Implement TLS API Support

* Added flags to point to TLS PEM files to use for exposing and connecting to an encrypted remote API socket with server and client authentication. * Added TLS fields for system connection ls templates. * Added special "tls" format for system connection ls to list TLS fields in human-readable table format. * Updated remote integration and system tests to allow specifying a "transport" to run the full suite against a unix, tcp, tls, or mtls system service. * Added system tests to verify basic operation of unix, tcp, tls, and mtls services, clients, and connections. Signed-off-by: Andrew Melnick <meln5674.5674@gmail.com>
2025-12-01 18:49:18 +08:00 · 2025-07-31 18:51:37 -06:00
parent a118fdf4e2
commit feb36e4fe6
116 changed files with 1848 additions and 616 deletions
--- a/vendor/go.podman.io/common/pkg/seccomp/validate_linux.go
+++ b/vendor/go.podman.io/common/pkg/seccomp/validate_linux.go
@@ -0,0 +1,28 @@
+//go:build seccomp
+
+package seccomp
+
+import (
+	"encoding/json"
+	"fmt"
+)
+
+// ValidateProfile does a basic validation for the provided seccomp profile
+// string.
+func ValidateProfile(content string) error {
+	profile := &Seccomp{}
+	if err := json.Unmarshal([]byte(content), &profile); err != nil {
+		return fmt.Errorf("decoding seccomp profile: %w", err)
+	}
+
+	spec, err := setupSeccomp(profile, nil)
+	if err != nil {
+		return fmt.Errorf("create seccomp spec: %w", err)
+	}
+
+	if _, err := BuildFilter(spec); err != nil {
+		return fmt.Errorf("build seccomp filter: %w", err)
+	}
+
+	return nil
+}