mirror of
https://github.com/siderolabs/talos.git
synced 2025-09-16 19:31:13 +02:00
031c65be47
This creates an IMA policy at boot. It uses the default TCB policy with a dont_measure rule for XFS. Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
33 lines
877 B
Go
33 lines
877 B
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package overlay
|
|
|
|
import (
|
|
"golang.org/x/sys/unix"
|
|
|
|
"github.com/talos-systems/talos/internal/pkg/mount"
|
|
)
|
|
|
|
// MountPoints returns the mountpoints required to boot the system.
|
|
// These moiuntpoints are used as overlays on top of the read only rootfs.
|
|
func MountPoints() (mountpoints *mount.Points, err error) {
|
|
mountpoints = mount.NewMountPoints()
|
|
|
|
overlays := []string{
|
|
"/etc/kubernetes",
|
|
"/etc/cni",
|
|
"/usr/libexec/kubernetes",
|
|
"/usr/etc/udev",
|
|
"/opt",
|
|
}
|
|
|
|
for _, target := range overlays {
|
|
mountpoint := mount.NewMountPoint("", target, "", unix.MS_I_VERSION, "", mount.WithOverlay(true))
|
|
mountpoints.Set(target, mountpoint)
|
|
}
|
|
|
|
return mountpoints, nil
|
|
}
|