This package is replaced by container/stub. Remove and replace it with unexported implementation for the upcoming test suite rewrite.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The whole RunState ugliness and the other horrendous error handling conditions for internal/app come from an old design proposal for maintaining all app containers under the same daemon process for a user. The proposal was ultimately rejected but the implementation remained. It is removed here to alleviate internal/app from much of its ugliness and unreadability.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This catches cases where the shim has somehow locked up, so it should wait out the full shim WaitDelay as well.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This turns out to still be quite useful across internal/app and its relatives. Perhaps a cleaner replacement for baseError.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This was a stopgap solution that lasted for way too long. This finally removes it and prepares internal/app for some major changes.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The mutex is not really doing anything, none of these methods make sense when called concurrently anyway. The copylocks analysis is still satisfied by the noCopy struct.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This helps indicate the exact origin and nature of the error. This eliminates generic WrapErr from container.
Signed-off-by: Ophestra <cat@gensokyo.uk>
It is very clear at this point that there will not be multiple implementations of App, and the internal/app package will never move out of internal due to hsu.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The privileged user is identifier to hakurei through its hsu userid. Using the kernel uid here makes little sense and is a leftover design choice from before hsu was implemented.
Closes#7.
Signed-off-by: Ophestra <cat@gensokyo.uk>
There is no reason to give the home directory special treatment, as this behaviour can be quite confusing. The home directory also does not necessarily require its own mount point, it could be provided by a parent or simply be ephemeral.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This allows any fstype supported by hst to be directly mounted on sysroot. A special case in internal/app applies the matching entry early and excludes it from path hiding.
Closes#5.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The socket is typically owned by the priv-user, and inaccessible by the target user, so just allowing access to the directory is not enough. This change fixes this oversight and add checks that will also be useful for merging security/hakurei#1.
Signed-off-by: Ophestra <cat@gensokyo.uk>
Having the bit field value here (in decimal, no less) is unfriendly to text editors. Use a bunch of booleans here to improve ease of use.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is way higher level than the container package and does not even work unless every path is mounted in the exact same location.
This behaviour causes nothing but confusion and problems,
Signed-off-by: Ophestra <cat@gensokyo.uk>
This increases readability since this can help disambiguate absolute paths from similarly named path segments.
Signed-off-by: Ophestra <cat@gensokyo.uk>
There is usually no good reason to write to /dev. This however doesn't work in internal/app because FilesystemConfig supplied by ContainerConfig might add entries to /dev, so internal/app follows DevWritable with Remount instead.
Signed-off-by: Ophestra <cat@gensokyo.uk>
There is no reason to mount mqueue anywhere else, and these Ops usually follow each other. This change merges them. This helps decrease IPC overhead and also enables mounting dev readonly.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This does nothing for security, but should help avoid hiding bugs of programs developed in a hakurei container.
Signed-off-by: Ophestra <cat@gensokyo.uk>
Doing this instead of mounting directly on / because it's impossible to ensure a parent is available for every path hakurei wants to mount to. This situation is similar to autoetc hence the similar name, however a symlink mirror will not work in this case.
Signed-off-by: Ophestra <cat@gensokyo.uk>
