We use cookies to ensure you get the best experience on our website
首頁 探索 說明
註冊 登入
0ct0pu5
/
moby
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
目錄樹: 56da020e6b
分支列表 標籤列表
moby
/
vendor
/
github.com
/
opencontainers
/
runc
/
libcontainer
/
apparmor
/
apparmor.go

apparmor.go 957 B
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839 
  1. // +build apparmor,linux
    2. 

  2. 

  3. package apparmor
    4. 

  4. 

  5. // #cgo LDFLAGS: -lapparmor
    6. 

  6. // #include <sys/apparmor.h>
    7. 

  7. // #include <stdlib.h>
    8. 

  8. import "C"
    9. 

  9. import (
    10. 

  10. 	"fmt"
    11. 

  11. 	"io/ioutil"
    12. 

  12. 	"os"
    13. 

  13. 	"unsafe"
    14. 

  14. )
    15. 

  15. 

  16. // IsEnabled returns true if apparmor is enabled for the host.
    17. 

  17. func IsEnabled() bool {
    18. 

  18. 	if _, err := os.Stat("/sys/kernel/security/apparmor"); err == nil && os.Getenv("container") == "" {
    19. 

  19. 		if _, err = os.Stat("/sbin/apparmor_parser"); err == nil {
    20. 

  20. 			buf, err := ioutil.ReadFile("/sys/module/apparmor/parameters/enabled")
    21. 

  21. 			return err == nil && len(buf) > 1 && buf[0] == 'Y'
    22. 

  22. 		}
    23. 

  23. 	}
    24. 

  24. 	return false
    25. 

  25. }
    26. 

  26. 

  27. // ApplyProfile will apply the profile with the specified name to the process after
    28. 

  28. // the next exec.
    29. 

  29. func ApplyProfile(name string) error {
    30. 

  30. 	if name == "" {
    31. 

  31. 		return nil
    32. 

  32. 	}
    33. 

  33. 	cName := C.CString(name)
    34. 

  34. 	defer C.free(unsafe.Pointer(cName))
    35. 

  35. 	if _, err := C.aa_change_onexec(cName); err != nil {
    36. 

  36. 		return fmt.Errorf("apparmor failed to apply profile: %s", err)
    37. 

  37. 	}
    38. 

  38. 	return nil
    39. 

  39. }
    40.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5