-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3 from pjbgf/isloaded
Improve reliability and refactor API
- Loading branch information
Showing
24 changed files
with
339 additions
and
351 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Dockerfile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,18 @@ | ||
FROM golang:1.17-bullseye | ||
FROM golang:1.19-alpine | ||
|
||
RUN apt update && apt install -y apparmor-utils libapparmor-dev | ||
RUN apk add gcc build-base \ | ||
apparmor-utils libapparmor libapparmor-dev | ||
|
||
ADD . /work | ||
WORKDIR /work | ||
RUN make build | ||
WORKDIR /work/tests/e2e | ||
|
||
RUN go mod download | ||
|
||
RUN go build -tags apparmor \ | ||
-ldflags '-s -w -extldflags "-static"' \ | ||
-o /work/build/e2e main.go | ||
|
||
FROM gcr.io/distroless/static | ||
|
||
COPY --from=0 /sbin/apparmor_parser /sbin | ||
COPY --from=0 /work/build /app | ||
|
||
ENTRYPOINT [ "/app/go-apparmor" ] | ||
# E2E tests must be running as root, as it also verifies | ||
# hostop privileges. | ||
USER root | ||
ENTRYPOINT [ "/work/build/e2e" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= | ||
github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= | ||
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab h1:2QkjZIsXupsJbJIdSjjUOgWK3aEtzyuh2mPt3l/CkeU= | ||
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= | ||
golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43 h1:OK7RB6t2WQX54srQQYSXMW8dF5C6/8+oA/s5QBmmto4= | ||
golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,27 +1,37 @@ | ||
package apparmor | ||
|
||
import ( | ||
"github.com/go-logr/logr" | ||
) | ||
|
||
type aa interface { | ||
// WithLogger sets a logger to be using whilst executing operations. | ||
WithLogger(logger logr.Logger) aa | ||
aaReader | ||
aaWriter | ||
} | ||
|
||
type aaReader interface { | ||
// Enabled checks whether AppArmor is enabled in the kernel. | ||
// | ||
// Requires direct read-only access to AppArmor's parameters/enabled file | ||
// or be called with root privileges via hostop.mountHostOp. | ||
Enabled() (bool, error) | ||
|
||
// Enforceable checks whether AppArmor is installed, enabled and that | ||
// policies are enforceable. | ||
Enforceable() (bool, error) | ||
|
||
// AppArmorFS returns the path where the AppArmor filesystem | ||
// was mounted. | ||
AppArmorFS() (string, error) | ||
// PolicyLoaded checks whether a policy is loaded in the kernel. | ||
// | ||
// Requires direct read-only access to AppArmor's profiles file | ||
// or be called with root privileges via hostop.mountHostOp. | ||
PolicyLoaded(policyName string) (bool, error) | ||
} | ||
|
||
// DeletePolicy removes an AppArmor policy from the kernel. | ||
type aaWriter interface { | ||
// DeletePolicy unload the AppArmor policy from the kernel, then | ||
// deletes the policy file. | ||
// | ||
// Must be called with root privileges. | ||
DeletePolicy(policyName string) error | ||
|
||
// LoadPolicy loads an AppArmor policy into the kernel. | ||
// | ||
// Must be called with root privileges. | ||
LoadPolicy(fileName string) error | ||
} |
Oops, something went wrong.