security

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 24, 2017 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package security manages:

  • Cache clearing (cache.go)
  • Keyring Operations (keyring.go)
  • Privilege manipulation (privileges.go)
  • Maintaining the link between the root and user keyrings.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrReadingKeyList = util.SystemError("could not read keys from " + keyListFilename)
	ErrFindingKeyring = util.SystemError("could not find user keyring")
	ErrKeyringInsert  = util.SystemError("could not insert key into the keyring")
	ErrKeyringSearch  = errors.New("could not find key with descriptor")
	ErrKeyringDelete  = util.SystemError("could not delete key from the keyring")
	ErrKeyringLink    = util.SystemError("could not link keyring")
	ErrKeyringUnlink  = util.SystemError("could not unlink keyring")
)

Package security error values

Functions

func DropInodeCache 

func DropInodeCache() error

DropInodeCache instructs the kernel to clear the global cache of inodes and dentries. This has the effect of making encrypted directories whose keys are not present no longer accessible. Requires root privileges.

func FindKey 

func FindKey(description string) (int, error)

FindKey tries to locate a key in the kernel keyring with the provided description. The key id is returned if we can find the key. An error is returned if the key does not exist.

func InsertKey 

func InsertKey(data []byte, description string) error

InsertKey puts the provided data into the kernel keyring with the provided description.

func RaiseThreadPrivileges 

func RaiseThreadPrivileges(privs *Privileges) error

RaiseThreadPrivileges returns the state of a threads privileges to what it was before the call to DropThreadPrivileges.

func RemoveKey 

func RemoveKey(description string) error

RemoveKey tries to remove a policy key from the kernel keyring with the provided description. An error is returned if the key does not exist.

Types

type Privileges 

type Privileges struct {
	// contains filtered or unexported fields
}

Privileges contains the state needed to restore a user's original privileges.

func DropThreadPrivileges 

func DropThreadPrivileges(euid int, egid int) (privs *Privileges, err error)

DropThreadPrivileges temporarily drops the privileges of the current thread to have the euid and egid specified. The returned opaque Privileges structure should later be passed to RestoreThreadPrivileges. Due to golang/go#1435, these privileges are only dropped for a single thread. This function also makes sure that the appropriate user keyrings are linked. This ensures that the user's keys are visible from commands like sudo.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.