirPath: containers must be stored in this directory path
KeyFPs: list of Key Fingerprints of entities to verify

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL