コード例 #1
0
ファイル: policy.go プロジェクト: cilium-team/cilium
func (d *Daemon) PolicyInit() error {
	for k, v := range labels.ResDec {

		key := labels.ReservedID(uint32(v)).String()
		lbl := labels.NewLabel(
			key, "", common.ReservedLabelSource,
		)
		secLbl := labels.NewSecCtxLabel()
		secLbl.ID = uint32(v)
		secLbl.AddOrUpdateContainer(lbl.String())
		secLbl.Labels[k] = lbl

		policyMapPath := fmt.Sprintf("%sreserved_%d", common.PolicyMapPath, uint32(v))

		policyMap, _, err := policymap.OpenMap(policyMapPath)
		if err != nil {
			return fmt.Errorf("Could not create policy BPF map '%s': %s", policyMapPath, err)
		}

		if c := policy.GetConsumable(uint32(v), secLbl); c == nil {
			return fmt.Errorf("Unable to initialize consumable for %v", secLbl)
		} else {
			d.reservedConsumables = append(d.reservedConsumables, c)
			c.AddMap(policyMap)
		}
	}

	return nil
}
コード例 #2
0
ファイル: policy_test.go プロジェクト: cilium-team/cilium
func (s *CommonSuite) TestReservedID(c *C) {
	i1 := labels.GetID("host")
	c.Assert(i1, Equals, labels.ID_HOST)
	c.Assert(i1.String(), Equals, "host")

	i2 := labels.GetID("world")
	c.Assert(i2, Equals, labels.ID_WORLD)
	c.Assert(i2.String(), Equals, "world")

	c.Assert(labels.GetID("unknown"), Equals, labels.ID_UNKNOWN)
	unknown := labels.ReservedID(700)
	c.Assert(unknown.String(), Equals, "")
}
コード例 #3
0
ファイル: labels.go プロジェクト: cilium-team/cilium
// GetLabels returns the SecCtxLabels that belongs to the given id.
func (d *Daemon) GetLabels(id uint32) (*labels.SecCtxLabel, error) {
	if id > 0 && id < common.FirstFreeLabelID {
		key := labels.ReservedID(id).String()
		if key == "" {
			return nil, nil
		}

		lbl := labels.NewLabel(
			key, "", common.ReservedLabelSource,
		)
		secLbl := labels.NewSecCtxLabel()
		secLbl.AddOrUpdateContainer(lbl.String())
		secLbl.ID = id
		secLbl.Labels = labels.Labels{
			common.ReservedLabelSource: lbl,
		}

		return secLbl, nil
	}

	strID := strconv.FormatUint(uint64(id), 10)
	rmsg, err := d.kvClient.GetValue(path.Join(common.LabelIDKeyPath, strID))
	if err != nil {
		return nil, err
	}
	if rmsg == nil {
		return nil, nil
	}

	var secCtxLabels labels.SecCtxLabel
	if err := json.Unmarshal(rmsg, &secCtxLabels); err != nil {
		return nil, err
	}
	if secCtxLabels.RefCount() == 0 {
		return nil, nil
	}
	return &secCtxLabels, nil
}