diff --git a/.gitignore b/.gitignore index 2b915710..89781e77 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,7 @@ go.work.sum # go generate security-context-v1-protocol.* +/cmd/hakurei/LICENSE # release /dist/hakurei-* \ No newline at end of file diff --git a/LICENSE b/LICENSE index b1d47606..7f53ce8c 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2024 Ophestra Umiker +Copyright (c) 2024-2025 Ophestra Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: diff --git a/internal/app/app.go b/cmd/hakurei/internal/app/app.go similarity index 75% rename from internal/app/app.go rename to cmd/hakurei/internal/app/app.go index 902df10f..94b49079 100644 --- a/internal/app/app.go +++ b/cmd/hakurei/internal/app/app.go @@ -47,13 +47,3 @@ func (rs *RunState) SetStart() { now := time.Now().UTC() rs.Time = &now } - -// Paths contains environment-dependent paths used by hakurei. -type Paths struct { - // path to shared directory (usually `/tmp/hakurei.%d`) - SharePath string `json:"share_path"` - // XDG_RUNTIME_DIR value (usually `/run/user/%d`) - RuntimePath string `json:"runtime_path"` - // application runtime directory (usually `/run/user/%d/hakurei`) - RunDirPath string `json:"run_dir_path"` -} diff --git a/internal/app/id.go b/cmd/hakurei/internal/app/id.go similarity index 100% rename from internal/app/id.go rename to cmd/hakurei/internal/app/id.go diff --git a/internal/app/id_test.go b/cmd/hakurei/internal/app/id_test.go similarity index 96% rename from internal/app/id_test.go rename to cmd/hakurei/internal/app/id_test.go index f8acdabe..232421da 100644 --- a/internal/app/id_test.go +++ b/cmd/hakurei/internal/app/id_test.go @@ -4,7 +4,7 @@ import ( "errors" "testing" - . "git.gensokyo.uk/security/hakurei/internal/app" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" ) func TestParseAppID(t *testing.T) { diff --git a/internal/app/instance/common/container.go b/cmd/hakurei/internal/app/instance/common/container.go similarity index 100% rename from internal/app/instance/common/container.go rename to cmd/hakurei/internal/app/instance/common/container.go diff --git a/internal/app/instance/common/path.go b/cmd/hakurei/internal/app/instance/common/path.go similarity index 100% rename from internal/app/instance/common/path.go rename to cmd/hakurei/internal/app/instance/common/path.go diff --git a/internal/app/instance/common/path_test.go b/cmd/hakurei/internal/app/instance/common/path_test.go similarity index 100% rename from internal/app/instance/common/path_test.go rename to cmd/hakurei/internal/app/instance/common/path_test.go diff --git a/internal/app/instance/errors.go b/cmd/hakurei/internal/app/instance/errors.go similarity index 63% rename from internal/app/instance/errors.go rename to cmd/hakurei/internal/app/instance/errors.go index 51d9cdbf..9e67208b 100644 --- a/internal/app/instance/errors.go +++ b/cmd/hakurei/internal/app/instance/errors.go @@ -3,8 +3,8 @@ package instance import ( "syscall" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" ) func PrintRunStateErr(whence int, rs *app.RunState, runErr error) (code int) { diff --git a/internal/app/instance/new.go b/cmd/hakurei/internal/app/instance/new.go similarity index 81% rename from internal/app/instance/new.go rename to cmd/hakurei/internal/app/instance/new.go index d1a6230b..4c4a9c63 100644 --- a/internal/app/instance/new.go +++ b/cmd/hakurei/internal/app/instance/new.go @@ -6,8 +6,8 @@ import ( "log" "syscall" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" "git.gensokyo.uk/security/hakurei/internal/sys" ) diff --git a/internal/app/instance/shim.go b/cmd/hakurei/internal/app/instance/shim.go similarity index 64% rename from internal/app/instance/shim.go rename to cmd/hakurei/internal/app/instance/shim.go index 8147b7c5..b10fae10 100644 --- a/internal/app/instance/shim.go +++ b/cmd/hakurei/internal/app/instance/shim.go @@ -1,6 +1,6 @@ package instance -import "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" +import "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" // ShimMain is the main function of the shim process and runs as the unconstrained target user. func ShimMain() { setuid.ShimMain() } diff --git a/internal/app/internal/setuid/app.go b/cmd/hakurei/internal/app/internal/setuid/app.go similarity index 95% rename from internal/app/internal/setuid/app.go rename to cmd/hakurei/internal/app/internal/setuid/app.go index 92c90fb4..b06c3b09 100644 --- a/internal/app/internal/setuid/app.go +++ b/cmd/hakurei/internal/app/internal/setuid/app.go @@ -5,8 +5,8 @@ import ( "fmt" "sync" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/hst" - . "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/hlog" "git.gensokyo.uk/security/hakurei/internal/sys" ) diff --git a/internal/app/internal/setuid/app_nixos_test.go b/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go similarity index 99% rename from internal/app/internal/setuid/app_nixos_test.go rename to cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go index a516252e..6dd01e99 100644 --- a/internal/app/internal/setuid/app_nixos_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go @@ -2,9 +2,9 @@ package setuid_test import ( "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/sandbox/seccomp" "git.gensokyo.uk/security/hakurei/system" diff --git a/internal/app/internal/setuid/app_pd_test.go b/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go similarity index 99% rename from internal/app/internal/setuid/app_pd_test.go rename to cmd/hakurei/internal/app/internal/setuid/app_pd_test.go index 75133012..49759aa3 100644 --- a/internal/app/internal/setuid/app_pd_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go @@ -4,9 +4,9 @@ import ( "os" "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/sandbox/seccomp" "git.gensokyo.uk/security/hakurei/system" diff --git a/internal/app/internal/setuid/app_stub_test.go b/cmd/hakurei/internal/app/internal/setuid/app_stub_test.go similarity index 97% rename from internal/app/internal/setuid/app_stub_test.go rename to cmd/hakurei/internal/app/internal/setuid/app_stub_test.go index 690948fa..f3b851d8 100644 --- a/internal/app/internal/setuid/app_stub_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_stub_test.go @@ -7,7 +7,7 @@ import ( "os/user" "strconv" - "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/hst" ) // fs methods are not implemented using a real FS @@ -125,8 +125,8 @@ func (s *stubNixOS) Open(name string) (fs.File, error) { } } -func (s *stubNixOS) Paths() app.Paths { - return app.Paths{ +func (s *stubNixOS) Paths() hst.Paths { + return hst.Paths{ SharePath: "/tmp/hakurei.1971", RuntimePath: "/run/user/1971", RunDirPath: "/run/user/1971/hakurei", diff --git a/internal/app/internal/setuid/app_test.go b/cmd/hakurei/internal/app/internal/setuid/app_test.go similarity index 95% rename from internal/app/internal/setuid/app_test.go rename to cmd/hakurei/internal/app/internal/setuid/app_test.go index 82df7c30..072f4c10 100644 --- a/internal/app/internal/setuid/app_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_test.go @@ -7,9 +7,9 @@ import ( "testing" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" "git.gensokyo.uk/security/hakurei/internal/sys" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/system" diff --git a/internal/app/internal/setuid/errors.go b/cmd/hakurei/internal/app/internal/setuid/errors.go similarity index 98% rename from internal/app/internal/setuid/errors.go rename to cmd/hakurei/internal/app/internal/setuid/errors.go index cce96c4a..bb7dd891 100644 --- a/internal/app/internal/setuid/errors.go +++ b/cmd/hakurei/internal/app/internal/setuid/errors.go @@ -4,7 +4,7 @@ import ( "errors" "log" - . "git.gensokyo.uk/security/hakurei/internal/app" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/hlog" ) diff --git a/internal/app/internal/setuid/export_test.go b/cmd/hakurei/internal/app/internal/setuid/export_test.go similarity index 88% rename from internal/app/internal/setuid/export_test.go rename to cmd/hakurei/internal/app/internal/setuid/export_test.go index 1a7f9704..2606fc7f 100644 --- a/internal/app/internal/setuid/export_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/export_test.go @@ -1,7 +1,7 @@ package setuid import ( - . "git.gensokyo.uk/security/hakurei/internal/app" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/sys" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/system" diff --git a/internal/app/internal/setuid/process.go b/cmd/hakurei/internal/app/internal/setuid/process.go similarity index 97% rename from internal/app/internal/setuid/process.go rename to cmd/hakurei/internal/app/internal/setuid/process.go index 8779d65f..c5597d1d 100644 --- a/internal/app/internal/setuid/process.go +++ b/cmd/hakurei/internal/app/internal/setuid/process.go @@ -12,10 +12,10 @@ import ( "syscall" "time" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/internal" - . "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/hlog" - "git.gensokyo.uk/security/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/system" ) diff --git a/internal/app/internal/setuid/seal.go b/cmd/hakurei/internal/app/internal/setuid/seal.go similarity index 98% rename from internal/app/internal/setuid/seal.go rename to cmd/hakurei/internal/app/internal/setuid/seal.go index 69b242a8..2ec26105 100644 --- a/internal/app/internal/setuid/seal.go +++ b/cmd/hakurei/internal/app/internal/setuid/seal.go @@ -17,11 +17,11 @@ import ( "syscall" "git.gensokyo.uk/security/hakurei/acl" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance/common" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal" - . "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/instance/common" "git.gensokyo.uk/security/hakurei/internal/hlog" "git.gensokyo.uk/security/hakurei/internal/sys" "git.gensokyo.uk/security/hakurei/sandbox" @@ -97,7 +97,7 @@ type shareHost struct { runtimeSharePath string seal *outcome - sc Paths + sc hst.Paths } // ensureRuntimeDir must be called if direct access to paths within XDG_RUNTIME_DIR is required @@ -183,7 +183,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co if seal.user.username == "" { seal.user.username = "chronos" } else if !posixUsername.MatchString(seal.user.username) || - len(seal.user.username) >= internal.Sysconf_SC_LOGIN_NAME_MAX() { + len(seal.user.username) >= internal.Sysconf(internal.SC_LOGIN_NAME_MAX) { return hlog.WrapErr(ErrName, fmt.Sprintf("invalid user name %q", seal.user.username)) } diff --git a/internal/app/internal/setuid/shim.go b/cmd/hakurei/internal/app/internal/setuid/shim.go similarity index 99% rename from internal/app/internal/setuid/shim.go rename to cmd/hakurei/internal/app/internal/setuid/shim.go index 100cf1cc..1646cd5b 100644 --- a/internal/app/internal/setuid/shim.go +++ b/cmd/hakurei/internal/app/internal/setuid/shim.go @@ -104,7 +104,7 @@ func ShimMain() { log.Fatalf("cannot receive shim setup params: %v", err) } else { - internal.InstallFmsg(params.Verbose) + internal.InstallOutput(params.Verbose) closeSetup = f // the Go runtime does not expose siginfo_t so SIGCONT is handled in C to check si_pid diff --git a/internal/app/internal/setuid/strings.go b/cmd/hakurei/internal/app/internal/setuid/strings.go similarity index 87% rename from internal/app/internal/setuid/strings.go rename to cmd/hakurei/internal/app/internal/setuid/strings.go index 7e9df5f0..6521def1 100644 --- a/internal/app/internal/setuid/strings.go +++ b/cmd/hakurei/internal/app/internal/setuid/strings.go @@ -3,7 +3,7 @@ package setuid import ( "strconv" - . "git.gensokyo.uk/security/hakurei/internal/app" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" ) func newInt(v int) *stringPair[int] { return &stringPair[int]{v, strconv.Itoa(v)} } diff --git a/internal/state/join.go b/cmd/hakurei/internal/state/join.go similarity index 100% rename from internal/state/join.go rename to cmd/hakurei/internal/state/join.go diff --git a/internal/state/multi.go b/cmd/hakurei/internal/state/multi.go similarity index 99% rename from internal/state/multi.go rename to cmd/hakurei/internal/state/multi.go index fac5b389..cd66c8c8 100644 --- a/internal/state/multi.go +++ b/cmd/hakurei/internal/state/multi.go @@ -13,8 +13,8 @@ import ( "sync" "syscall" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/hlog" ) diff --git a/cmd/hakurei/internal/state/multi_test.go b/cmd/hakurei/internal/state/multi_test.go new file mode 100644 index 00000000..6097b0a4 --- /dev/null +++ b/cmd/hakurei/internal/state/multi_test.go @@ -0,0 +1,9 @@ +package state_test + +import ( + "testing" + + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" +) + +func TestMulti(t *testing.T) { testStore(t, state.NewMulti(t.TempDir())) } diff --git a/internal/state/state.go b/cmd/hakurei/internal/state/state.go similarity index 95% rename from internal/state/state.go rename to cmd/hakurei/internal/state/state.go index 0c07b371..ad92ff0f 100644 --- a/internal/state/state.go +++ b/cmd/hakurei/internal/state/state.go @@ -5,8 +5,8 @@ import ( "io" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" ) var ErrNoConfig = errors.New("state does not contain config") diff --git a/internal/state/state_test.go b/cmd/hakurei/internal/state/state_test.go similarity index 96% rename from internal/state/state_test.go rename to cmd/hakurei/internal/state/state_test.go index caf5c43a..6c49fc4b 100644 --- a/internal/state/state_test.go +++ b/cmd/hakurei/internal/state/state_test.go @@ -10,9 +10,9 @@ import ( "testing" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/state" ) func testStore(t *testing.T, s state.Store) { diff --git a/main.go b/cmd/hakurei/main.go similarity index 95% rename from main.go rename to cmd/hakurei/main.go index e5f54eeb..143ce9c2 100644 --- a/main.go +++ b/cmd/hakurei/main.go @@ -1,5 +1,8 @@ package main +// this works around go:embed '..' limitation +//go:generate cp ../../LICENSE . + import ( "context" _ "embed" @@ -15,14 +18,14 @@ import ( "syscall" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/command" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/instance" "git.gensokyo.uk/security/hakurei/internal/hlog" - "git.gensokyo.uk/security/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/internal/sys" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/system" @@ -41,7 +44,7 @@ var std sys.State = new(sys.Std) func main() { // early init path, skips root check and duplicate PR_SET_DUMPABLE - sandbox.TryArgv0(hlog.Output{}, hlog.Prepare, internal.InstallFmsg) + sandbox.TryArgv0(hlog.Output{}, hlog.Prepare, internal.InstallOutput) if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil { log.Printf("cannot set SUID_DUMP_DISABLE: %s", err) @@ -67,7 +70,7 @@ func buildCommand(out io.Writer) command.Command { flagVerbose bool flagJSON bool ) - c := command.New(out, log.Printf, "hakurei", func([]string) error { internal.InstallFmsg(flagVerbose); return nil }). + c := command.New(out, log.Printf, "hakurei", func([]string) error { internal.InstallOutput(flagVerbose); return nil }). Flag(&flagVerbose, "v", command.BoolFlag(false), "Increase log verbosity"). Flag(&flagJSON, "json", command.BoolFlag(false), "Serialise output in JSON when applicable") diff --git a/main_test.go b/cmd/hakurei/main_test.go similarity index 100% rename from main_test.go rename to cmd/hakurei/main_test.go diff --git a/parse.go b/cmd/hakurei/parse.go similarity index 97% rename from parse.go rename to cmd/hakurei/parse.go index 2e7f507c..aee71c25 100644 --- a/parse.go +++ b/cmd/hakurei/parse.go @@ -10,9 +10,9 @@ import ( "strings" "syscall" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal/hlog" - "git.gensokyo.uk/security/hakurei/internal/state" ) func tryPath(name string) (config *hst.Config) { diff --git a/print.go b/cmd/hakurei/print.go similarity index 99% rename from print.go rename to cmd/hakurei/print.go index 4227d46c..5df2e0c6 100644 --- a/print.go +++ b/cmd/hakurei/print.go @@ -12,10 +12,10 @@ import ( "text/tabwriter" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal/hlog" - "git.gensokyo.uk/security/hakurei/internal/state" ) func printShowSystem(output io.Writer, short, flagJSON bool) { diff --git a/print_test.go b/cmd/hakurei/print_test.go similarity index 99% rename from print_test.go rename to cmd/hakurei/print_test.go index 012a48dc..d0cf1632 100644 --- a/print_test.go +++ b/cmd/hakurei/print_test.go @@ -5,10 +5,10 @@ import ( "testing" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/state" ) var ( diff --git a/cmd/planterette/main.go b/cmd/planterette/main.go index 8988d27a..a9f45d82 100644 --- a/cmd/planterette/main.go +++ b/cmd/planterette/main.go @@ -42,7 +42,7 @@ func main() { flagVerbose bool flagDropShell bool ) - c := command.New(os.Stderr, log.Printf, "planterette", func([]string) error { internal.InstallFmsg(flagVerbose); return nil }). + c := command.New(os.Stderr, log.Printf, "planterette", func([]string) error { internal.InstallOutput(flagVerbose); return nil }). Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console"). Flag(&flagDropShell, "s", command.BoolFlag(false), "Drop to a shell in place of next hakurei action") diff --git a/dbus/dbus_test.go b/dbus/dbus_test.go index 77a3e4f6..8965e0f4 100644 --- a/dbus/dbus_test.go +++ b/dbus/dbus_test.go @@ -209,5 +209,5 @@ func TestHelperInit(t *testing.T) { return } sandbox.SetOutput(hlog.Output{}) - sandbox.Init(hlog.Prepare, internal.InstallFmsg) + sandbox.Init(hlog.Prepare, internal.InstallOutput) } diff --git a/helper/container_test.go b/helper/container_test.go index c6341c68..e8ee7f32 100644 --- a/helper/container_test.go +++ b/helper/container_test.go @@ -53,5 +53,5 @@ func TestHelperInit(t *testing.T) { return } sandbox.SetOutput(hlog.Output{}) - sandbox.Init(hlog.Prepare, func(bool) { internal.InstallFmsg(false) }) + sandbox.Init(hlog.Prepare, func(bool) { internal.InstallOutput(false) }) } diff --git a/hst/paths.go b/hst/paths.go new file mode 100644 index 00000000..31c14df2 --- /dev/null +++ b/hst/paths.go @@ -0,0 +1,11 @@ +package hst + +// Paths contains environment-dependent paths used by hakurei. +type Paths struct { + // path to shared directory (usually `/tmp/hakurei.%d`) + SharePath string `json:"share_path"` + // XDG_RUNTIME_DIR value (usually `/run/user/%d`) + RuntimePath string `json:"runtime_path"` + // application runtime directory (usually `/run/user/%d/hakurei`) + RunDirPath string `json:"run_dir_path"` +} diff --git a/internal/output.go b/internal/output.go index a00cc21e..36eb8105 100644 --- a/internal/output.go +++ b/internal/output.go @@ -6,7 +6,7 @@ import ( "git.gensokyo.uk/security/hakurei/system" ) -func InstallFmsg(verbose bool) { +func InstallOutput(verbose bool) { hlog.Store(verbose) sandbox.SetOutput(hlog.Output{}) system.SetOutput(hlog.Output{}) diff --git a/internal/state/multi_test.go b/internal/state/multi_test.go deleted file mode 100644 index 2549034d..00000000 --- a/internal/state/multi_test.go +++ /dev/null @@ -1,11 +0,0 @@ -package state_test - -import ( - "testing" - - "git.gensokyo.uk/security/hakurei/internal/state" -) - -func TestMulti(t *testing.T) { - testStore(t, state.NewMulti(t.TempDir())) -} diff --git a/internal/sys/interface.go b/internal/sys/interface.go index 57c5a7ec..06cb450c 100644 --- a/internal/sys/interface.go +++ b/internal/sys/interface.go @@ -1,3 +1,4 @@ +// Package sys wraps OS interaction library functions. package sys import ( @@ -6,7 +7,7 @@ import ( "path" "strconv" - "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal/hlog" ) @@ -40,15 +41,15 @@ type State interface { Println(v ...any) Printf(format string, v ...any) - // Paths returns a populated [Paths] struct. - Paths() app.Paths + // Paths returns a populated [hst.Paths] struct. + Paths() hst.Paths // Uid invokes hsu and returns target uid. // Any errors returned by Uid is already wrapped [fmsg.BaseError]. Uid(aid int) (int, error) } // CopyPaths is a generic implementation of [hst.Paths]. -func CopyPaths(os State, v *app.Paths) { +func CopyPaths(os State, v *hst.Paths) { v.SharePath = path.Join(os.TempDir(), "hakurei."+strconv.Itoa(os.Getuid())) hlog.Verbosef("process share directory at %q", v.SharePath) diff --git a/internal/sys/std.go b/internal/sys/std.go index 6db4bae2..c3913a75 100644 --- a/internal/sys/std.go +++ b/internal/sys/std.go @@ -12,15 +12,15 @@ import ( "sync" "syscall" + "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal" - "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/hlog" "git.gensokyo.uk/security/hakurei/sandbox" ) // Std implements System using the standard library. type Std struct { - paths app.Paths + paths hst.Paths pathsOnce sync.Once uidOnce sync.Once @@ -48,7 +48,7 @@ func (s *Std) Printf(format string, v ...any) { hlog.Verbosef(form const xdgRuntimeDir = "XDG_RUNTIME_DIR" -func (s *Std) Paths() app.Paths { +func (s *Std) Paths() hst.Paths { s.pathsOnce.Do(func() { CopyPaths(s, &s.paths) }) return s.paths } diff --git a/internal/sysconf.go b/internal/sysconf.go index 03b236f4..712dce78 100644 --- a/internal/sysconf.go +++ b/internal/sysconf.go @@ -3,4 +3,6 @@ package internal //#include import "C" -func Sysconf_SC_LOGIN_NAME_MAX() int { return int(C.sysconf(C._SC_LOGIN_NAME_MAX)) } +const SC_LOGIN_NAME_MAX = C._SC_LOGIN_NAME_MAX + +func Sysconf(name C.int) int { return int(C.sysconf(name)) } diff --git a/sandbox/container_test.go b/sandbox/container_test.go index d7b774f7..72c50699 100644 --- a/sandbox/container_test.go +++ b/sandbox/container_test.go @@ -30,7 +30,7 @@ func TestContainer(t *testing.T) { { oldVerbose := hlog.Load() oldOutput := sandbox.GetOutput() - internal.InstallFmsg(true) + internal.InstallOutput(true) t.Cleanup(func() { hlog.Store(oldVerbose) }) t.Cleanup(func() { sandbox.SetOutput(oldOutput) }) } @@ -202,7 +202,7 @@ func TestHelperInit(t *testing.T) { return } sandbox.SetOutput(hlog.Output{}) - sandbox.Init(hlog.Prepare, internal.InstallFmsg) + sandbox.Init(hlog.Prepare, internal.InstallOutput) } func TestHelperCheckContainer(t *testing.T) {