maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

app: alternative inner home path

Browse Source 
Support binding home to an alternative path in the mount namespace.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra
2024-11-18 00:18:21 +09:00
parent 866270ff05
commit 05b7dbf066
6 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/app/seal.go
View File

@@ -100,15 +100,19 @@ func (a *app) Seal(config *Config) error {
seal.sys.user = appUser{
aid: config.Confinement.AppID,
as: strconv.Itoa(config.Confinement.AppID),
home: config.Confinement.Home,
data: config.Confinement.Outer,
home: config.Confinement.Inner,
username: config.Confinement.Username,
}
if seal.sys.user.username == "" {
seal.sys.user.username = "chronos"
}
if seal.sys.user.home == "" || !path.IsAbs(seal.sys.user.home) {
if seal.sys.user.data == "" || !path.IsAbs(seal.sys.user.data) {
return fmsg.WrapError(ErrHome,
fmt.Sprintf("invalid home directory %q", seal.sys.user.home))
fmt.Sprintf("invalid home directory %q", seal.sys.user.data))
}
if seal.sys.user.home == "" {
seal.sys.user.home = seal.sys.user.data
}
// invoke fsu for full uid