system/tmpfiles: implement private tmpfiles

These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-17 00:07:52 +09:00
parent 60c10c3f4a
commit 82a072f641
7 changed files with 66 additions and 125 deletions
--- a/internal/system/op_test.go
+++ b/internal/system/op_test.go
@@ -100,7 +100,7 @@ func TestI_Equal(t *testing.T) {
 			"op type mismatch",
 			system.New(150).
 				ChangeHosts("chronos").
-				CopyFile("/tmp/fortify.1971/30c9543e0a2c9621a8bfecb9d874c347/pulse-cookie", "/home/ophestra/xdg/config/pulse/cookie"),
+				CopyFile(new([]byte), "/home/ophestra/xdg/config/pulse/cookie", 0, 256),
 			system.New(150).
 				ChangeHosts("chronos").
 				Ensure("/run", 0755),