maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

hst/config: remove data field, rename dir to home

Browse Source 
There is no reason to give the home directory special treatment, as this behaviour can be quite confusing. The home directory also does not necessarily require its own mount point, it could be provided by a parent or simply be ephemeral.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-08-26 00:52:49 +09:00
parent 878b66022e
commit c9facb746b
20 changed files with 44 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
internal/app/seal_linux.go
View File

@@ -144,8 +144,6 @@ type hsuUser struct {
// supplementary group ids
supp []string
// home directory host path
data *container.Absolute
// app user home directory
home *container.Absolute
// passwd database username
@@ -161,8 +159,8 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
if config == nil {
return hlog.WrapErr(syscall.EINVAL, syscall.EINVAL.Error())
}
if config.Data == nil {
return hlog.WrapErr(os.ErrInvalid, "invalid data directory")
if config.Home == nil {
return hlog.WrapErr(os.ErrInvalid, "invalid path to home directory")
}
{
@@ -183,8 +181,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
seal.user = hsuUser{
aid: newInt(config.Identity),
data: config.Data,
home: config.Dir,
home: config.Home,
username: config.Username,
}
if seal.user.username == "" {
@@ -194,9 +191,6 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
return hlog.WrapErr(ErrName,
fmt.Sprintf("invalid user name %q", seal.user.username))
}
if seal.user.home == nil {
seal.user.home = seal.user.data
}
if u, err := sys.Uid(seal.user.aid.unwrap()); err != nil {
return err
} else {
@@ -244,6 +238,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
Tty: true,
Filesystem: []hst.FilesystemConfigJSON{
// autoroot, includes the home directory
{&hst.FSBind{
Target: container.AbsFHSRoot,
Source: container.AbsFHSRoot,
@@ -347,7 +342,6 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
if seal.user.username != "" {
username = seal.user.username
}
seal.container.Bind(seal.user.data, seal.user.home, container.BindWritable)
seal.container.Dir = seal.user.home
seal.env["HOME"] = seal.user.home.String()
seal.env["USER"] = username