//go:build windows // +build windows package config import ( "path/filepath" "github.com/k3s-io/k3s/pkg/agent/util/acl" "github.com/k3s-io/k3s/pkg/cli/cmds" "github.com/k3s-io/k3s/pkg/daemons/config" "github.com/pkg/errors" "golang.org/x/sys/windows" ) func applyContainerdStateAndAddress(nodeConfig *config.Node) { nodeConfig.Containerd.State = filepath.Join(nodeConfig.Containerd.Root, "state") nodeConfig.Containerd.Address = "npipe:////./pipe/containerd-containerd" } func applyCRIDockerdAddress(nodeConfig *config.Node) { nodeConfig.CRIDockerd.Address = "npipe:////.pipe/cri-dockerd" } func applyContainerdQoSClassConfigFileIfPresent(envInfo *cmds.Agent, containerdConfig *config.Containerd) { // QoS-class resource management not supported on windows. } // configureACL will configure an Access Control List for the specified file, // ensuring that only the LocalSystem and Administrators Group have access to the file contents func configureACL(file string) error { // by default Apply will use the current user (LocalSystem in the case of a Windows service) // as the owner and current user group as the allowed group // additionally, we define a DACL to permit access to the file to the local system and all administrators if err := acl.Apply(file, nil, nil, []windows.EXPLICIT_ACCESS{ acl.GrantSid(windows.GENERIC_ALL, acl.LocalSystemSID()), acl.GrantSid(windows.GENERIC_ALL, acl.BuiltinAdministratorsSID()), }...); err != nil { return errors.Wrapf(err, "failed to configure Access Control List For %s", file) } return nil }