Mirek Jahoda
df1e1f6913
Grammar fixes in the udica.8 manpage file
2019-04-08 11:45:08 +02:00
Lukas Vrabec
e27dad4866
Send notifications from travis also to Jan Zarsky
2019-03-12 13:48:01 +01:00
Lukas Vrabec
d1f65bc5fe
Add travis-ci.org icon if CI is passing/failing.
2019-03-12 12:53:16 +01:00
Lukas Vrabec
1e6d0ed37d
Add travis file for Travis CI
2019-03-12 12:50:54 +01:00
Jan Zarsky
1df4f2c3b8
Update testing section in README
...
Udica does not have to be installed. The tests do not need to be run on
Fedora as root.
2019-03-12 10:24:37 +01:00
Jan Zarsky
91f8fd662b
Override TEMPLATES_STORE in tests
...
Use "../udica/templates" so that the tests can be run without udica
installed.
2019-03-12 10:24:37 +01:00
Jan Zarsky
840c63122a
Create mock selinux and semanage module
...
Previously, the tests needed to be run on SELinux enabled system as
root. Mock selinux and semanage modules so that the tests can be run
anywhere and without root permissions.
2019-03-12 10:24:37 +01:00
Lukas Vrabec
c4868c589c
Udica is also available on Python Package Index (Pypi).
...
Added another way how to install udica using pypi.
2019-03-11 13:51:42 +01:00
Lukas Vrabec
c382e15ca0
Bump version of udica to v0.1.4
2019-03-11 13:33:25 +01:00
Lukas Vrabec
8d8ce5f7dd
Add Testing section in README file.
2019-03-11 13:26:32 +01:00
Jan Zarsky
60f6f136f1
Catch FileNotFoundError when inspecting containers
...
Previously, when using the '-i' option, calling podman or docker could
result in FileNotFoundError which was not caught. Fix this by catching
FileNotFoundError. Also do not use shutil.which, simply call docker or
podman and check return code.
2019-03-11 12:53:09 +01:00
Jan Zarsky
a70bed2c5e
Fix formatting and styling issues
...
Remove extra parentheses and semicolons. Fix whitespace.
2019-03-11 12:52:29 +01:00
Jan Zarsky
11b8ea68b6
Do not import sys
...
The 'sys' packages is being imported only at apropriate places in
main().
2019-03-11 12:52:29 +01:00
Jan Zarsky
742a7b448f
Create basic tests
...
Add testing JSON files generated by podman and docker. Add expected
output cil policies. Add tests that run udica on testing JSON files and
compare the result with cil policies.
The tests should be run inside the 'tests' directory using unittest:
# python3 -m unittest
The tests are intended to be run on Fedora machine as root. Tested on
Fedora 29.
2019-03-11 11:00:57 +01:00
Jan Zarsky
ffbe67245b
Restore working directory
...
In load_policy(), when the '-l' option is not set, working directory is
not restored back after setting it to TEMPLATES_STORE. Fix this by
calling chdir().
2019-03-11 10:49:50 +01:00
Lukas Vrabec
1912f1c3d2
Bump version of udica
2019-02-25 23:18:33 +01:00
Lukas Vrabec
40cf447830
Add check if runtimes are installed on the system
...
Check if podman or docker runtimes are installed on the system before
udica will inspect container using commands "podman inspect" or "docker
inspect"
Resolved: #10
2019-02-25 22:52:36 +01:00
Lukas Vrabec
96be611e55
Update README.md file because of known issue described in #8
2019-02-25 13:15:51 +01:00
Lukas Vrabec
209db5efae
Update manpage with the latest known bug described in #8
2019-02-25 13:12:57 +01:00
Lukas Vrabec
f069dea86a
Fix parsing Mountpoints in docker inspect JSON file
...
There was a bug that udica generate always read/write allow rules for
mountpoints specified in docker JSON file, even though mountpoint was
mounted in read only mode.
2019-02-17 22:50:47 +01:00
Lukas Vrabec
241d846765
Update readme with docker issue
2019-02-17 22:39:53 +01:00
Lukas Vrabec
7e95b2e350
Update manpage for udica
...
Small changes in manpage, like issue with mandatory option '-c' for
docker containers
2019-02-17 22:35:26 +01:00
Lukas Vrabec
1071ec8e81
Improve capability parsing for docker containers
...
It's not possible to detect capabilities used by container in docker
engine, therefore you *have to* use '-c' to specify capabilities for
docker container manually.
2019-02-17 22:31:00 +01:00
Lukas Vrabec
45f51a454e
Fix capability allow rules when capabilities are specified in JSON file
...
Podman provides capabilities in inspected JSON file, this patch fixin
the issue.
2019-01-23 16:52:33 +01:00
Lukas Vrabec
e5e1ec1c98
base_container.cil: Add allow rules
...
Add additional SELinux allow rules to base container template to allow
container to read proc_type types.
2019-01-23 16:46:56 +01:00
Lukas Vrabec
9438b65498
Rewrite of using Fedora stable repos instead of copr repo.
2019-01-22 15:00:33 +01:00
Lukas Vrabec
5a0ad3953a
Fix invalid syntax output when policy is using just one template
...
Resolves: #6
2018-10-24 17:03:16 +02:00
Lukas Vrabec
d3389706cf
Bump version of udica to 0.1.1 after adding License headers and removing shebang to all source files
2018-10-23 10:18:46 +02:00
Lukas Vrabec
5064ad3d06
Remove all unnecessary shebangs
2018-10-23 10:18:27 +02:00
Lukas Vrabec
6be3210cd1
Add License to all source files
2018-10-22 17:34:14 +02:00
Lukas Vrabec
e587a99452
Bump version of udica to 0.1.0 after adding support for Docker
...
containers
2018-10-13 23:22:11 +02:00
Lukas Vrabec
c165ac391f
Add support for docker containers
...
Example:
# docker run -it -p 21:21 -p 80:80 -v /var/log:/var/log -v /var/spool:/var/spool fedora /bin/bash
[root@7b1597ac695b /]#
# docker inspect 7b1597ac695b | udica my_docker_container
Policy my_docker_container created!
Please load these modules using:
# semodule -i my_docker_container.cil /usr/share/udica/templates/{base_container.cil,net_container.cil,log_container.cil}
Restart the container with: "--security-opt label=type:my_docker_container.process" parameter
This resolves #1
2018-10-13 23:17:26 +02:00
Lukas Vrabec
f7261554b6
Update x_container template based on testing container related to Nvidia
...
Cuda operations
Like:
https://hub.docker.com/r/mirrorgooglecontainers/cuda-vector-add/
2018-10-08 11:02:34 +02:00
Lukas Vrabec
947c56d602
Add manpages
...
Resolves: #4
2018-10-08 00:20:47 +02:00
Lukas Vrabec
0012242688
Add support for communicating with libvirt daemon
...
Adding template for communicating with libvirt daemon based on:
https://danwalsh.livejournal.com/81143.html
2018-10-07 22:51:24 +02:00
Lukas Vrabec
c9f465d4f3
Install also x_container and tty_container to the templates store
...
Resolves: #2
2018-10-07 22:37:25 +02:00
Lukas Vrabec
8bbf6fc60d
Add support for read/write to the controlling terminal
...
Resolves #2
2018-10-07 22:33:33 +02:00
Lukas Vrabec
45b557a0b2
Adding support for communicating with X server.
...
Resolves #2
2018-10-07 22:24:22 +02:00
Lukas Vrabec
138a2256fc
Bump version of udica to reflect tags
2018-10-07 16:53:44 +02:00
Lukas Vrabec
c516f078b0
Remove "-n" or "--name" parameter. Name of the container will be required for this tool
2018-10-07 16:43:20 +02:00
Lukas Vrabec
888094ff42
Remove required parameters -i or -j and added support for reading json file from stdin.
...
Udica now supports also reading standard input. Example:
2018-10-07 16:33:19 +02:00
Lukas Vrabec
a20f3e1a61
Fixing typo bug in readme file.
2018-10-02 12:43:28 +02:00
Lukas Vrabec
42e66d6130
Use subprocess.Popen instead of subprocess.run for inspecting
...
Previously udica used subprocess.run function for inspecting
containers, this function is python3 only. I used subprocess.Popen and
subprocess.call to make it working also with python2
2018-09-25 18:01:23 +02:00
Lukas Vrabec
61cb42a18d
Remove importing semanage module from setup.py file
...
This module is not needed.
2018-09-25 15:35:15 +02:00
Lukas Vrabec
96f8f36b48
Udica repo was transfered containers github organization, updating all
...
repo links
2018-09-20 19:10:12 +02:00
Lukas Vrabec
41643453da
Update issue templates
2018-09-20 12:19:13 +02:00
Lukas Vrabec
5bab00829c
Update issue templates
2018-09-20 12:18:39 +02:00
Lukas Vrabec
78e6ebe9b5
Update issue templates
2018-09-20 12:17:32 +02:00
Lukas Vrabec
a6d0b3e3cc
Use github repo
2018-09-20 11:20:25 +02:00
Lukas Vrabec
dc661e305e
Fix typos in README
2018-09-20 11:19:23 +02:00