mirror of
https://github.com/siderolabs/talos.git
synced 2025-09-17 03:41:11 +02:00
031c65be47
This creates an IMA policy at boot. It uses the default TCB policy with a dont_measure rule for XFS. Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
29 lines
917 B
Go
29 lines
917 B
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package squashfs
|
|
|
|
import (
|
|
"golang.org/x/sys/unix"
|
|
"gopkg.in/freddierice/go-losetup.v1"
|
|
|
|
"github.com/talos-systems/talos/internal/pkg/mount"
|
|
"github.com/talos-systems/talos/pkg/constants"
|
|
)
|
|
|
|
// MountPoints returns the mountpoints required to boot the system.
|
|
func MountPoints(prefix string) (mountpoints *mount.Points, err error) {
|
|
var dev losetup.Device
|
|
|
|
dev, err = losetup.Attach("/"+constants.RootfsAsset, 0, true)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
squashfs := mount.NewMountPoints()
|
|
squashfs.Set("squashfs", mount.NewMountPoint(dev.Path(), "/", "squashfs", unix.MS_RDONLY|unix.MS_I_VERSION, "", mount.WithPrefix(prefix), mount.WithReadOnly(true), mount.WithShared(true)))
|
|
|
|
return squashfs, nil
|
|
}
|