This LDAP schema defines objects used by the Sargon project.
Base OID: 1.3.6.1.4.1.9163.3.
# depends upon: # nis.schema # Root (1.3.6.1.4.1.9163.3) # 2.1 - sargonACL -- ACL object # 1.1 - sargonUser -- User who can run docker # 1.2 - sargonHost -- Host or hostgroup that can run docker # 1.3 - sargonAllow -- Allowed action # 1.4 - sargonDeny -- Denied action # 1.5 - sargonOrder -- An integer to order sargonACL entries # 1.6 - sargonMount -- Host FS directories that are allowed to be mounted # 1.7 - sargonAllowPrivileged # -- Whether it is allowed to create privileged containers # 1.8 - sargonMaxMemory # -- Limit on memory usage # 1.9 - sargonMaxKernelMemory # -- Limit on kernel memory usage # 1.10 - sargonAllowCapability # -- Name of the linux capability that can be added # 1.11 - sargonNotBefore # -- Start of time interval for which the entry is valid # 1.12 - sargonNotAfter # -- End of time interval for which the entry is valid attributeType ( 1.3.6.1.4.1.9163.3.1.1 NAME 'sargonUser' DESC 'User who can run docker' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeType ( 1.3.6.1.4.1.9163.3.1.2 NAME 'sargonHost' DESC 'Host that can run docker' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeType ( 1.3.6.1.4.1.9163.3.1.3 NAME 'sargonAllow' DESC 'Docker action that is allowed to be taken' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeType ( 1.3.6.1.4.1.9163.3.1.4 NAME 'sargonDeny' DESC 'Docker action that is not allowed to be taken' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeType ( 1.3.6.1.4.1.9163.3.1.5 NAME 'sargonOrder' DESC 'integer to order the sargonACL entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributeType ( 1.3.6.1.4.1.9163.3.1.6 NAME 'sargonMount' DESC 'Host FS directories that are allowed to be mounted' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeType ( 1.3.6.1.4.1.9163.3.1.7 NAME 'sargonAllowPrivileged' DESC 'Whether it is allowed to create privileged containers' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributeType ( 1.3.6.1.4.1.9163.3.1.8 NAME 'sargonMaxMemory' DESC 'Limit on the memory value' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeType ( 1.3.6.1.4.1.9163.3.1.9 NAME 'sargonMaxKernelMemory' DESC 'Limit on the kernel memory value' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributeType ( 1.3.6.1.4.1.9163.3.1.10 NAME 'sargonAllowCapability' DESC 'Name of the linux capability that can be added' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeType ( 1.3.6.1.4.1.9163.3.1.11 NAME 'sargonNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributeType ( 1.3.6.1.4.1.9163.3.1.12 NAME 'sargonNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) objectClass ( 1.3.6.1.4.1.9163.3.2.1 NAME 'sargonACL' SUP top STRUCTURAL DESC 'Sargon Access Control List Entry' MUST ( cn ) MAY ( sargonUser $ sargonHost $ sargonAllow $ sargonDeny $ sargonOrder $ sargonMount $ sargonAllowPrivileged $ sargonMaxMemory $ sargonMaxKernelMemory $ sargonAllowCapability $ sargonNotBefore $ sargonNotAfter $ description ) )
This document was generated on March 13, 2022 using makeinfo.
Content is available under GNU Free Documentation License 1.3.