syecl

package

v4.1.4 Latest Latest Go to latest Published: Jun 28, 2024 License: BSD-3-Clause Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sylabs/singularity

Links

Open Source Insights

Documentation ¶

Overview ¶

Package syecl implements the loading and management of the container execution control list feature. This code uses the TOML config file standard to extract the structured configuration for activating or disabling the list and for the implementation of the execution groups.

Index ¶

func PutConfig(ecl EclConfig, confPath string) (err error)
type EclConfig
- func LoadConfig(confPath string) (ecl EclConfig, err error)
type Execgroup

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func PutConfig ¶

func PutConfig(ecl EclConfig, confPath string) (err error)

PutConfig takes the content of an EclConfig struct and Marshals it to file

Types ¶

type EclConfig ¶

type EclConfig struct {
	Activated  bool        `toml:"activated"`           // toggle the activation of the ECL rules
	Legacy     bool        `toml:"legacyinsecure"`      // Legacy (insecure) signature mode
	ExecGroups []Execgroup `toml:"execgroup,omitempty"` // Slice of all execution groups
}

EclConfig describes the structure of an execution control list configuration file

func LoadConfig ¶

func LoadConfig(confPath string) (ecl EclConfig, err error)

LoadConfig opens an ECL config file and unmarshals it into structures

func (*EclConfig) ShouldRun ¶

func (ecl *EclConfig) ShouldRun(ctx context.Context, cpath string, kr openpgp.KeyRing) (ok bool, err error)

ShouldRun determines if a container should run according to its execgroup rules

func (*EclConfig) ShouldRunFp ¶

func (ecl *EclConfig) ShouldRunFp(ctx context.Context, fp *os.File, kr openpgp.KeyRing) (ok bool, err error)

ShouldRunFp determines if an already opened container should run according to its execgroup rules

func (*EclConfig) ValidateConfig ¶

func (ecl *EclConfig) ValidateConfig() error

ValidateConfig makes sure paths from configs are fully resolved and that values from an execgroup are logically correct.

type Execgroup ¶

type Execgroup struct {
	TagName  string   `toml:"tagname"`
	ListMode string   `toml:"mode"`
	DirPath  string   `toml:"dirpath"`
	KeyFPs   []string `toml:"keyfp"`
}

Execgroup describes an execution group, the main unit of configuration:

TagName: a descriptive identifier
ListMode: whether the execgroup follows a whitelist, whitestrict or blacklist model
	whitelist: one or more KeyFP's present and verified,
	whitestrict: all KeyFP's present and verified,
	blacklist: none of the KeyFP should be present
DirPath: containers must be stored in this directory path
KeyFPs: list of Key Fingerprints of entities to verify

Source Files ¶

View all Source files

syecl.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL