1+ use std:: path:: Path ;
2+ use std:: fs:: File ;
3+ extern crate serde;
4+ use serde:: Deserialize ;
5+
6+ #[ derive( thiserror:: Error , Debug ) ]
7+ enum DockerConfigError {
8+ #[ error( "could not retrieve the runc status" ) ]
9+ Status ( #[ from] std:: io:: Error ) ,
10+
11+ #[ error( "could not format" ) ]
12+ Format ( #[ from] std:: fmt:: Error ) ,
13+
14+ #[ error( "could not convert bytes to utf-8 string" ) ]
15+ Utf8 ( #[ from] std:: string:: FromUtf8Error ) ,
16+
17+ #[ error( "could not parse JSON" ) ]
18+ Json ( #[ from] serde_json:: Error ) ,
19+
20+ #[ error( "could not find sandbox container bundle directory" ) ]
21+ BundleDirError ,
22+ }
23+
24+ #[ derive( Debug , Deserialize ) ]
25+ #[ serde( rename_all = "camelCase" ) ]
26+ struct Mount {
27+ destination : String ,
28+ r#type : String ,
29+ source : String ,
30+ options : Vec < String >
31+ }
32+
33+ #[ derive( Debug , Deserialize ) ]
34+ #[ serde( rename_all = "camelCase" ) ]
35+ struct Mounts {
36+ mounts : Vec < Mount >
37+ }
38+
39+ //noinspection RsMainFunctionNotFound
40+ pub fn config < P : AsRef < std:: path:: Path > > (
41+ container_bundle : P ,
42+ ) -> Result < Option < std:: string:: String > > {
43+ let bundle_path = container_bundle. as_ref ( ) ;
44+ let config_path = bundle_path. join ( "config.json" ) ;
45+ let f = std:: fs:: File :: open ( config_path) ?;
46+ let r = std:: io:: BufReader :: new ( f) ;
47+
48+ let m: Mounts = serde_json:: from_reader ( r) . expect ( "JSON was not well-formatted" ) ;
49+
50+ for test in m. mounts {
51+ let source: Vec < & str > = test. source . split ( '/' ) . collect ( ) ;
52+ if source. len ( ) > 1 {
53+ if source[ source. len ( ) - 1 ] == "hostname" {
54+ let config_v2= str:: replace ( & test. source , "hostname" , "config.v2.json" ) ;
55+ return Ok ( Some ( config_v2) ) ;
56+ }
57+ }
58+ }
59+
60+ Ok ( None )
61+ }
62+
63+ use serde_json:: { Result , Value } ;
64+ use serde_json:: map:: Values ;
65+
66+ pub fn label ( docker_bundle : & str ) -> Result < lockc:: bpfstructs:: container_policy_level > {
67+ let config_path = docker_bundle. as_ref ( ) ;
68+ let f = std:: fs:: File :: open ( config_path) ?;
69+ let r = std:: io:: BufReader :: new ( f) ;
70+
71+ let l: Value = serde_json:: from_reader ( r) . expect ( "JSON was not well-formatted" ) ;
72+
73+ let x = l[ "Config" ] [ "Labels" ] [ "org.lockc.policy" ] . as_str ( ) ;
74+
75+ match x {
76+ Some ( x) => match x. as_str ( ) {
77+ "restricted" => {
78+ Ok ( lockc:: bpfstructs:: container_policy_level_POLICY_LEVEL_RESTRICTED)
79+ }
80+ "baseline" => Ok ( lockc:: bpfstructs:: container_policy_level_POLICY_LEVEL_BASELINE) ,
81+ "privileged" => {
82+ Ok ( lockc:: bpfstructs:: container_policy_level_POLICY_LEVEL_PRIVILEGED)
83+ }
84+ _ => Ok ( lockc:: bpfstructs:: container_policy_level_POLICY_LEVEL_BASELINE)
85+ }
86+ None => Ok ( lockc:: bpfstructs:: container_policy_level_POLICY_LEVEL_BASELINE) ,
87+ }
88+
89+ Ok ( ( ) )
90+ }
91+
92+ fn main ( ) { }
0 commit comments