Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
skills: add security layer #468
Conversation
zyga
added some commits
Feb 9, 2016
stevenwilkin
reviewed
Feb 9, 2016
| @@ -407,3 +415,98 @@ func (c bySlotSnapAndName) Less(i, j int) bool { | ||
| func LoadBuiltInTypes(repo *Repository) error { | ||
| return nil | ||
| } | ||
| + | ||
| +// SecuritySnippetsForSnap collects all of the snippets of a given security | ||
| +// system that affect a given snap. The return value is indexed by app name |
stevenwilkin
reviewed
Feb 9, 2016
| + } | ||
| + repo := s.emptyRepo | ||
| + err := repo.AddType(t) | ||
| + c.Assert(err, IsNil) |
stevenwilkin
Feb 9, 2016
Member
Maybe c.Assert(repo.AddType(t), IsNil) would make this test read more concisely
stevenwilkin
reviewed
Feb 9, 2016
| + return snippets, nil | ||
| +} | ||
| + | ||
| +// SecurityFilesForSnap computes files that constitute all of the security permissions. |
stevenwilkin
Feb 9, 2016
Member
Is "computes files" the right way thing to say here? This method returns the paths and contents of the security files?
stevenwilkin
reviewed
Feb 9, 2016
| +// Tests for Repository.SecuritySnippetsForSnap() | ||
| + | ||
| +func (s *RepositorySuite) TestSlotSnippetsForSnapSuccess(c *C) { | ||
| + var testSecurity SecuritySystem = "security" |
stevenwilkin
reviewed
Feb 9, 2016
| +// identifier can be either the full path of the executable or an abstract | ||
| +// identifier not related to the executable name. | ||
| +// | ||
| +// File containing apparmor profile has to be parsed, compiled and loaded into |
stevenwilkin
reviewed
Feb 9, 2016
| +// File containing apparmor profile has to be parsed, compiled and loaded into | ||
| +// the running kernel using apparmor_parser. After this is done the actual file | ||
| +// is irrelevant and can be removed. To improve performance certain command | ||
| +// line options to apparmor_parser can be used to cache compiled profile across |
stevenwilkin
reviewed
Feb 9, 2016
| +// secComp is a security subsystem that writes additional seccomp rules. | ||
| +// | ||
| +// Rules use a simple line-oriented record structure. Each line specifies a | ||
| +// system call that is allowed. Lines starting with "deny" specify system |
stevenwilkin
reviewed
Feb 9, 2016
| +// Rules use a simple line-oriented record structure. Each line specifies a | ||
| +// system call that is allowed. Lines starting with "deny" specify system | ||
| +// calls that are explicitly not allowed. Lines starting with '#' are treated | ||
| +// as comments are ignored. |
stevenwilkin
reviewed
Feb 9, 2016
| +// | ||
| +// NOTE: This subsystem interacts with ubuntu-core-launcher. The launcher reads | ||
| +// a single profile from a specific path, parses it and loads a seccomp profile | ||
| +// (using Berkley packet filter as low level mechanism). |
zyga
added some commits
Feb 9, 2016
|
Thanks @stevenwilkin -- I've corrected everything that you pointed out. |
|
LGTM. Landing. |
added a commit
that referenced
this pull request
Feb 16, 2016
chipaca
merged commit 33f6682
into
snapcore:master
Feb 16, 2016
zyga
deleted the
zyga:skills-security
branch
Mar 8, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
zyga commentedFeb 9, 2016
This branch adds support for generating files for all the security subsystems that snappy is currently using today. Those are: apparmor, seccomp, udev and dbus. Since StateEngine is not yet operational, the top-level API for the whole interface is skills.Repository.SecurityFilesForSnap() that produces information about all the files (and their contents) required to make effective skill-based security work.
There are several TODOs, mostly about using real (longish) preambles to various files.