security

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 20, 2025 License: GPL-3.0 Imports: 14 Imported by: 0

Documentation

Overview

Package security implements privilege management and execution of privileged actions in security contexts.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNoSecurityCtx            = errors.New("security context not found")
	ErrSecurityCtxDataAssertion = errors.New("data type cannot be asserted")
)

Custom errors.

Functions

func DropCapabilities 

func DropCapabilities() error

DropCapabilities drops any existing capabilities on the process.

func ExecAsUser 

func ExecAsUser(data any) error

ExecAsUser executes a subprocess as a given user inside a security context.

func GetDefaultRunAsUser 

func GetDefaultRunAsUser() (string, error)

GetDefaultRunAsUser returns default run as user for CLI args based on current user.

Types

type Config 

type Config struct {
	RunAsUser      string      // Change to this user if app is started as root
	Caps           []cap.Value // Capabilities necessary for the app
	ReadPaths      []string    // Paths that "RunAsUser" user able to read
	ReadWritePaths []string    // Paths that "RunAsUser" user able to read/write
}

type ExecSecurityCtxData 

type ExecSecurityCtxData struct {
	Context context.Context //nolint:containedctx
	Cmd     []string
	Environ []string
	UID     int
	GID     int
	StdOut  []byte
	Logger  *slog.Logger
}

ExecSecurityCtxData contains the input/output data for executing subprocess inside security context.

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager implements security manager.

func NewManager 

func NewManager(c *Config, logger *slog.Logger) (*Manager, error)

NewManager returns a new instance of security manager.

func (*Manager) DeleteACLEntries 

func (m *Manager) DeleteACLEntries() error

DeleteACLEntries removes any ACL added entries. Even after deletion there can be stable mask entry left because of the bootstraping (https://github.com/steiler/acls/blob/4ab4fd13906d754855a374a0cb0e0a41124efa54/acls.go#L69-L74) made the ACL lib when no ACLs found on the path. We can technically remove this mask entry as well but if dont know if that entry is added by us or already exists In order to keep the logic simpler, we leave the mask entry as such as it does not have any effect without any valid ACL entry.

func (*Manager) DropPrivileges 

func (m *Manager) DropPrivileges(enableEffective bool) error

DropPrivileges will change `root` user to run as user and drop any unnecessary privileges only keeping the ones passed in `caps` argument. If current user is not root, this function is no-op and we expect either process or file to have necessary capabilities in the production environments.

type SCConfig 

type SCConfig struct {
	Logger *slog.Logger
	Func   func(any) error
	Caps   []cap.Value
	Name   string

	// Execute function natively without a security context.
	// This is an escape hatch in case if we want to turn of
	// capability awareness but still use the same API design.
	ExecNatively bool
}

type SecurityContext 

type SecurityContext struct {
	Name string
	// contains filtered or unexported fields
}

SecurityContext implements a security context where functions can be safely executed with required privileges on a thread locked to OS.

func NewSecurityContext 

func NewSecurityContext(c *SCConfig) (*SecurityContext, error)

NewSecurityContext returns a new instance of SecurityContext.

func (*SecurityContext) Exec 

func (s *SecurityContext) Exec(data any) error

Exec executes the function inside the security context and returns error if any.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.