Allow types to hand out security snippets #326
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This patch commences the work on the security side of capabilities. Each capability type now has a way to hand out "snippets" of security information applicable to a given security system. The information describes alterations of the security system needed to consume a given capability. The patch defines three security system names: - apparmor - seccomp - dbus Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
|
|
||
| package caps | ||
|
|
||
| // NOTE: all the security constants are used by Type.SecuritySnippet() |
There was a problem hiding this comment.
The note doesn't seem necessary, and will likely be wrong soon. The constants are used wherever they are used.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
| @@ -31,6 +31,9 @@ type Type interface { | |||
| Name() string | |||
| // Sanitize a capability (altering if necessary). | |||
| Sanitize(c *Capability) error | |||
| // Obtain the security snippet for the given security system. | |||
| // If no security snippet is needed, hand out empty string. | |||
There was a problem hiding this comment.
// SecuritySnippet returns the configuration snippet that should be used by
// the given security system to enable this capability to be consumed.
// An empty snippet is returned when the capability doesn't require anything
// from the security system to work, in addition to the default configuration.
// ErrUnknownSecurity is returned when the capability cannot deal with the
// requested security system.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
| @@ -31,6 +31,9 @@ type Type interface { | |||
| Name() string | |||
| // Sanitize a capability (altering if necessary). | |||
| Sanitize(c *Capability) error | |||
| // Obtain the security snippet for the given security system. | |||
| // If no security snippet is needed, hand out empty string. | |||
| SecuritySnippet(c *Capability, securitySystem string) (string, error) | |||
There was a problem hiding this comment.
Considering the data nature, I think the most appropriate result type here is actually a []byte.
There was a problem hiding this comment.
Ah, good point, thanks.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
| @@ -60,6 +63,24 @@ func (t *BoolFileType) Sanitize(c *Capability) error { | |||
| return nil | |||
| } | |||
|
|
|||
| // SecuritySnippet for bool-file capability type. | |||
There was a problem hiding this comment.
The standard convention for Go comments should be used here too.
|
The structure looks good. Please ping again when the details above are addressed. |
There are two changes, based on feedback from code review. First the return type is now using []byte rather than string since it will likely fit the intended problem better (it's not clear that all security systems will consume plain strings). The second change add a well-known error type for reporting unknown security systems. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This reverts commit 748dc6b.
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
This error will likely be checked for in a handful of places in the whole codebase so we don't have to have a unique type for it. At the same time we'll know exactly what the security system name was at that point so carrying this around is useless. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
| // TODO: switch to the real path later | ||
| path := c.Attrs["path"] | ||
| // Allow read, write and lock on the file designated by the path. | ||
| return ([]byte)(fmt.Sprintf("%s rwl,\n", path)), nil |
There was a problem hiding this comment.
[]byte("foo") works.. no need for the extra parenthesis.
There was a problem hiding this comment.
Fixed, C habits die hard.
|
LGTM.. just a trivial above. |
Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
|
Looks good. |
mvo5
added a commit
that referenced
this pull request
Jan 15, 2016
Allow types to hand out security snippets
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch commences the work on the security side of capabilities. Each
capability type now has a way to hand out "snippets" of security
information applicable to a given security system. The information
describes alterations of the security system needed to consume a given
capability.
The patch defines three security system names: