Turns out this did not work because in the vm test harness, virtualisation.fileSystems completely and silently overrides fileSystems, causing its contents to not even be evaluated anymore. This is not documented as far as I can tell, and is not obvious by any stretch of the imagination. The current hack is cargo culted from nix-community/impermanence and hopefully lasts until this project fully replaces nix.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This optional behaviour is required on NixOS as it is otherwise impossible to set this up: systemd.mounts breaks startup order somehow even though my unit looks identical to generated ones, fileSystems does not support any kind of initialisation or ordering other than against other mount points.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This should have been handled in a custom option parsing function, but that much extra complexity is unnecessary for this edge case. Honestly I do not know why libfuse does not handle this itself.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This replaces the forking daemonise libfuse function which prevents Go callbacks from calling into the runtime. This also enforces least privilege on the daemon process.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is not really just library wrapper functions, but instead implements the callbacks, so fuse-operations makes more sense.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is never called directly anywhere and it is simple enough to be included in the macro. This avoids passing the pointer around and dereferencing errno location, resulting in over 5% increase in throughput on the clang build. No change in the gcc build though.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This filesystem does not support symbolic links, so readlink is not useful, and unreachable in this case because of the check in getattr.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The interface provided by net is not used here and is a leftover from a previous implementation. This change removes it.
Signed-off-by: Ophestra <cat@gensokyo.uk>
The interface does not expose underlying kernel notification mechanisms. This change removes the need to poll in situations were the next call might block.
This is made cumbersome by the SyscallConn interface left over from a previous implementation, it will be replaced in a later commit as the current implementation does not make use of any net.Conn methods other than Close.
Signed-off-by: Ophestra <cat@gensokyo.uk>
When returned wrapped as a syscall error, these are impossible to recover from, so wrap them as a fatal error.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst.
Closes#29.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is a private work directory owned by the specific shim. Useful for sockets owned by this instance of the shim and requires no direct assistance from the priv-side process.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is unfortunately the only possible setup to securely expose PipeWire to the container. Further explanation explained in the doc comment and #29.
This will be implemented in a future commit.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This method can result in an error targeting it, so it is handled here. This change also causes a call to Create to also Core::Sync, as it should have done.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This proxy can be destroyed by sending a Core::Destroy targeting it. This change implements the Destroy method by embedding destructible.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This change reorders and groups struct elements. This improves readability since this struct holds a lot of state loosely related to each other.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This change also implements pending destructible check on Sync. Destruction method should always be implemented as a wrapper of destructible.destroy.
Signed-off-by: Ophestra <cat@gensokyo.uk>
Nothing uses this right now, this would have to be called by wrapper methods on Registry that would search the objects
Signed-off-by: Ophestra <cat@gensokyo.uk>
This now calls unmarshalCheckTypeBounds to advance to the next message. Additionally, handling for None value is relocated to a function for reuse by other types.
Signed-off-by: Ophestra <cat@gensokyo.uk>
Receiving this event indicates something has gone terribly wrong somehow, and ignoring Core::BoundProps causes inconsistent state anyway.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is emitted by the server when a proxy id is removed for any reason. Currently, the only path for this to be emitted is when a global object is destroyed while some proxy is still bound to it.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This flushes message buffer before queueing the event expecting the error. Since this is quite useful and relatively complex, it is relocated to a method of Context.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This requires error handling infrastructure in Core that does not yet exist, so it is not exported for now. It has been manually tested via linkname against PipeWire.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is emitted by PipeWire when a global object disappears, because PipeWire insists that all clients that had called Core::GetRegistry must constantly sync its local registry state with the remote.
Signed-off-by: Ophestra <cat@gensokyo.uk>
