func (d *Daemon) PolicyInit() error {
for k, v := range labels.ResDec {
key := labels.ReservedID(uint32(v)).String()
lbl := labels.NewLabel(
key, "", common.ReservedLabelSource,
)
secLbl := labels.NewSecCtxLabel()
secLbl.ID = uint32(v)
secLbl.AddOrUpdateContainer(lbl.String())
secLbl.Labels[k] = lbl
policyMapPath := fmt.Sprintf("%sreserved_%d", common.PolicyMapPath, uint32(v))
policyMap, _, err := policymap.OpenMap(policyMapPath)
if err != nil {
return fmt.Errorf("Could not create policy BPF map '%s': %s", policyMapPath, err)
}
if c := policy.GetConsumable(uint32(v), secLbl); c == nil {
return fmt.Errorf("Unable to initialize consumable for %v", secLbl)
} else {
d.reservedConsumables = append(d.reservedConsumables, c)
c.AddMap(policyMap)
}
}
return nil
}
func (s *CommonSuite) TestReservedID(c *C) {
i1 := labels.GetID("host")
c.Assert(i1, Equals, labels.ID_HOST)
c.Assert(i1.String(), Equals, "host")
i2 := labels.GetID("world")
c.Assert(i2, Equals, labels.ID_WORLD)
c.Assert(i2.String(), Equals, "world")
c.Assert(labels.GetID("unknown"), Equals, labels.ID_UNKNOWN)
unknown := labels.ReservedID(700)
c.Assert(unknown.String(), Equals, "")
}
// GetLabels returns the SecCtxLabels that belongs to the given id.
func (d *Daemon) GetLabels(id uint32) (*labels.SecCtxLabel, error) {
if id > 0 && id < common.FirstFreeLabelID {
key := labels.ReservedID(id).String()
if key == "" {
return nil, nil
}
lbl := labels.NewLabel(
key, "", common.ReservedLabelSource,
)
secLbl := labels.NewSecCtxLabel()
secLbl.AddOrUpdateContainer(lbl.String())
secLbl.ID = id
secLbl.Labels = labels.Labels{
common.ReservedLabelSource: lbl,
}
return secLbl, nil
}
strID := strconv.FormatUint(uint64(id), 10)
rmsg, err := d.kvClient.GetValue(path.Join(common.LabelIDKeyPath, strID))
if err != nil {
return nil, err
}
if rmsg == nil {
return nil, nil
}
var secCtxLabels labels.SecCtxLabel
if err := json.Unmarshal(rmsg, &secCtxLabels); err != nil {
return nil, err
}
if secCtxLabels.RefCount() == 0 {
return nil, nil
}
return &secCtxLabels, nil
}