forked from security/hakurei
Ophestra
eb5ee4fece
This is the initial effort of splitting up host and container side of finalisation for params to shim. The new layout also enables much finer grained unit testing of each step, as well as partition access to per-app state for each step. Signed-off-by: Ophestra <cat@gensokyo.uk>
45 lines
1.4 KiB
Go
45 lines
1.4 KiB
Go
package app
|
|
|
|
import (
|
|
"hakurei.app/container"
|
|
"hakurei.app/hst"
|
|
"hakurei.app/system"
|
|
"hakurei.app/system/acl"
|
|
)
|
|
|
|
// spRuntimeOp sets up XDG_RUNTIME_DIR inside the container.
|
|
type spRuntimeOp struct{}
|
|
|
|
func (s spRuntimeOp) toSystem(state *outcomeStateSys, _ *hst.Config) error {
|
|
runtimeDir, runtimeDirInst := s.commonPaths(state.outcomeState)
|
|
state.sys.Ensure(runtimeDir, 0700)
|
|
state.sys.UpdatePermType(system.User, runtimeDir, acl.Execute)
|
|
state.sys.Ensure(runtimeDirInst, 0700)
|
|
state.sys.UpdatePermType(system.User, runtimeDirInst, acl.Read, acl.Write, acl.Execute)
|
|
return nil
|
|
}
|
|
|
|
func (s spRuntimeOp) toContainer(state *outcomeStateParams) error {
|
|
const (
|
|
xdgRuntimeDir = "XDG_RUNTIME_DIR"
|
|
xdgSessionClass = "XDG_SESSION_CLASS"
|
|
xdgSessionType = "XDG_SESSION_TYPE"
|
|
)
|
|
|
|
state.runtimeDir = container.AbsFHSRunUser.Append(state.mapuid.String())
|
|
state.env[xdgRuntimeDir] = state.runtimeDir.String()
|
|
state.env[xdgSessionClass] = "user"
|
|
state.env[xdgSessionType] = "tty"
|
|
|
|
_, runtimeDirInst := s.commonPaths(state.outcomeState)
|
|
state.params.Tmpfs(container.AbsFHSRunUser, 1<<12, 0755)
|
|
state.params.Bind(runtimeDirInst, state.runtimeDir, container.BindWritable)
|
|
return nil
|
|
}
|
|
|
|
func (s spRuntimeOp) commonPaths(state *outcomeState) (runtimeDir, runtimeDirInst *container.Absolute) {
|
|
runtimeDir = state.sc.SharePath.Append("runtime")
|
|
runtimeDirInst = runtimeDir.Append(state.identity.String())
|
|
return
|
|
}
|