Documentation
¶
Index ¶
- Variables
- func NewAllowedRootsFS(source afero.Fs, allowedRoots []string) afero.Fs
- type AllowedRootsFS
- func (s *AllowedRootsFS) Chmod(name string, mode os.FileMode) error
- func (s *AllowedRootsFS) Chown(name string, uid, gid int) error
- func (s *AllowedRootsFS) Chtimes(name string, atime, mtime time.Time) error
- func (s *AllowedRootsFS) Create(name string) (afero.File, error)
- func (s *AllowedRootsFS) Mkdir(name string, perm os.FileMode) error
- func (s *AllowedRootsFS) MkdirAll(name string, perm os.FileMode) error
- func (s *AllowedRootsFS) Name() string
- func (s *AllowedRootsFS) Open(name string) (afero.File, error)
- func (s *AllowedRootsFS) OpenFile(name string, flag int, perm os.FileMode) (afero.File, error)
- func (s *AllowedRootsFS) Remove(name string) error
- func (s *AllowedRootsFS) RemoveAll(path string) error
- func (s *AllowedRootsFS) Rename(oldname, newname string) error
- func (s *AllowedRootsFS) Stat(name string) (os.FileInfo, error)
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrAccessDenied = syscall.ENOENT
ErrAccessDenied is returned when access to a file or directory is denied by AllowedRootsFS policy. We use syscall.ENOENT (No such file or directory) instead of syscall.EACCES so that CopyOnWriteFs will correctly fall back to the base filesystem when paths are outside allowed roots.
Functions ¶
Types ¶
type AllowedRootsFS ¶
type AllowedRootsFS struct {
// contains filtered or unexported fields
}
AllowedRootsFS filters files and directories by checking if they are within allowed root directories. Only files within the specified root directories will be allowed, all others get an access denied error.
Note: This filesystem is intended to be a best-effort check and cannot provide any security guarantees.
func (*AllowedRootsFS) Chtimes ¶
func (s *AllowedRootsFS) Chtimes(name string, atime, mtime time.Time) error
func (*AllowedRootsFS) MkdirAll ¶
func (s *AllowedRootsFS) MkdirAll(name string, perm os.FileMode) error
func (*AllowedRootsFS) Name ¶
func (s *AllowedRootsFS) Name() string
func (*AllowedRootsFS) Remove ¶
func (s *AllowedRootsFS) Remove(name string) error
func (*AllowedRootsFS) RemoveAll ¶
func (s *AllowedRootsFS) RemoveAll(path string) error
func (*AllowedRootsFS) Rename ¶
func (s *AllowedRootsFS) Rename(oldname, newname string) error
Source Files
Click to show internal directories.
Click to hide internal directories.