Esempio n. 1
0
func (d *Daemon) PolicyInit() error {
	for k, v := range labels.ResDec {

		key := labels.ReservedID(uint32(v)).String()
		lbl := labels.NewLabel(
			key, "", common.ReservedLabelSource,
		)
		secLbl := labels.NewSecCtxLabel()
		secLbl.ID = uint32(v)
		secLbl.AddOrUpdateContainer(lbl.String())
		secLbl.Labels[k] = lbl

		policyMapPath := fmt.Sprintf("%sreserved_%d", common.PolicyMapPath, uint32(v))

		policyMap, _, err := policymap.OpenMap(policyMapPath)
		if err != nil {
			return fmt.Errorf("Could not create policy BPF map '%s': %s", policyMapPath, err)
		}

		if c := policy.GetConsumable(uint32(v), secLbl); c == nil {
			return fmt.Errorf("Unable to initialize consumable for %v", secLbl)
		} else {
			d.reservedConsumables = append(d.reservedConsumables, c)
			c.AddMap(policyMap)
		}
	}

	return nil
}
Esempio n. 2
0
func (e *Endpoint) SetSecLabel(labels *labels.SecCtxLabel) {
	e.SecLabel = labels
	e.Consumable = policy.GetConsumable(labels.ID, labels)
}