mirror/ udica
1
1
Fork 0
mirror of https://github.com/containers/udica synced 2024-05-23 01:36:21 +02:00
Code Issues
238 Commits 3 Branches 24 Tags 1 MiB
Commit Graph

238 Commits

Author SHA1 Message Date
Mirek Jahoda df1e1f6913 Grammar fixes in the udica.8 manpage file 2019-04-08 11:45:08 +02:00
Lukas Vrabec e27dad4866
Send notifications from travis also to Jan Zarsky 2019-03-12 13:48:01 +01:00
Lukas Vrabec d1f65bc5fe
Add travis-ci.org icon if CI is passing/failing. 2019-03-12 12:53:16 +01:00
Lukas Vrabec 1e6d0ed37d
Add travis file for Travis CI 2019-03-12 12:50:54 +01:00
Jan Zarsky 1df4f2c3b8 Update testing section in README 
Udica does not have to be installed. The tests do not need to be run on
Fedora as root.
 2019-03-12 10:24:37 +01:00
Jan Zarsky 91f8fd662b Override TEMPLATES_STORE in tests 
Use "../udica/templates" so that the tests can be run without udica
installed.
 2019-03-12 10:24:37 +01:00
Jan Zarsky 840c63122a Create mock selinux and semanage module 
Previously, the tests needed to be run on SELinux enabled system as
root. Mock selinux and semanage modules so that the tests can be run
anywhere and without root permissions.
 2019-03-12 10:24:37 +01:00
Lukas Vrabec c4868c589c
Udica is also available on Python Package Index (Pypi). 
Added another way how to install udica using pypi.
 2019-03-11 13:51:42 +01:00
Lukas Vrabec c382e15ca0
Bump version of udica to v0.1.4 2019-03-11 13:33:25 +01:00
Lukas Vrabec 8d8ce5f7dd
Add Testing section in README file. 2019-03-11 13:26:32 +01:00
Jan Zarsky 60f6f136f1 Catch FileNotFoundError when inspecting containers 
Previously, when using the '-i' option, calling podman or docker could
result in FileNotFoundError which was not caught. Fix this by catching
FileNotFoundError. Also do not use shutil.which, simply call docker or
podman and check return code.
 2019-03-11 12:53:09 +01:00
Jan Zarsky a70bed2c5e Fix formatting and styling issues 
Remove extra parentheses and semicolons. Fix whitespace.
 2019-03-11 12:52:29 +01:00
Jan Zarsky 11b8ea68b6 Do not import sys 
The 'sys' packages is being imported only at apropriate places in
main().
 2019-03-11 12:52:29 +01:00
Jan Zarsky 742a7b448f Create basic tests 
Add testing JSON files generated by podman and docker. Add expected
output cil policies. Add tests that run udica on testing JSON files and
compare the result with cil policies.

The tests should be run inside the 'tests' directory using unittest:

    # python3 -m unittest

The tests are intended to be run on Fedora machine as root. Tested on
Fedora 29.
 2019-03-11 11:00:57 +01:00
Jan Zarsky ffbe67245b Restore working directory 
In load_policy(), when the '-l' option is not set, working directory is
not restored back after setting it to TEMPLATES_STORE. Fix this by
calling chdir().
 2019-03-11 10:49:50 +01:00
Lukas Vrabec 1912f1c3d2
Bump version of udica 2019-02-25 23:18:33 +01:00
Lukas Vrabec 40cf447830
Add check if runtimes are installed on the system 
Check if podman or docker runtimes are installed on the system before
udica will inspect container using commands "podman inspect" or "docker
inspect"

Resolved: #10
 2019-02-25 22:52:36 +01:00
Lukas Vrabec 96be611e55
Update README.md file because of known issue described in #8 2019-02-25 13:15:51 +01:00
Lukas Vrabec 209db5efae
Update manpage with the latest known bug described in #8 2019-02-25 13:12:57 +01:00
Lukas Vrabec f069dea86a
Fix parsing Mountpoints in docker inspect JSON file 
There was a bug that udica generate always read/write allow rules for
mountpoints specified in docker JSON file, even though mountpoint was
mounted in read only mode.
 2019-02-17 22:50:47 +01:00
Lukas Vrabec 241d846765
Update readme with docker issue 2019-02-17 22:39:53 +01:00
Lukas Vrabec 7e95b2e350
Update manpage for udica 
Small changes in manpage, like issue with mandatory option '-c' for
docker containers
 2019-02-17 22:35:26 +01:00
Lukas Vrabec 1071ec8e81
Improve capability parsing for docker containers 
It's not possible to detect capabilities used by container in docker
engine, therefore you *have to* use '-c' to specify capabilities for
docker container manually.
 2019-02-17 22:31:00 +01:00
Lukas Vrabec 45f51a454e
Fix capability allow rules when capabilities are specified in JSON file 
Podman provides capabilities in inspected JSON file, this patch fixin
the issue.
 2019-01-23 16:52:33 +01:00
Lukas Vrabec e5e1ec1c98
base_container.cil: Add allow rules 
Add additional SELinux allow rules to base container template to allow
container to read proc_type types.
 2019-01-23 16:46:56 +01:00
Lukas Vrabec 9438b65498
Rewrite of using Fedora stable repos instead of copr repo. 2019-01-22 15:00:33 +01:00
Lukas Vrabec 5a0ad3953a
Fix invalid syntax output when policy is using just one template 
Resolves: #6
 2018-10-24 17:03:16 +02:00
Lukas Vrabec d3389706cf
Bump version of udica to 0.1.1 after adding License headers and removing shebang to all source files 2018-10-23 10:18:46 +02:00
Lukas Vrabec 5064ad3d06
Remove all unnecessary shebangs 2018-10-23 10:18:27 +02:00
Lukas Vrabec 6be3210cd1
Add License to all source files 2018-10-22 17:34:14 +02:00
Lukas Vrabec e587a99452
Bump version of udica to 0.1.0 after adding support for Docker 
containers
 2018-10-13 23:22:11 +02:00
Lukas Vrabec c165ac391f
Add support for docker containers 
Example:

 # docker run -it -p 21:21 -p 80:80 -v /var/log:/var/log -v /var/spool:/var/spool fedora /bin/bash
 [root@7b1597ac695b /]#

 # docker inspect 7b1597ac695b | udica my_docker_container

 Policy my_docker_container created!

 Please load these modules using:
 # semodule -i my_docker_container.cil /usr/share/udica/templates/{base_container.cil,net_container.cil,log_container.cil}

 Restart the container with: "--security-opt label=type:my_docker_container.process" parameter

This resolves #1
 2018-10-13 23:17:26 +02:00
Lukas Vrabec f7261554b6
Update x_container template based on testing container related to Nvidia 
Cuda operations

Like:
https://hub.docker.com/r/mirrorgooglecontainers/cuda-vector-add/
 2018-10-08 11:02:34 +02:00
Lukas Vrabec 947c56d602
Add manpages 
Resolves: #4
 2018-10-08 00:20:47 +02:00
Lukas Vrabec 0012242688
Add support for communicating with libvirt daemon 
Adding template for communicating with libvirt daemon based on:
https://danwalsh.livejournal.com/81143.html
 2018-10-07 22:51:24 +02:00
Lukas Vrabec c9f465d4f3
Install also x_container and tty_container to the templates store 
Resolves: #2
 2018-10-07 22:37:25 +02:00
Lukas Vrabec 8bbf6fc60d
Add support for read/write to the controlling terminal 
Resolves #2
 2018-10-07 22:33:33 +02:00
Lukas Vrabec 45b557a0b2
Adding support for communicating with X server. 
Resolves #2
 2018-10-07 22:24:22 +02:00
Lukas Vrabec 138a2256fc
Bump version of udica to reflect tags 2018-10-07 16:53:44 +02:00
Lukas Vrabec c516f078b0
Remove "-n" or "--name" parameter. Name of the container will be required for this tool 2018-10-07 16:43:20 +02:00
Lukas Vrabec 888094ff42
Remove required parameters -i or -j and added support for reading json file from stdin. 
Udica now supports also reading standard input. Example:
 2018-10-07 16:33:19 +02:00
Lukas Vrabec a20f3e1a61
Fixing typo bug in readme file. 2018-10-02 12:43:28 +02:00
Lukas Vrabec 42e66d6130
Use subprocess.Popen instead of subprocess.run for inspecting 
Previously udica used subprocess.run function for inspecting
containers, this function is python3 only. I used subprocess.Popen and
subprocess.call to make it working also with python2
 2018-09-25 18:01:23 +02:00
Lukas Vrabec 61cb42a18d
Remove importing semanage module from setup.py file 
This module is not needed.
 2018-09-25 15:35:15 +02:00
Lukas Vrabec 96f8f36b48
Udica repo was transfered containers github organization, updating all 
repo links
 2018-09-20 19:10:12 +02:00
Lukas Vrabec 41643453da Update issue templates 2018-09-20 12:19:13 +02:00
Lukas Vrabec 5bab00829c Update issue templates 2018-09-20 12:18:39 +02:00
Lukas Vrabec 78e6ebe9b5 Update issue templates 2018-09-20 12:17:32 +02:00
Lukas Vrabec a6d0b3e3cc
Use github repo 2018-09-20 11:20:25 +02:00
Lukas Vrabec dc661e305e
Fix typos in README 2018-09-20 11:19:23 +02:00