mirror of https://github.com/k3s-io/k3s
46 lines
1.6 KiB
Go
46 lines
1.6 KiB
Go
//go:build windows
|
|
// +build windows
|
|
|
|
package config
|
|
|
|
import (
|
|
"path/filepath"
|
|
|
|
"github.com/k3s-io/k3s/pkg/cli/cmds"
|
|
"github.com/k3s-io/k3s/pkg/daemons/config"
|
|
"github.com/pkg/errors"
|
|
"github.com/rancher/permissions/pkg/access"
|
|
"github.com/rancher/permissions/pkg/acl"
|
|
"github.com/rancher/permissions/pkg/sid"
|
|
"golang.org/x/sys/windows"
|
|
)
|
|
|
|
func applyContainerdStateAndAddress(nodeConfig *config.Node) {
|
|
nodeConfig.Containerd.State = filepath.Join(nodeConfig.Containerd.Root, "state")
|
|
nodeConfig.Containerd.Address = "npipe:////./pipe/containerd-containerd"
|
|
}
|
|
|
|
func applyCRIDockerdAddress(nodeConfig *config.Node) {
|
|
nodeConfig.CRIDockerd.Address = "npipe:////.pipe/cri-dockerd"
|
|
}
|
|
|
|
func applyContainerdQoSClassConfigFileIfPresent(envInfo *cmds.Agent, containerdConfig *config.Containerd) {
|
|
// QoS-class resource management not supported on windows.
|
|
}
|
|
|
|
// configureACL will configure an Access Control List for the specified file,
|
|
// ensuring that only the LocalSystem and Administrators Group have access to the file contents
|
|
func configureACL(file string) error {
|
|
// by default Apply will use the current user (LocalSystem in the case of a Windows service)
|
|
// as the owner and current user group as the allowed group
|
|
// additionally, we define a DACL to permit access to the file to the local system and all administrators
|
|
if err := acl.Apply(file, nil, nil, []windows.EXPLICIT_ACCESS{
|
|
access.GrantSid(windows.GENERIC_ALL, sid.LocalSystem()),
|
|
access.GrantSid(windows.GENERIC_ALL, sid.BuiltinAdministrators()),
|
|
}...); err != nil {
|
|
return errors.Wrapf(err, "failed to configure Access Control List For %s", file)
|
|
}
|
|
|
|
return nil
|
|
}
|