|
|
|
@ -5,6 +5,7 @@ import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"io/ioutil"
|
|
|
|
|
"path"
|
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
|
|
"github.com/subgraph/oz/network"
|
|
|
|
|
)
|
|
|
|
@ -42,9 +43,12 @@ type Profile struct {
|
|
|
|
|
Environment []EnvVar
|
|
|
|
|
// Networking
|
|
|
|
|
Networking NetworkProfile
|
|
|
|
|
// Seccomp
|
|
|
|
|
Seccomp SeccompConf
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type AudioMode string
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
PROFILE_AUDIO_NONE AudioMode = "none"
|
|
|
|
|
PROFILE_AUDIO_SPEAKER AudioMode = "speaker"
|
|
|
|
@ -62,6 +66,13 @@ type XServerConf struct {
|
|
|
|
|
AudioMode AudioMode `json:"audio_mode"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type SeccompConf struct {
|
|
|
|
|
Mode string
|
|
|
|
|
Enforce bool
|
|
|
|
|
Seccomp_Whitelist string
|
|
|
|
|
Seccomp_Blacklist string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type WhitelistItem struct {
|
|
|
|
|
Path string
|
|
|
|
|
ReadOnly bool `json:"read_only"`
|
|
|
|
@ -157,6 +168,8 @@ func LoadProfiles(dir string) (Profiles, error) {
|
|
|
|
|
for _, f := range fs {
|
|
|
|
|
if !f.IsDir() {
|
|
|
|
|
name := path.Join(dir, f.Name())
|
|
|
|
|
if strings.Contains(f.Name(), ".json") {
|
|
|
|
|
|
|
|
|
|
p, err := loadProfileFile(name)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("error loading '%s': %v", f.Name(), err)
|
|
|
|
@ -164,6 +177,7 @@ func LoadProfiles(dir string) (Profiles, error) {
|
|
|
|
|
ps = append(ps, p)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
loadedProfiles = ps
|
|
|
|
|
return ps, nil
|
|
|
|
|