maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

cmd: shim and init into separate binaries

Browse Source 
This change also fixes a deadlock when shim fails to connect and complete the setup.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra
2024-11-02 03:03:44 +09:00
parent 4b7b899bb3
commit 584732f80a
27 changed files with 350 additions and 218 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/app/start.go
View File

@@ -8,9 +8,10 @@ import (
"path/filepath"
"strings"
shim0 "git.ophivana.moe/security/fortify/cmd/fshim/ipc"
"git.ophivana.moe/security/fortify/cmd/fshim/ipc/shim"
"git.ophivana.moe/security/fortify/helper"
"git.ophivana.moe/security/fortify/internal/fmsg"
"git.ophivana.moe/security/fortify/internal/shim"
"git.ophivana.moe/security/fortify/internal/state"
"git.ophivana.moe/security/fortify/internal/system"
)
@@ -22,9 +23,9 @@ func (a *app) Start() error {
defer a.lock.Unlock()
// resolve exec paths
shimExec := [3]string{a.seal.sys.executable, helper.BubblewrapName}
shimExec := [2]string{helper.BubblewrapName}
if len(a.seal.command) > 0 {
shimExec[2] = a.seal.command[0]
shimExec[1] = a.seal.command[0]
}
for i, n := range shimExec {
if len(n) == 0 {
@@ -53,7 +54,7 @@ func (a *app) Start() error {
// construct shim manager
a.shim = shim.New(a.seal.toolPath, uint32(a.seal.sys.UID()), path.Join(a.seal.share, "shim"), a.seal.wl,
&shim.Payload{
&shim0.Payload{
Argv: a.seal.command,
Exec: shimExec,
Bwrap: a.seal.sys.bwrap,