From 24618ab9a1524e8b8986a9bf67667288e642fcf1 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Mon, 17 Mar 2025 02:55:36 +0900 Subject: [PATCH] sandbox: move out of internal Signed-off-by: Ophestra --- cmd/fpkg/main.go | 2 +- dbus/dbus_test.go | 2 +- dbus/proc.go | 4 ++-- helper/bwrap/config_test.go | 2 +- helper/bwrap/seccomp.go | 2 +- helper/container.go | 2 +- helper/container_test.go | 2 +- internal/app/init0/main.go | 2 +- internal/app/shim/main.go | 2 +- internal/app/shim/manager.go | 2 +- internal/output.go | 4 ++-- internal/sys/std.go | 2 +- ldd/exec.go | 2 +- main.go | 2 +- {internal/sandbox => sandbox}/const.go | 0 {internal/sandbox => sandbox}/container.go | 2 +- {internal/sandbox => sandbox}/container_test.go | 4 ++-- {internal/sandbox => sandbox}/executable.go | 0 {internal/sandbox => sandbox}/executable_test.go | 2 +- {internal/sandbox => sandbox}/init.go | 2 +- {internal/sandbox => sandbox}/mount.go | 0 {internal/sandbox => sandbox}/msg.go | 0 {internal/sandbox => sandbox}/output.go | 0 {internal/sandbox => sandbox}/overflow.go | 0 {internal/sandbox => sandbox}/params.go | 0 {internal/sandbox => sandbox}/path.go | 0 {seccomp => sandbox/seccomp}/api.go | 0 {seccomp => sandbox/seccomp}/export.go | 0 {seccomp => sandbox/seccomp}/export_test.go | 2 +- {seccomp => sandbox/seccomp}/output.go | 0 {seccomp => sandbox/seccomp}/seccomp-build.c | 0 {seccomp => sandbox/seccomp}/seccomp-build.h | 0 {seccomp => sandbox/seccomp}/seccomp.go | 0 {seccomp => sandbox/seccomp}/seccomp_test.go | 2 +- {internal/sandbox => sandbox}/sequential.go | 0 {internal/sandbox => sandbox}/syscall.go | 0 system/output.go | 2 +- 37 files changed, 24 insertions(+), 24 deletions(-) rename {internal/sandbox => sandbox}/const.go (100%) rename {internal/sandbox => sandbox}/container.go (98%) rename {internal/sandbox => sandbox}/container_test.go (98%) rename {internal/sandbox => sandbox}/executable.go (100%) rename {internal/sandbox => sandbox}/executable_test.go (82%) rename {internal/sandbox => sandbox}/init.go (99%) rename {internal/sandbox => sandbox}/mount.go (100%) rename {internal/sandbox => sandbox}/msg.go (100%) rename {internal/sandbox => sandbox}/output.go (100%) rename {internal/sandbox => sandbox}/overflow.go (100%) rename {internal/sandbox => sandbox}/params.go (100%) rename {internal/sandbox => sandbox}/path.go (100%) rename {seccomp => sandbox/seccomp}/api.go (100%) rename {seccomp => sandbox/seccomp}/export.go (100%) rename {seccomp => sandbox/seccomp}/export_test.go (98%) rename {seccomp => sandbox/seccomp}/output.go (100%) rename {seccomp => sandbox/seccomp}/seccomp-build.c (100%) rename {seccomp => sandbox/seccomp}/seccomp-build.h (100%) rename {seccomp => sandbox/seccomp}/seccomp.go (100%) rename {seccomp => sandbox/seccomp}/seccomp_test.go (96%) rename {internal/sandbox => sandbox}/sequential.go (100%) rename {internal/sandbox => sandbox}/syscall.go (100%) diff --git a/cmd/fpkg/main.go b/cmd/fpkg/main.go index 63a3f77d..e23ce500 100644 --- a/cmd/fpkg/main.go +++ b/cmd/fpkg/main.go @@ -17,8 +17,8 @@ import ( "git.gensokyo.uk/security/fortify/internal/app/init0" "git.gensokyo.uk/security/fortify/internal/app/shim" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/internal/sys" + "git.gensokyo.uk/security/fortify/sandbox" ) const shellPath = "/run/current-system/sw/bin/bash" diff --git a/dbus/dbus_test.go b/dbus/dbus_test.go index bba06f6c..740ab522 100644 --- a/dbus/dbus_test.go +++ b/dbus/dbus_test.go @@ -15,7 +15,7 @@ import ( "git.gensokyo.uk/security/fortify/helper" "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) func TestNew(t *testing.T) { diff --git a/dbus/proc.go b/dbus/proc.go index 446ca90e..07e8b782 100644 --- a/dbus/proc.go +++ b/dbus/proc.go @@ -14,9 +14,9 @@ import ( "syscall" "git.gensokyo.uk/security/fortify/helper" - "git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/ldd" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) // Start launches the D-Bus proxy. diff --git a/helper/bwrap/config_test.go b/helper/bwrap/config_test.go index 7e78c8fb..720ef404 100644 --- a/helper/bwrap/config_test.go +++ b/helper/bwrap/config_test.go @@ -7,7 +7,7 @@ import ( "git.gensokyo.uk/security/fortify/helper/bwrap" "git.gensokyo.uk/security/fortify/helper/proc" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) func TestConfig_Args(t *testing.T) { diff --git a/helper/bwrap/seccomp.go b/helper/bwrap/seccomp.go index f5132be3..22532038 100644 --- a/helper/bwrap/seccomp.go +++ b/helper/bwrap/seccomp.go @@ -5,7 +5,7 @@ import ( "strconv" "git.gensokyo.uk/security/fortify/helper/proc" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) type SyscallPolicy struct { diff --git a/helper/container.go b/helper/container.go index 4eb57c3b..33ab1e3a 100644 --- a/helper/container.go +++ b/helper/container.go @@ -9,7 +9,7 @@ import ( "sync" "git.gensokyo.uk/security/fortify/helper/proc" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) // New initialises a Helper instance with wt as the null-terminated argument writer. diff --git a/helper/container_test.go b/helper/container_test.go index cb145bf8..886cbf47 100644 --- a/helper/container_test.go +++ b/helper/container_test.go @@ -10,7 +10,7 @@ import ( "git.gensokyo.uk/security/fortify/helper" "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) func TestContainer(t *testing.T) { diff --git a/internal/app/init0/main.go b/internal/app/init0/main.go index 46ce4490..7b8d27c6 100644 --- a/internal/app/init0/main.go +++ b/internal/app/init0/main.go @@ -11,7 +11,7 @@ import ( "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) const ( diff --git a/internal/app/shim/main.go b/internal/app/shim/main.go index 94501497..5634be4c 100644 --- a/internal/app/shim/main.go +++ b/internal/app/shim/main.go @@ -16,7 +16,7 @@ import ( "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/app/init0" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) // everything beyond this point runs as unconstrained target user diff --git a/internal/app/shim/manager.go b/internal/app/shim/manager.go index 4b5432b8..4ed75e53 100644 --- a/internal/app/shim/manager.go +++ b/internal/app/shim/manager.go @@ -13,7 +13,7 @@ import ( "git.gensokyo.uk/security/fortify/helper/proc" "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) // used by the parent process diff --git a/internal/output.go b/internal/output.go index c85f1b51..7b1de30a 100644 --- a/internal/output.go +++ b/internal/output.go @@ -2,8 +2,8 @@ package internal import ( "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" "git.gensokyo.uk/security/fortify/system" ) diff --git a/internal/sys/std.go b/internal/sys/std.go index 0145eb23..132f4c13 100644 --- a/internal/sys/std.go +++ b/internal/sys/std.go @@ -15,7 +15,7 @@ import ( "git.gensokyo.uk/security/fortify/fst" "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) // Std implements System using the standard library. diff --git a/ldd/exec.go b/ldd/exec.go index 55d16cf7..cb1ecec3 100644 --- a/ldd/exec.go +++ b/ldd/exec.go @@ -8,7 +8,7 @@ import ( "os/exec" "time" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) const lddTimeout = 2 * time.Second diff --git a/main.go b/main.go index 7a650d65..0505e593 100644 --- a/main.go +++ b/main.go @@ -23,9 +23,9 @@ import ( "git.gensokyo.uk/security/fortify/internal/app/init0" "git.gensokyo.uk/security/fortify/internal/app/shim" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/internal/state" "git.gensokyo.uk/security/fortify/internal/sys" + "git.gensokyo.uk/security/fortify/sandbox" "git.gensokyo.uk/security/fortify/system" ) diff --git a/internal/sandbox/const.go b/sandbox/const.go similarity index 100% rename from internal/sandbox/const.go rename to sandbox/const.go diff --git a/internal/sandbox/container.go b/sandbox/container.go similarity index 98% rename from internal/sandbox/container.go rename to sandbox/container.go index afbcc4fd..3c8063ce 100644 --- a/internal/sandbox/container.go +++ b/sandbox/container.go @@ -13,7 +13,7 @@ import ( "syscall" "time" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) type HardeningFlags uintptr diff --git a/internal/sandbox/container_test.go b/sandbox/container_test.go similarity index 98% rename from internal/sandbox/container_test.go rename to sandbox/container_test.go index 55df60b2..0cca3eac 100644 --- a/internal/sandbox/container_test.go +++ b/sandbox/container_test.go @@ -14,9 +14,9 @@ import ( "git.gensokyo.uk/security/fortify/fst" "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/ldd" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" check "git.gensokyo.uk/security/fortify/test/sandbox" ) diff --git a/internal/sandbox/executable.go b/sandbox/executable.go similarity index 100% rename from internal/sandbox/executable.go rename to sandbox/executable.go diff --git a/internal/sandbox/executable_test.go b/sandbox/executable_test.go similarity index 82% rename from internal/sandbox/executable_test.go rename to sandbox/executable_test.go index b11908c5..3f8e0285 100644 --- a/internal/sandbox/executable_test.go +++ b/sandbox/executable_test.go @@ -4,7 +4,7 @@ import ( "os" "testing" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) func TestExecutable(t *testing.T) { diff --git a/internal/sandbox/init.go b/sandbox/init.go similarity index 99% rename from internal/sandbox/init.go rename to sandbox/init.go index a6fac1a3..4fbb173f 100644 --- a/internal/sandbox/init.go +++ b/sandbox/init.go @@ -13,7 +13,7 @@ import ( "syscall" "time" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) const ( diff --git a/internal/sandbox/mount.go b/sandbox/mount.go similarity index 100% rename from internal/sandbox/mount.go rename to sandbox/mount.go diff --git a/internal/sandbox/msg.go b/sandbox/msg.go similarity index 100% rename from internal/sandbox/msg.go rename to sandbox/msg.go diff --git a/internal/sandbox/output.go b/sandbox/output.go similarity index 100% rename from internal/sandbox/output.go rename to sandbox/output.go diff --git a/internal/sandbox/overflow.go b/sandbox/overflow.go similarity index 100% rename from internal/sandbox/overflow.go rename to sandbox/overflow.go diff --git a/internal/sandbox/params.go b/sandbox/params.go similarity index 100% rename from internal/sandbox/params.go rename to sandbox/params.go diff --git a/internal/sandbox/path.go b/sandbox/path.go similarity index 100% rename from internal/sandbox/path.go rename to sandbox/path.go diff --git a/seccomp/api.go b/sandbox/seccomp/api.go similarity index 100% rename from seccomp/api.go rename to sandbox/seccomp/api.go diff --git a/seccomp/export.go b/sandbox/seccomp/export.go similarity index 100% rename from seccomp/export.go rename to sandbox/seccomp/export.go diff --git a/seccomp/export_test.go b/sandbox/seccomp/export_test.go similarity index 98% rename from seccomp/export_test.go rename to sandbox/seccomp/export_test.go index 34bb306b..8dc88cbb 100644 --- a/seccomp/export_test.go +++ b/sandbox/seccomp/export_test.go @@ -8,7 +8,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) func TestExport(t *testing.T) { diff --git a/seccomp/output.go b/sandbox/seccomp/output.go similarity index 100% rename from seccomp/output.go rename to sandbox/seccomp/output.go diff --git a/seccomp/seccomp-build.c b/sandbox/seccomp/seccomp-build.c similarity index 100% rename from seccomp/seccomp-build.c rename to sandbox/seccomp/seccomp-build.c diff --git a/seccomp/seccomp-build.h b/sandbox/seccomp/seccomp-build.h similarity index 100% rename from seccomp/seccomp-build.h rename to sandbox/seccomp/seccomp-build.h diff --git a/seccomp/seccomp.go b/sandbox/seccomp/seccomp.go similarity index 100% rename from seccomp/seccomp.go rename to sandbox/seccomp/seccomp.go diff --git a/seccomp/seccomp_test.go b/sandbox/seccomp/seccomp_test.go similarity index 96% rename from seccomp/seccomp_test.go rename to sandbox/seccomp/seccomp_test.go index f2949ef8..3c7f5339 100644 --- a/seccomp/seccomp_test.go +++ b/sandbox/seccomp/seccomp_test.go @@ -6,7 +6,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) func TestLibraryError(t *testing.T) { diff --git a/internal/sandbox/sequential.go b/sandbox/sequential.go similarity index 100% rename from internal/sandbox/sequential.go rename to sandbox/sequential.go diff --git a/internal/sandbox/syscall.go b/sandbox/syscall.go similarity index 100% rename from internal/sandbox/syscall.go rename to sandbox/syscall.go diff --git a/system/output.go b/system/output.go index daf43864..8dab60ff 100644 --- a/system/output.go +++ b/system/output.go @@ -1,6 +1,6 @@ package system -import "git.gensokyo.uk/security/fortify/internal/sandbox" +import "git.gensokyo.uk/security/fortify/sandbox" var msg sandbox.Msg = new(sandbox.DefaultMsg)