release: 0.3.0

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/hakurei/command.go

@@ -20,7 +20,6 @@ import (
 	"hakurei.app/internal"
 	"hakurei.app/internal/env"
 	"hakurei.app/internal/outcome"
-	"hakurei.app/internal/state"
 	"hakurei.app/message"
 	"hakurei.app/system/dbus"
 )
@@ -87,7 +86,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 		)
 
 		c.NewCommand("run", "Configure and start a permissive container", func(args []string) error {
-			if flagIdentity < hst.IdentityMin || flagIdentity > hst.IdentityMax {
+			if flagIdentity < hst.IdentityStart || flagIdentity > hst.IdentityEnd {
 				log.Fatalf("identity %d out of range", flagIdentity)
 			}
 
@@ -96,7 +95,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 				passwd     *user.User
 				passwdOnce sync.Once
 				passwdFunc = func() {
-					us := strconv.Itoa(outcome.HsuUid(new(outcome.Hsu).MustID(msg), flagIdentity))
+					us := strconv.Itoa(hst.ToUser(new(outcome.Hsu).MustID(msg), flagIdentity))
 					if u, err := user.LookupId(us); err != nil {
 						msg.Verbosef("cannot look up uid %s", us)
 						passwd = &user.User{
@@ -294,7 +293,10 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 	}
 
 	{
-		var flagShort bool
+		var (
+			flagShort   bool
+			flagNoStore bool
+		)
 		c.NewCommand("show", "Show live or local app configuration", func(args []string) error {
 			switch len(args) {
 			case 0: // system
@@ -302,10 +304,23 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 
 			case 1: // instance
 				name := args[0]
-				config, entry := tryIdentifier(msg, name)
-				if config == nil {
-					config = tryPath(msg, name)
+
+				var (
+					config *hst.Config
+					entry  *hst.State
+				)
+				if !flagNoStore {
+					var sc hst.Paths
+					env.CopyPaths().Copy(&sc, new(outcome.Hsu).MustID(nil))
+					entry = tryIdentifier(msg, name, outcome.NewStore(&sc))
 				}
+
+				if entry == nil {
+					config = tryPath(msg, name)
+				} else {
+					config = entry.Config
+				}
+
 				if !printShowInstance(os.Stdout, time.Now().UTC(), entry, config, flagShort, flagJSON) {
 					os.Exit(1)
 				}
@@ -314,7 +329,9 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 				log.Fatal("show requires 1 argument")
 			}
 			return errSuccess
-		}).Flag(&flagShort, "short", command.BoolFlag(false), "Omit filesystem information")
+		}).
+			Flag(&flagShort, "short", command.BoolFlag(false), "Omit filesystem information").
+			Flag(&flagNoStore, "no-store", command.BoolFlag(false), "Do not attempt to match from active instances")
 	}
 
 	{
@@ -322,7 +339,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 		c.NewCommand("ps", "List active instances", func(args []string) error {
 			var sc hst.Paths
 			env.CopyPaths().Copy(&sc, new(outcome.Hsu).MustID(nil))
-			printPs(os.Stdout, time.Now().UTC(), state.NewMulti(msg, sc.RunDirPath), flagShort, flagJSON)
+			printPs(msg, os.Stdout, time.Now().UTC(), outcome.NewStore(&sc), flagShort, flagJSON)
 			return errSuccess
 		}).Flag(&flagShort, "short", command.BoolFlag(false), "Print instance id")
 	}

cmd/hakurei/command_test.go

@@ -77,7 +77,7 @@ Flags:
 			t.Parallel()
 
 			out := new(bytes.Buffer)
-			c := buildCommand(t.Context(), message.NewMsg(nil), new(earlyHardeningErrs), out)
+			c := buildCommand(t.Context(), message.New(nil), new(earlyHardeningErrs), out)
 			if err := c.Parse(tc.args); !errors.Is(err, command.ErrHelp) && !errors.Is(err, flag.ErrHelp) {
 				t.Errorf("Parse: error = %v; want %v",
 					err, command.ErrHelp)

cmd/hakurei/main.go

@@ -32,7 +32,7 @@ func main() {
 
 	log.SetPrefix("hakurei: ")
 	log.SetFlags(0)
-	msg := message.NewMsg(log.Default())
+	msg := message.New(log.Default())
 
 	early := earlyHardeningErrs{
 		yamaLSM:  container.SetPtracer(0),

cmd/hakurei/parse.go

@@ -11,9 +11,7 @@ import (
 	"syscall"
 
 	"hakurei.app/hst"
-	"hakurei.app/internal/env"
-	"hakurei.app/internal/outcome"
-	"hakurei.app/internal/state"
+	"hakurei.app/internal/store"
 	"hakurei.app/message"
 )
 
@@ -81,26 +79,7 @@ func shortIdentifierString(s string) string {
 }
 
 // tryIdentifier attempts to match [hst.State] from a [hex] representation of [hst.ID] or a prefix of its lower half.
-func tryIdentifier(msg message.Msg, name string) (config *hst.Config, entry *hst.State) {
-	return tryIdentifierEntries(msg, name, func() map[hst.ID]*hst.State {
-		var sc hst.Paths
-		env.CopyPaths().Copy(&sc, new(outcome.Hsu).MustID(nil))
-		s := state.NewMulti(msg, sc.RunDirPath)
-		if entries, err := state.Join(s); err != nil {
-			msg.GetLogger().Printf("cannot join store: %v", err) // not fatal
-			return nil
-		} else {
-			return entries
-		}
-	})
-}
-
-// tryIdentifierEntries implements tryIdentifier with a custom entries pair getter.
-func tryIdentifierEntries(
-	msg message.Msg,
-	name string,
-	getEntries func() map[hst.ID]*hst.State,
-) (config *hst.Config, entry *hst.State) {
+func tryIdentifier(msg message.Msg, name string, s *store.Store) *hst.State {
 	const (
 		likeShort = 1 << iota
 		likeFull
@@ -116,7 +95,7 @@ func tryIdentifierEntries(
 			if c >= 'a' && c <= 'f' {
 				continue
 			}
-			return
+			return nil
 		}
 		likely |= likeShort
 	} else if len(name) == hex.EncodedLen(len(hst.ID{})) {
@@ -124,40 +103,58 @@ func tryIdentifierEntries(
 	}
 
 	if likely == 0 {
-		return
+		return nil
 	}
-	entries := getEntries()
-	if entries == nil {
-		return
+
+	entries, copyError := s.All()
+	defer func() {
+		if err := copyError(); err != nil {
+			msg.GetLogger().Println(getMessage("cannot iterate over store:", err))
 		}
+	}()
 
 	switch {
 	case likely&likeShort != 0:
 		msg.Verbose("argument looks like short identifier")
-		for id := range entries {
-			v := id.String()
-			if strings.HasPrefix(v[len(hst.ID{}):], name) {
-				// match, use config from this state entry
-				entry = entries[id]
-				config = entry.Config
-				break
+		for eh := range entries {
+			if eh.DecodeErr != nil {
+				msg.Verbose(getMessage("skipping instance:", eh.DecodeErr))
+				continue
 			}
 
-			msg.Verbosef("instance %s skipped", v)
+			if strings.HasPrefix(eh.ID.String()[len(hst.ID{}):], name) {
+				var entry hst.State
+				if _, err := eh.Load(&entry); err != nil {
+					msg.GetLogger().Println(getMessage("cannot load state entry:", err))
+					continue
 				}
-		return
+				return &entry
+			}
+		}
+		return nil
 
 	case likely&likeFull != 0:
 		var likelyID hst.ID
 		if likelyID.UnmarshalText([]byte(name)) != nil {
-			return
+			return nil
 		}
 		msg.Verbose("argument looks like identifier")
-		if ent, ok := entries[likelyID]; ok {
-			entry = ent
-			config = ent.Config
+		for eh := range entries {
+			if eh.DecodeErr != nil {
+				msg.Verbose(getMessage("skipping instance:", eh.DecodeErr))
+				continue
 			}
-		return
+
+			if eh.ID == likelyID {
+				var entry hst.State
+				if _, err := eh.Load(&entry); err != nil {
+					msg.GetLogger().Println(getMessage("cannot load state entry:", err))
+					continue
+				}
+				return &entry
+			}
+		}
+		return nil
 
 	default:
 		panic("unreachable")

cmd/hakurei/parse_test.go

@@ -1,10 +1,14 @@
 package main
 
 import (
+	"bytes"
 	"reflect"
 	"testing"
+	"time"
 
+	"hakurei.app/container/check"
 	"hakurei.app/hst"
+	"hakurei.app/internal/store"
 	"hakurei.app/message"
 )
 
@@ -23,16 +27,46 @@ func TestShortIdentifier(t *testing.T) {
 
 func TestTryIdentifier(t *testing.T) {
 	t.Parallel()
-	msg := message.NewMsg(nil)
+
+	msg := message.New(nil)
 	id := hst.ID{
 		0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
 		0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
 	}
+	withBase := func(extra ...hst.State) []hst.State {
+		return append([]hst.State{
+			{ID: (hst.ID)(bytes.Repeat([]byte{0xaa}, len(hst.ID{}))), PID: 0xbeef, ShimPID: 0xcafe, Config: hst.Template(), Time: time.Unix(0, 0xdeadbeef0)},
+			{ID: (hst.ID)(bytes.Repeat([]byte{0xab}, len(hst.ID{}))), PID: 0x1beef, ShimPID: 0x1cafe, Config: hst.Template(), Time: time.Unix(0, 0xdeadbeef1)},
+			{ID: (hst.ID)(bytes.Repeat([]byte{0xf0}, len(hst.ID{}))), PID: 0x2beef, ShimPID: 0x2cafe, Config: hst.Template(), Time: time.Unix(0, 0xdeadbeef2)},
+
+			{ID: (hst.ID)(bytes.Repeat([]byte{0xfe}, len(hst.ID{}))), PID: 0xbed, ShimPID: 0xfff, Config: func() *hst.Config {
+				template := hst.Template()
+				template.Identity = hst.IdentityEnd
+				return template
+			}(), Time: time.Unix(0, 0xcafebabe0)},
+			{ID: (hst.ID)(bytes.Repeat([]byte{0xfc}, len(hst.ID{}))), PID: 0x1bed, ShimPID: 0x1fff, Config: func() *hst.Config {
+				template := hst.Template()
+				template.Identity = 0xfc
+				return template
+			}(), Time: time.Unix(0, 0xcafebabe1)},
+			{ID: (hst.ID)(bytes.Repeat([]byte{0xce}, len(hst.ID{}))), PID: 0x2bed, ShimPID: 0x2fff, Config: func() *hst.Config {
+				template := hst.Template()
+				template.Identity = 0xce
+				return template
+			}(), Time: time.Unix(0, 0xcafebabe2)},
+		}, extra...)
+	}
+	sampleEntry := hst.State{
+		ID:      id,
+		PID:     0xcafe,
+		ShimPID: 0xdead,
+		Config:  hst.Template(),
+	}
 
 	testCases := []struct {
 		name string
 		s    string
-		entries map[hst.ID]*hst.State
+		data []hst.State
 		want *hst.State
 	}{
 		{"likely entries fault", "ffffffff", nil, nil},
@@ -41,58 +75,40 @@ func TestTryIdentifier(t *testing.T) {
 		{"likely short too long", "fffffffffffffffff", nil, nil},
 		{"likely short invalid lower", "fffffff\x00", nil, nil},
 		{"likely short invalid higher", "0000000\xff", nil, nil},
-		{"short no match", "fedcba98", map[hst.ID]*hst.State{hst.ID{}: nil}, nil},
-		{"short match", "fedcba98", map[hst.ID]*hst.State{
-			hst.ID{}: nil,
-			id: {
-				ID:      id,
-				PID:     0xcafebabe,
-				ShimPID: 0xdeadbeef,
-				Config:  hst.Template(),
-			},
-		}, &hst.State{
-			ID:      id,
-			PID:     0xcafebabe,
-			ShimPID: 0xdeadbeef,
-			Config:  hst.Template(),
-		}},
-		{"short match longer", "fedcba98765", map[hst.ID]*hst.State{
-			hst.ID{}: nil,
-			id: {
-				ID:      id,
-				PID:     0xcafebabe,
-				ShimPID: 0xdeadbeef,
-				Config:  hst.Template(),
-			},
-		}, &hst.State{
-			ID:      id,
-			PID:     0xcafebabe,
-			ShimPID: 0xdeadbeef,
-			Config:  hst.Template(),
-		}},
+		{"short no match", "fedcba98", withBase(), nil},
+		{"short match", "fedcba98", withBase(sampleEntry), &sampleEntry},
+		{"short match single", "fedcba98", []hst.State{sampleEntry}, &sampleEntry},
+		{"short match longer", "fedcba98765", withBase(sampleEntry), &sampleEntry},
 
-		{"likely long invalid", "0123456789abcdeffedcba987654321\x00", map[hst.ID]*hst.State{}, nil},
-		{"long no match", "0123456789abcdeffedcba9876543210", map[hst.ID]*hst.State{hst.ID{}: nil}, nil},
-		{"long match", "0123456789abcdeffedcba9876543210", map[hst.ID]*hst.State{
-			hst.ID{}: nil,
-			id: {
-				ID:      id,
-				PID:     0xcafebabe,
-				ShimPID: 0xdeadbeef,
-				Config:  hst.Template(),
-			},
-		}, &hst.State{
-			ID:      id,
-			PID:     0xcafebabe,
-			ShimPID: 0xdeadbeef,
-			Config:  hst.Template(),
-		}},
+		{"likely long invalid", "0123456789abcdeffedcba987654321\x00", nil, nil},
+		{"long no match", "0123456789abcdeffedcba9876543210", withBase(), nil},
+		{"long match", "0123456789abcdeffedcba9876543210", withBase(sampleEntry), &sampleEntry},
+		{"long match single", "0123456789abcdeffedcba9876543210", []hst.State{sampleEntry}, &sampleEntry},
 	}
 	for _, tc := range testCases {
+		base := check.MustAbs(t.TempDir()).Append("store")
+		s := store.New(base)
+		for i := range tc.data {
+			if h, err := s.Handle(tc.data[i].Identity); err != nil {
+				t.Fatalf("Handle: error = %v", err)
+			} else {
+				var unlock func()
+				if unlock, err = h.Lock(); err != nil {
+					t.Fatalf("Lock: error = %v", err)
+				}
+				_, err = h.Save(&tc.data[i])
+				unlock()
+				if err != nil {
+					t.Fatalf("Save: error = %v", err)
+				}
+			}
+		}
+
+		// store must not be written to beyond this point
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 
-			_, got := tryIdentifierEntries(msg, tc.s, func() map[hst.ID]*hst.State { return tc.entries })
+			got := tryIdentifier(msg, tc.s, store.New(base))
 			if !reflect.DeepEqual(got, tc.want) {
 				t.Errorf("tryIdentifier: %#v, want %#v", got, tc.want)
 			}

cmd/hakurei/print.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"bytes"
 	"fmt"
 	"io"
 	"log"
@@ -14,7 +15,7 @@ import (
 	"hakurei.app/internal"
 	"hakurei.app/internal/env"
 	"hakurei.app/internal/outcome"
-	"hakurei.app/internal/state"
+	"hakurei.app/internal/store"
 	"hakurei.app/message"
 )
 
@@ -43,7 +44,8 @@ func printShowSystem(output io.Writer, short, flagJSON bool) {
 func printShowInstance(
 	output io.Writer, now time.Time,
 	instance *hst.State, config *hst.Config,
-	short, flagJSON bool) (valid bool) {
+	short, flagJSON bool,
+) (valid bool) {
 	valid = true
 
 	if flagJSON {
@@ -65,6 +67,11 @@ func printShowInstance(
 		}
 	}
 
+	if config == nil {
+		// nothing to print
+		return
+	}
+
 	if instance != nil {
 		t.Printf("State\n")
 		t.Printf(" Instance:\t%s (%d -> %d)\n", instance.ID.String(), instance.PID, instance.ShimPID)
@@ -83,14 +90,13 @@ func printShowInstance(
 		t.Printf(" Groups:\t%s\n", strings.Join(config.Groups, ", "))
 	}
 	if config.Container != nil {
-		params := config.Container
-		if params.Home != nil {
-			t.Printf(" Home:\t%s\n", params.Home)
+		if config.Container.Home != nil {
+			t.Printf(" Home:\t%s\n", config.Container.Home)
 		}
-		if params.Hostname != "" {
-			t.Printf(" Hostname:\t%s\n", params.Hostname)
+		if config.Container.Hostname != "" {
+			t.Printf(" Hostname:\t%s\n", config.Container.Hostname)
 		}
-		flags := params.Flags.String()
+		flags := config.Container.Flags.String()
 
 		// this is included in the upper hst.Config struct but is relevant here
 		const flagDirectWayland = "directwl"
@@ -104,11 +110,11 @@ func printShowInstance(
 		}
 		t.Printf(" Flags:\t%s\n", flags)
 
-		if params.Path != nil {
-			t.Printf(" Path:\t%s\n", params.Path)
+		if config.Container.Path != nil {
+			t.Printf(" Path:\t%s\n", config.Container.Path)
 		}
-		if len(params.Args) > 0 {
-			t.Printf(" Arguments:\t%s\n", strings.Join(params.Args, " "))
+		if len(config.Container.Args) > 0 {
+			t.Printf(" Arguments:\t%s\n", strings.Join(config.Container.Args, " "))
 		}
 	}
 	t.Printf("\n")
@@ -168,54 +174,52 @@ func printShowInstance(
 }
 
 // printPs writes a representation of active instances to output.
-func printPs(output io.Writer, now time.Time, s state.Store, short, flagJSON bool) {
-	var entries map[hst.ID]*hst.State
-	if e, err := state.Join(s); err != nil {
-		log.Fatalf("cannot join store: %v", err)
-	} else {
-		entries = e
+func printPs(msg message.Msg, output io.Writer, now time.Time, s *store.Store, short, flagJSON bool) {
+	f := func(a func(eh *store.EntryHandle)) {
+		entries, copyError := s.All()
+		for eh := range entries {
+			a(eh)
+		}
+		if err := copyError(); err != nil {
+			msg.GetLogger().Println(getMessage("cannot iterate over store:", err))
+		}
 	}
 
-	if !short && flagJSON {
-		es := make(map[string]*hst.State, len(entries))
-		for id, instance := range entries {
-			es[id.String()] = instance
+	if short { // short output requires identifier only
+		var identifiers []*hst.ID
+		f(func(eh *store.EntryHandle) {
+			if _, err := eh.Load(nil); err != nil { // passes through decode error
+				msg.GetLogger().Println(getMessage("cannot validate state entry header:", err))
+				return
+			}
+			identifiers = append(identifiers, &eh.ID)
+		})
+		slices.SortFunc(identifiers, func(a, b *hst.ID) int { return bytes.Compare(a[:], b[:]) })
+
+		if flagJSON {
+			encodeJSON(log.Fatal, output, short, identifiers)
+		} else {
+			for _, id := range identifiers {
+				mustPrintln(output, shortIdentifier(id))
+			}
 		}
-		encodeJSON(log.Fatal, output, short, es)
 		return
 	}
 
-	// sort state entries by id string to ensure consistency between runs
-	exp := make([]*expandedStateEntry, 0, len(entries))
-	for id, instance := range entries {
-		// gracefully skip nil states
-		if instance == nil {
-			log.Printf("got invalid state entry %s", id.String())
-			continue
+	// long output requires full instance state
+	var instances []*hst.State
+	f(func(eh *store.EntryHandle) {
+		var state hst.State
+		if _, err := eh.Load(&state); err != nil { // passes through decode error
+			msg.GetLogger().Println(getMessage("cannot load state entry:", err))
+			return
 		}
+		instances = append(instances, &state)
+	})
+	slices.SortFunc(instances, func(a, b *hst.State) int { return bytes.Compare(a.ID[:], b.ID[:]) })
 
-		// gracefully skip inconsistent states
-		if id != instance.ID {
-			log.Printf("possible store corruption: entry %s has id %s",
-				id.String(), instance.ID.String())
-			continue
-		}
-		exp = append(exp, &expandedStateEntry{s: id.String(), State: instance})
-	}
-	slices.SortFunc(exp, func(a, b *expandedStateEntry) int { return a.Time.Compare(b.Time) })
-
-	if short {
 	if flagJSON {
-			v := make([]string, len(exp))
-			for i, e := range exp {
-				v[i] = e.s
-			}
-			encodeJSON(log.Fatal, output, short, v)
-		} else {
-			for _, e := range exp {
-				mustPrintln(output, shortIdentifierString(e.s))
-			}
-		}
+		encodeJSON(log.Fatal, output, short, instances)
 		return
 	}
 
@@ -223,33 +227,21 @@ func printPs(output io.Writer, now time.Time, s state.Store, short, flagJSON boo
 	defer t.MustFlush()
 
 	t.Println("\tInstance\tPID\tApplication\tUptime")
-	for _, e := range exp {
-		if len(e.s) != 1<<5 {
-			// unreachable
-			log.Printf("possible store corruption: invalid instance string %s", e.s)
-			continue
-		}
-
+	for _, instance := range instances {
 		as := "(No configuration information)"
-		if e.Config != nil {
-			as = strconv.Itoa(e.Config.Identity)
-			id := e.Config.ID
+		if instance.Config != nil {
+			as = strconv.Itoa(instance.Config.Identity)
+			id := instance.Config.ID
 			if id == "" {
-				id = "app.hakurei." + shortIdentifierString(e.s)
+				id = "app.hakurei." + shortIdentifier(&instance.ID)
 			}
 			as += " (" + id + ")"
 		}
 		t.Printf("\t%s\t%d\t%s\t%s\n",
-			shortIdentifierString(e.s), e.PID, as, now.Sub(e.Time).Round(time.Second).String())
+			shortIdentifier(&instance.ID), instance.PID, as, now.Sub(instance.Time).Round(time.Second).String())
 	}
 }
 
-// expandedStateEntry stores [hst.State] alongside a string representation of its [hst.ID].
-type expandedStateEntry struct {
-	s string
-	*hst.State
-}
-
 // newPrinter returns a configured, wrapped [tabwriter.Writer].
 func newPrinter(output io.Writer) *tp { return &tp{tabwriter.NewWriter(output, 0, 1, 4, ' ', 0)} }
 
@@ -287,3 +279,11 @@ func mustPrintln(output io.Writer, a ...any) {
 		log.Fatalf("cannot print: %v", err)
 	}
 }
+
+// getMessage returns a [message.Error] message if available, or err prefixed with fallback otherwise.
+func getMessage(fallback string, err error) string {
+	if m, ok := message.GetMessage(err); ok {
+		return m
+	}
+	return fmt.Sprintln(fallback, err)
+}

cmd/hakurei/print_test.go

@@ -1,12 +1,16 @@
 package main
 
 import (
+	"bytes"
+	"log"
 	"strings"
 	"testing"
 	"time"
 
+	"hakurei.app/container/check"
 	"hakurei.app/hst"
-	"hakurei.app/internal/state"
+	"hakurei.app/internal/store"
+	"hakurei.app/message"
 )
 
 var (
@@ -16,13 +20,30 @@ var (
 		0x4c, 0xf0, 0x73, 0xbd,
 		0xb4, 0x6e, 0xb5, 0xc1,
 	}
-	testState = &hst.State{
+	testState = hst.State{
 		ID:      testID,
-		PID:     0xcafebabe,
-		ShimPID: 0xdeadbeef,
+		PID:     0xcafe,
+		ShimPID: 0xdead,
 		Config:  hst.Template(),
 		Time:    testAppTime,
 	}
+	testStateSmall = hst.State{
+		ID:      (hst.ID)(bytes.Repeat([]byte{0xaa}, len(hst.ID{}))),
+		PID:     0xbeef,
+		ShimPID: 0xcafe,
+		Config: &hst.Config{
+			Enablements: hst.NewEnablements(hst.EWayland | hst.EPulse),
+			Identity:    1,
+			Container: &hst.ContainerConfig{
+				Shell: check.MustAbs("/bin/sh"),
+				Home:  check.MustAbs("/data/data/uk.gensokyo.cat"),
+				Path:  check.MustAbs("/usr/bin/cat"),
+				Args:  []string{"cat"},
+				Flags: hst.FUserns,
+			},
+		},
+		Time: time.Unix(0, 0xdeadbeef).UTC(),
+	}
 	testTime    = time.Unix(3752, 1).UTC()
 	testAppTime = time.Unix(0, 9).UTC()
 )
@@ -38,6 +59,7 @@ func TestPrintShowInstance(t *testing.T) {
 		want        string
 		valid       bool
 	}{
+		{"nil", nil, nil, false, false, "Error: invalid configuration!\n\n", false},
 		{"config", nil, hst.Template(), false, false, `App
  Identity:       9 (org.chromium.Chromium)
  Enablements:    wayland, dbus, pulseaudio
@@ -131,8 +153,8 @@ Session bus
 
 `, false},
 
-		{"instance", testState, hst.Template(), false, false, `State
- Instance:    8e2c76b066dabe574cf073bdb46eb5c1 (3405691582 -> 3735928559)
+		{"instance", &testState, hst.Template(), false, false, `State
+ Instance:    8e2c76b066dabe574cf073bdb46eb5c1 (51966 -> 57005)
  Uptime:      1h2m32s
 
 App
@@ -171,10 +193,10 @@ System bus
  Talk:      ["org.bluez" "org.freedesktop.Avahi" "org.freedesktop.UPower"]
 
 `, true},
-		{"instance pd", testState, new(hst.Config), false, false, `Error: configuration missing container state!
+		{"instance pd", &testState, new(hst.Config), false, false, `Error: configuration missing container state!
 
 State
- Instance:    8e2c76b066dabe574cf073bdb46eb5c1 (3405691582 -> 3735928559)
+ Instance:    8e2c76b066dabe574cf073bdb46eb5c1 (51966 -> 57005)
  Uptime:      1h2m32s
 
 App
@@ -185,10 +207,10 @@ App
 
 		{"json nil", nil, nil, false, true, `null
 `, true},
-		{"json instance", testState, nil, false, true, `{
+		{"json instance", &testState, nil, false, true, `{
   "instance": "8e2c76b066dabe574cf073bdb46eb5c1",
-  "pid": 3405691582,
-  "shim_pid": 3735928559,
+  "pid": 51966,
+  "shim_pid": 57005,
   "id": "org.chromium.Chromium",
   "enablements": {
     "wayland": true,
@@ -513,28 +535,31 @@ func TestPrintPs(t *testing.T) {
 
 	testCases := []struct {
 		name        string
-		entries     map[hst.ID]*hst.State
+		data        []hst.State
 		short, json bool
-		want        string
+		want, log   string
 	}{
-		{"no entries", make(map[hst.ID]*hst.State), false, false, "    Instance    PID    Application    Uptime\n"},
-		{"no entries short", make(map[hst.ID]*hst.State), true, false, ""},
-		{"nil instance", map[hst.ID]*hst.State{testID: nil}, false, false, "    Instance    PID    Application    Uptime\n"},
-		{"state corruption", map[hst.ID]*hst.State{hst.ID{}: testState}, false, false, "    Instance    PID    Application    Uptime\n"},
+		{"no entries", []hst.State{}, false, false, "    Instance    PID    Application    Uptime\n", ""},
+		{"no entries short", []hst.State{}, true, false, "", ""},
 
-		{"valid pd", map[hst.ID]*hst.State{testID: {ID: testID, PID: 1 << 8, Config: new(hst.Config), Time: testAppTime}}, false, false, `    Instance    PID    Application                 Uptime
-    4cf073bd    256    0 (app.hakurei.4cf073bd)    1h2m32s
-`},
+		{"invalid config", []hst.State{{ID: testID, PID: 1 << 8, Config: new(hst.Config), Time: testAppTime}}, false, false, "    Instance    PID    Application    Uptime\n", "check: configuration missing container state\n"},
 
-		{"valid", map[hst.ID]*hst.State{testID: testState}, false, false, `    Instance    PID           Application                  Uptime
-    4cf073bd    3405691582    9 (org.chromium.Chromium)    1h2m32s
-`},
-		{"valid short", map[hst.ID]*hst.State{testID: testState}, true, false, "4cf073bd\n"},
-		{"valid json", map[hst.ID]*hst.State{testID: testState}, false, true, `{
-  "8e2c76b066dabe574cf073bdb46eb5c1": {
+		{"valid", []hst.State{testStateSmall, testState}, false, false, `    Instance    PID      Application                  Uptime
+    4cf073bd    51966    9 (org.chromium.Chromium)    1h2m32s
+    aaaaaaaa    48879    1 (app.hakurei.aaaaaaaa)     1h2m28s
+`, ""},
+		{"valid single", []hst.State{testState}, false, false, `    Instance    PID      Application                  Uptime
+    4cf073bd    51966    9 (org.chromium.Chromium)    1h2m32s
+`, ""},
+
+		{"valid short", []hst.State{testStateSmall, testState}, true, false, "4cf073bd\naaaaaaaa\n", ""},
+		{"valid short single", []hst.State{testState}, true, false, "4cf073bd\n", ""},
+
+		{"valid json", []hst.State{testState, testStateSmall}, false, true, `[
+  {
     "instance": "8e2c76b066dabe574cf073bdb46eb5c1",
-    "pid": 3405691582,
-    "shim_pid": 3735928559,
+    "pid": 51966,
+    "shim_pid": 57005,
     "id": "org.chromium.Chromium",
     "enablements": {
       "wayland": true,
@@ -683,32 +708,70 @@ func TestPrintPs(t *testing.T) {
       "share_tmpdir": true
     },
     "time": "1970-01-01T00:00:00.000000009Z"
+  },
+  {
+    "instance": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+    "pid": 48879,
+    "shim_pid": 51966,
+    "enablements": {
+      "wayland": true,
+      "pulse": true
+    },
+    "identity": 1,
+    "groups": null,
+    "container": {
+      "env": null,
+      "filesystem": null,
+      "shell": "/bin/sh",
+      "home": "/data/data/uk.gensokyo.cat",
+      "path": "/usr/bin/cat",
+      "args": [
+        "cat"
+      ],
+      "userns": true,
+      "map_real_uid": false
+    },
+    "time": "1970-01-01T00:00:03.735928559Z"
   }
-}
-`},
-		{"valid short json", map[hst.ID]*hst.State{testID: testState}, true, true, `["8e2c76b066dabe574cf073bdb46eb5c1"]
-`},
+]
+`, ""},
+		{"valid short json", []hst.State{testStateSmall, testState}, true, true, `["8e2c76b066dabe574cf073bdb46eb5c1","aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"]
+`, ""},
 	}
 
 	for _, tc := range testCases {
+		s := store.New(check.MustAbs(t.TempDir()).Append("store"))
+		for i := range tc.data {
+			if h, err := s.Handle(tc.data[i].Identity); err != nil {
+				t.Fatalf("Handle: error = %v", err)
+			} else {
+				var unlock func()
+				if unlock, err = h.Lock(); err != nil {
+					t.Fatalf("Lock: error = %v", err)
+				}
+				_, err = h.Save(&tc.data[i])
+				unlock()
+				if err != nil {
+					t.Fatalf("Save: error = %v", err)
+				}
+			}
+		}
+
+		// store must not be written to beyond this point
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 
-			output := new(strings.Builder)
-			printPs(output, testTime, stubStore(tc.entries), tc.short, tc.json)
-			if got := output.String(); got != tc.want {
-				t.Errorf("printPs: got\n%s\nwant\n%s",
-					got, tc.want)
+			var printBuf, logBuf bytes.Buffer
+			msg := message.New(log.New(&logBuf, "check: ", 0))
+			msg.SwapVerbose(true)
+			printPs(msg, &printBuf, testTime, s, tc.short, tc.json)
+			if got := printBuf.String(); got != tc.want {
+				t.Errorf("printPs:\n%s\nwant\n%s", got, tc.want)
 				return
 			}
+			if got := logBuf.String(); got != tc.log {
+				t.Errorf("msg:\n%s\nwant\n%s", got, tc.log)
+			}
 		})
 	}
 }
-
-// stubStore implements [state.Store] and returns test samples via [state.Joiner].
-type stubStore map[hst.ID]*hst.State
-
-func (s stubStore) Join() (map[hst.ID]*hst.State, error)       { return s, nil }
-func (s stubStore) Do(int, func(c state.Cursor)) (bool, error) { panic("unreachable") }
-func (s stubStore) List() ([]int, error)                       { panic("unreachable") }
-func (s stubStore) Close() error                               { return nil }

cmd/hpkg/main.go

@@ -24,7 +24,7 @@ var (
 func main() {
 	log.SetPrefix("hpkg: ")
 	log.SetFlags(0)
-	msg := message.NewMsg(log.Default())
+	msg := message.New(log.Default())
 
 	if err := os.Setenv("SHELL", pathShell.String()); err != nil {
 		log.Fatalf("cannot set $SHELL: %v", err)

cmd/hpkg/test/test.py

@@ -58,7 +58,7 @@ def check_state(name, enablements):
     instances = json.loads(machine.succeed("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 hakurei --json ps"))
     if len(instances) != 1:
         raise Exception(f"unexpected state length {len(instances)}")
-    instance = next(iter(instances.values()))
+    instance = instances[0]
 
     if len(instance['container']['args']) != 1 or not (instance['container']['args'][0].startswith("/nix/store/")) or f"hakurei-{name}-" not in (instance['container']['args'][0]):
         raise Exception(f"unexpected args {instance['container']['args']}")
@@ -92,15 +92,19 @@ machine.wait_for_file("/tmp/hakurei.0/tmpdir/2/success-client")
 collect_state_ui("app_wayland")
 check_state("foot", {"wayland": True, "dbus": True, "pulse": True})
 # Verify acl on XDG_RUNTIME_DIR:
-print(machine.succeed("getfacl --absolute-names --omit-header --numeric /run/user/1000 | grep 1000002"))
+print(machine.succeed("getfacl --absolute-names --omit-header --numeric /run/user/1000 | grep 10002"))
 machine.send_chars("exit\n")
 machine.wait_until_fails("pgrep foot")
 # Verify acl cleanup on XDG_RUNTIME_DIR:
-machine.wait_until_fails("getfacl --absolute-names --omit-header --numeric /run/user/1000 | grep 1000002")
+machine.wait_until_fails("getfacl --absolute-names --omit-header --numeric /run/user/1000 | grep 10002")
 
 # Exit Sway and verify process exit status 0:
 swaymsg("exit", succeed=False)
 machine.wait_for_file("/tmp/sway-exit-ok")
 
-# Print hakurei runDir contents:
+# Print hakurei share and rundir contents:
+print(machine.succeed("find /tmp/hakurei.0 "
+    + "-path '/tmp/hakurei.0/runtime/*/*' -prune -o "
+    + "-path '/tmp/hakurei.0/tmpdir/*/*' -prune -o "
+    + "-print"))
 print(machine.succeed("find /run/user/1000/hakurei"))

cmd/hsu/hst.go

@@ -0,0 +1,16 @@
+package main
+
+/* copied from hst and must never be changed */
+
+const (
+	userOffset = 100000
+	rangeSize  = userOffset / 10
+
+	identityStart = 0
+	identityEnd   = appEnd - appStart
+
+	appStart = rangeSize * 1
+	appEnd   = appStart + rangeSize - 1
+)
+
+func toUser(userid, appid uint32) uint32 { return userid*userOffset + appStart + appid }

cmd/hsu/main.go

@@ -16,15 +16,12 @@ import (
 )
 
 const (
-	hsuConfFile = "/etc/hsurc"
+	// envIdentity is the name of the environment variable holding a
+	// single byte representing the shim setup pipe file descriptor.
 	envShim = "HAKUREI_SHIM"
-	envIdentity = "HAKUREI_IDENTITY"
+	// envGroups holds a ' ' separated list of string representations of
+	// supplementary group gid. Membership requirements are enforced.
 	envGroups = "HAKUREI_GROUPS"
-
-	PR_SET_NO_NEW_PRIVS = 0x26
-
-	identityMin = 0
-	identityMax = 9999
 )
 
 // hakureiPath is the absolute path to Hakurei.
@@ -33,6 +30,7 @@ const (
 var hakureiPath string
 
 func main() {
+	const PR_SET_NO_NEW_PRIVS = 0x26
 	runtime.LockOSThread()
 
 	log.SetFlags(0)
@@ -68,13 +66,8 @@ func main() {
 		toolPath = p
 	}
 
-	// uid = 1000000 +
-	//    id * 10000 +
-	//      identity
-	uid := 1000000
-
 	// refuse to run if hsurc is not protected correctly
-	if s, err := os.Stat(hsuConfFile); err != nil {
+	if s, err := os.Stat(hsuConfPath); err != nil {
 		log.Fatal(err)
 	} else if s.Mode().Perm() != 0400 {
 		log.Fatal("bad hsurc perm")
@@ -83,25 +76,13 @@ func main() {
 	}
 
 	// authenticate before accepting user input
-	var id int
-	if f, err := os.Open(hsuConfFile); err != nil {
-		log.Fatal(err)
-	} else if v, ok := mustParseConfig(f, puid); !ok {
-		log.Fatalf("uid %d is not in the hsurc file", puid)
-	} else {
-		id = v
-		if err = f.Close(); err != nil {
-			log.Fatal(err)
-		}
-
-		uid += id * 10000
-	}
+	userid := mustParseConfig(puid)
 
 	// pass through setup fd to shim
 	var shimSetupFd string
 	if s, ok := os.LookupEnv(envShim); !ok {
 		// hakurei requests hsurc user id
-		fmt.Print(id)
+		fmt.Print(userid)
 		os.Exit(0)
 	} else if len(s) != 1 || s[0] > '9' || s[0] < '3' {
 		log.Fatal("HAKUREI_SHIM holds an invalid value")
@@ -109,13 +90,22 @@ func main() {
 		shimSetupFd = s
 	}
 
-	// allowed identity range 0 to 9999
-	if as, ok := os.LookupEnv(envIdentity); !ok {
-		log.Fatal("HAKUREI_IDENTITY not set")
-	} else if identity, err := parseUint32Fast(as); err != nil || identity < identityMin || identity > identityMax {
-		log.Fatal("invalid identity")
-	} else {
-		uid += identity
+	// start is going ahead at this point
+	identity := mustReadIdentity()
+
+	const (
+		// first possible uid outcome
+		uidStart = 10000
+		// last possible uid outcome
+		uidEnd = 999919999
+	)
+
+	// cast to int for use with library functions
+	uid := int(toUser(userid, identity))
+
+	// final bounds check to catch any bugs
+	if uid < uidStart || uid >= uidEnd {
+		panic("uid out of bounds")
 	}
 
 	// supplementary groups
@@ -145,11 +135,6 @@ func main() {
 		suppGroups = []int{uid}
 	}
 
-	// final bounds check to catch any bugs
-	if uid < 1000000 || uid >= 2000000 {
-		panic("uid out of bounds")
-	}
-
 	// careful! users in the allowlist is effectively allowed to drop groups via hsu
 
 	if err := syscall.Setresgid(uid, uid, uid); err != nil {

cmd/hsu/parse.go

@@ -6,62 +6,128 @@ import (
 	"fmt"
 	"io"
 	"log"
+	"math"
+	"os"
 	"strings"
 )
 
-func parseUint32Fast(s string) (int, error) {
+const (
+	// useridStart is the first userid.
+	useridStart = 0
+	// useridEnd is the last userid.
+	useridEnd = useridStart + rangeSize - 1
+)
+
+// parseUint32Fast parses a string representation of an unsigned 32-bit integer value
+// using the fast path only. This limits the range of values it is defined in.
+func parseUint32Fast(s string) (uint32, error) {
 	sLen := len(s)
 	if sLen < 1 {
-		return -1, errors.New("zero length string")
+		return 0, errors.New("zero length string")
 	}
 	if sLen > 10 {
-		return -1, errors.New("string too long")
+		return 0, errors.New("string too long")
 	}
 
-	n := 0
+	var n uint32
 	for i, ch := range []byte(s) {
 		ch -= '0'
 		if ch > 9 {
-			return -1, fmt.Errorf("invalid character '%s' at index %d", string(ch+'0'), i)
+			return 0, fmt.Errorf("invalid character '%s' at index %d", string(ch+'0'), i)
 		}
-		n = n*10 + int(ch)
+		n = n*10 + uint32(ch)
 	}
 	return n, nil
 }
 
-func parseConfig(r io.Reader, puid int) (fid int, ok bool, err error) {
+// parseConfig reads a list of allowed users from r until it encounters puid or [io.EOF].
+//
+// Each line of the file specifies a hakurei userid to kernel uid mapping. A line consists
+// of the string representation of the uid of the user wishing to start hakurei containers,
+// followed by a space, followed by the string representation of its userid. Duplicate uid
+// entries are ignored, with the first occurrence taking effect.
+//
+// All string representations are parsed by calling parseUint32Fast.
+func parseConfig(r io.Reader, puid uint32) (userid uint32, ok bool, err error) {
 	s := bufio.NewScanner(r)
-	var line, puid0 int
+	var (
+		line  uintptr
+		puid0 uint32
+	)
 	for s.Scan() {
 		line++
 
-		// <puid> <fid>
+		// <puid> <userid>
 		lf := strings.SplitN(s.Text(), " ", 2)
 		if len(lf) != 2 {
-			return -1, false, fmt.Errorf("invalid entry on line %d", line)
+			return useridEnd + 1, false, fmt.Errorf("invalid entry on line %d", line)
 		}
 
 		puid0, err = parseUint32Fast(lf[0])
 		if err != nil || puid0 < 1 {
-			return -1, false, fmt.Errorf("invalid parent uid on line %d", line)
+			return useridEnd + 1, false, fmt.Errorf("invalid parent uid on line %d", line)
 		}
 
 		ok = puid0 == puid
 		if ok {
-			// allowed fid range 0 to 99
-			if fid, err = parseUint32Fast(lf[1]); err != nil || fid < 0 || fid > 99 {
-				return -1, false, fmt.Errorf("invalid identity on line %d", line)
+			// userid bound to a range, uint32 size allows this to be increased if needed
+			if userid, err = parseUint32Fast(lf[1]); err != nil ||
+				userid < useridStart || userid > useridEnd {
+				return useridEnd + 1, false, fmt.Errorf("invalid userid on line %d", line)
 			}
 			return
 		}
 	}
-	return -1, false, s.Err()
+	return useridEnd + 1, false, s.Err()
 }
 
-func mustParseConfig(r io.Reader, puid int) (int, bool) {
-	fid, ok, err := parseConfig(r, puid)
-	if err != nil {
+// hsuConfPath is an absolute pathname to the hsu configuration file.
+// Its contents are interpreted by parseConfig.
+const hsuConfPath = "/etc/hsurc"
+
+// mustParseConfig calls parseConfig to interpret the contents of hsuConfPath,
+// terminating the program if an error is encountered, the syntax is incorrect,
+// or the current user is not authorised to use hsu because its uid is missing.
+//
+// Therefore, code after this function call can assume an authenticated state.
+//
+// mustParseConfig returns the userid value of the current user.
+func mustParseConfig(puid int) (userid uint32) {
+	if puid > math.MaxUint32 {
+		log.Fatalf("got impossible uid %d", puid)
+	}
+
+	var ok bool
+	if f, err := os.Open(hsuConfPath); err != nil {
+		log.Fatal(err)
+	} else if userid, ok, err = parseConfig(f, uint32(puid)); err != nil {
+		log.Fatal(err)
+	} else if err = f.Close(); err != nil {
 		log.Fatal(err)
 	}
-	return fid, ok
+	if !ok {
+		log.Fatalf("uid %d is not in the hsurc file", puid)
+	}
+
+	return
+}
+
+// envIdentity is the name of the environment variable holding a
+// string representation of the current application identity.
+var envIdentity = "HAKUREI_IDENTITY"
+
+// mustReadIdentity calls parseUint32Fast to interpret the value stored in envIdentity,
+// terminating the program if the value is not set, malformed, or out of bounds.
+func mustReadIdentity() uint32 {
+	// ranges defined in hst and copied to this package to avoid importing hst
+	if as, ok := os.LookupEnv(envIdentity); !ok {
+		log.Fatal("HAKUREI_IDENTITY not set")
+		panic("unreachable")
+	} else if identity, err := parseUint32Fast(as); err != nil ||
+		identity < identityStart || identity > identityEnd {
+		log.Fatal("invalid identity")
+		panic("unreachable")
+	} else {
+		return identity
+	}
 }

cmd/hsu/parse_test.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"bytes"
+	"math"
 	"strconv"
 	"testing"
 )
@@ -39,22 +40,20 @@ func TestParseUint32Fast(t *testing.T) {
 	t.Run("range", func(t *testing.T) {
 		t.Parallel()
 
-		testRange := func(i, end int) {
+		testRange := func(i, end uint32) {
 			for ; i < end; i++ {
-				s := strconv.Itoa(i)
+				s := strconv.Itoa(int(i))
 				w := i
 				t.Run("parse "+s, func(t *testing.T) {
 					t.Parallel()
 
 					v, err := parseUint32Fast(s)
 					if err != nil {
-						t.Errorf("parseUint32Fast(%q): error = %v",
-							s, err)
+						t.Errorf("parseUint32Fast(%q): error = %v", s, err)
 						return
 					}
 					if v != w {
-						t.Errorf("parseUint32Fast(%q): got %v",
-							s, v)
+						t.Errorf("parseUint32Fast(%q): got %v", s, v)
 						return
 					}
 				})
@@ -63,7 +62,7 @@ func TestParseUint32Fast(t *testing.T) {
 
 		testRange(0, 2500)
 		testRange(23002500, 23005000)
-		testRange(7890002500, 7890005000)
+		testRange(math.MaxUint32-2500, math.MaxUint32)
 	})
 }
 
@@ -72,14 +71,14 @@ func TestParseConfig(t *testing.T) {
 
 	testCases := []struct {
 		name       string
-		puid, want int
+		puid, want uint32
 		wantErr    string
 		rc         string
 	}{
-		{"empty", 0, -1, "", ``},
-		{"invalid field", 0, -1, "invalid entry on line 1", `9`},
-		{"invalid puid", 0, -1, "invalid parent uid on line 1", `f 9`},
-		{"invalid fid", 1000, -1, "invalid identity on line 1", `1000 f`},
+		{"empty", 0, useridEnd + 1, "", ``},
+		{"invalid field", 0, useridEnd + 1, "invalid entry on line 1", `9`},
+		{"invalid puid", 0, useridEnd + 1, "invalid parent uid on line 1", `f 9`},
+		{"invalid userid", 1000, useridEnd + 1, "invalid userid on line 1", `1000 f`},
 		{"match", 1000, 0, "", `1000 0`},
 	}
 
@@ -87,25 +86,21 @@ func TestParseConfig(t *testing.T) {
 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()
 
-			fid, ok, err := parseConfig(bytes.NewBufferString(tc.rc), tc.puid)
+			userid, ok, err := parseConfig(bytes.NewBufferString(tc.rc), tc.puid)
 			if err == nil && tc.wantErr != "" {
-				t.Errorf("parseConfig: error = %v; wantErr %q",
-					err, tc.wantErr)
+				t.Errorf("parseConfig: error = %v; want %q", err, tc.wantErr)
 				return
 			}
 			if err != nil && err.Error() != tc.wantErr {
-				t.Errorf("parseConfig: error = %q; wantErr %q",
-					err, tc.wantErr)
+				t.Errorf("parseConfig: error = %q; want %q", err, tc.wantErr)
 				return
 			}
-			if ok == (tc.want == -1) {
-				t.Errorf("parseConfig: ok = %v; want %v",
-					ok, tc.want)
+			if ok == (tc.want == useridEnd+1) {
+				t.Errorf("parseConfig: ok = %v; want %v", ok, tc.want)
 				return
 			}
-			if fid != tc.want {
-				t.Errorf("parseConfig: fid = %v; want %v",
-					fid, tc.want)
+			if userid != tc.want {
+				t.Errorf("parseConfig: %v; want %v", userid, tc.want)
 			}
 		})
 	}

container/autoroot_test.go

@@ -6,7 +6,7 @@ import (
 	"testing"
 
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
+	"hakurei.app/container/std"
 	"hakurei.app/container/stub"
 	"hakurei.app/message"
 )
@@ -23,14 +23,14 @@ func TestAutoRootOp(t *testing.T) {
 	checkOpBehaviour(t, []opBehaviourTestCase{
 		{"readdir", &Params{ParentPerm: 0750}, &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, []stub.Call{
 			call("readdir", stub.ExpectArgs{"/"}, stubDir(), stub.UniqueError(2)),
 		}, stub.UniqueError(2), nil, nil},
 
 		{"early", &Params{ParentPerm: 0750}, &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, []stub.Call{
 			call("readdir", stub.ExpectArgs{"/"}, stubDir("bin", "dev", "etc", "home", "lib64",
 				"lost+found", "mnt", "nix", "proc", "root", "run", "srv", "sys", "tmp", "usr", "var"), nil),
@@ -39,7 +39,7 @@ func TestAutoRootOp(t *testing.T) {
 
 		{"apply", &Params{ParentPerm: 0750}, &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, []stub.Call{
 			call("readdir", stub.ExpectArgs{"/"}, stubDir("bin", "dev", "etc", "home", "lib64",
 				"lost+found", "mnt", "nix", "proc", "root", "run", "srv", "sys", "tmp", "usr", "var"), nil),
@@ -60,7 +60,7 @@ func TestAutoRootOp(t *testing.T) {
 
 		{"success pd", &Params{ParentPerm: 0750}, &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, []stub.Call{
 			call("readdir", stub.ExpectArgs{"/"}, stubDir("bin", "dev", "etc", "home", "lib64",
 				"lost+found", "mnt", "nix", "proc", "root", "run", "srv", "sys", "tmp", "usr", "var"), nil),
@@ -127,10 +127,10 @@ func TestAutoRootOp(t *testing.T) {
 	})
 
 	checkOpsBuilder(t, []opsBuilderTestCase{
-		{"pd", new(Ops).Root(check.MustAbs("/"), comp.BindWritable), Ops{
+		{"pd", new(Ops).Root(check.MustAbs("/"), std.BindWritable), Ops{
 			&AutoRootOp{
 				Host:  check.MustAbs("/"),
-				Flags: comp.BindWritable,
+				Flags: std.BindWritable,
 			},
 		}},
 	})
@@ -140,42 +140,42 @@ func TestAutoRootOp(t *testing.T) {
 
 		{"internal ne", &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, &AutoRootOp{
 			Host:     check.MustAbs("/"),
-			Flags:    comp.BindWritable,
+			Flags:    std.BindWritable,
 			resolved: []*BindMountOp{new(BindMountOp)},
 		}, true},
 
 		{"flags differs", &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable | comp.BindDevice,
+			Flags: std.BindWritable | std.BindDevice,
 		}, &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, false},
 
 		{"host differs", &AutoRootOp{
 			Host:  check.MustAbs("/tmp/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, false},
 
 		{"equals", &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, true},
 	})
 
 	checkOpMeta(t, []opMetaTestCase{
 		{"root", &AutoRootOp{
 			Host:  check.MustAbs("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}, "setting up", `auto root "/" flags 0x2`},
 	})
 }

container/check/absolute_test.go

@@ -147,7 +147,7 @@ func TestAbsoluteIs(t *testing.T) {
 
 type sCheck struct {
 	Pathname *Absolute `json:"val"`
-	Magic    int       `json:"magic"`
+	Magic    uint64    `json:"magic"`
 }
 
 func TestCodecAbsolute(t *testing.T) {
@@ -169,19 +169,19 @@ func TestCodecAbsolute(t *testing.T) {
 		{"good", MustAbs("/etc"),
 			nil,
 			"\t\x7f\x05\x01\x02\xff\x82\x00\x00\x00\b\xff\x80\x00\x04/etc",
-			",\xff\x83\x03\x01\x01\x06sCheck\x01\xff\x84\x00\x01\x02\x01\bPathname\x01\xff\x80\x00\x01\x05Magic\x01\x04\x00\x00\x00\t\x7f\x05\x01\x02\xff\x82\x00\x00\x00\x10\xff\x84\x01\x04/etc\x01\xfb\x01\x81\xda\x00\x00\x00",
+			",\xff\x83\x03\x01\x01\x06sCheck\x01\xff\x84\x00\x01\x02\x01\bPathname\x01\xff\x80\x00\x01\x05Magic\x01\x06\x00\x00\x00\t\x7f\x05\x01\x02\xff\x82\x00\x00\x00\x0f\xff\x84\x01\x04/etc\x01\xfc\xc0\xed\x00\x00\x00",
 
 			`"/etc"`, `{"val":"/etc","magic":3236757504}`},
 		{"not absolute", nil,
 			&AbsoluteError{Pathname: "etc"},
 			"\t\x7f\x05\x01\x02\xff\x82\x00\x00\x00\a\xff\x80\x00\x03etc",
-			",\xff\x83\x03\x01\x01\x06sCheck\x01\xff\x84\x00\x01\x02\x01\bPathname\x01\xff\x80\x00\x01\x05Magic\x01\x04\x00\x00\x00\t\x7f\x05\x01\x02\xff\x82\x00\x00\x00\x0f\xff\x84\x01\x03etc\x01\xfb\x01\x81\xda\x00\x00\x00",
+			",\xff\x83\x03\x01\x01\x06sCheck\x01\xff\x84\x00\x01\x02\x01\bPathname\x01\xff\x80\x00\x01\x05Magic\x01\x06\x00\x00\x00\t\x7f\x05\x01\x02\xff\x82\x00\x00\x00\x0f\xff\x84\x01\x03etc\x01\xfb\x01\x81\xda\x00\x00\x00",
 
 			`"etc"`, `{"val":"etc","magic":3236757504}`},
 		{"zero", nil,
 			new(AbsoluteError),
 			"\t\x7f\x05\x01\x02\xff\x82\x00\x00\x00\x04\xff\x80\x00\x00",
-			",\xff\x83\x03\x01\x01\x06sCheck\x01\xff\x84\x00\x01\x02\x01\bPathname\x01\xff\x80\x00\x01\x05Magic\x01\x04\x00\x00\x00\t\x7f\x05\x01\x02\xff\x82\x00\x00\x00\f\xff\x84\x01\x00\x01\xfb\x01\x81\xda\x00\x00\x00",
+			",\xff\x83\x03\x01\x01\x06sCheck\x01\xff\x84\x00\x01\x02\x01\bPathname\x01\xff\x80\x00\x01\x05Magic\x01\x06\x00\x00\x00\t\x7f\x05\x01\x02\xff\x82\x00\x00\x00\f\xff\x84\x01\x00\x01\xfb\x01\x81\xda\x00\x00\x00",
 			`""`, `{"val":"","magic":3236757504}`},
 	}
 

container/container.go

@@ -15,9 +15,9 @@ import (
 	"time"
 
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/fhs"
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/message"
 )
 
@@ -25,6 +25,9 @@ const (
 	// CancelSignal is the signal expected by container init on context cancel.
 	// A custom [Container.Cancel] function must eventually deliver this signal.
 	CancelSignal = SIGUSR2
+
+	// Timeout for writing initParams to Container.setup.
+	initSetupTimeout = 5 * time.Second
 )
 
 type (
@@ -37,8 +40,8 @@ type (
 		// with behaviour identical to its [exec.Cmd] counterpart.
 		ExtraFiles []*os.File
 
-		// param encoder for shim and init
-		setup *gob.Encoder
+		// param pipe for shim and init
+		setup *os.File
 		// cancels cmd
 		cancel context.CancelFunc
 		// closed after Wait returns
@@ -82,11 +85,11 @@ type (
 		*Ops
 
 		// Seccomp system call filter rules.
-		SeccompRules []seccomp.NativeRule
+		SeccompRules []std.NativeRule
 		// Extra seccomp flags.
 		SeccompFlags seccomp.ExportFlag
 		// Seccomp presets. Has no effect unless SeccompRules is zero-length.
-		SeccompPresets comp.FilterPreset
+		SeccompPresets std.FilterPreset
 		// Do not load seccomp program.
 		SeccompDisable bool
 
@@ -174,7 +177,7 @@ func (p *Container) Start() error {
 	}
 
 	if !p.RetainSession {
-		p.SeccompPresets |= comp.PresetDenyTTY
+		p.SeccompPresets |= std.PresetDenyTTY
 	}
 
 	if p.AdoptWaitDelay == 0 {
@@ -228,10 +231,10 @@ func (p *Container) Start() error {
 	}
 
 	// place setup pipe before user supplied extra files, this is later restored by init
-	if fd, e, err := Setup(&p.cmd.ExtraFiles); err != nil {
+	if fd, f, err := Setup(&p.cmd.ExtraFiles); err != nil {
 		return &StartError{true, "set up params stream", err, false, false}
 	} else {
-		p.setup = e
+		p.setup = f
 		p.cmd.Env = []string{setupEnv + "=" + strconv.Itoa(fd)}
 	}
 	p.cmd.ExtraFiles = append(p.cmd.ExtraFiles, p.ExtraFiles...)
@@ -310,6 +313,9 @@ func (p *Container) Serve() error {
 
 	setup := p.setup
 	p.setup = nil
+	if err := setup.SetDeadline(time.Now().Add(initSetupTimeout)); err != nil {
+		return &StartError{true, "set init pipe deadline", err, false, true}
+	}
 
 	if p.Path == nil {
 		p.cancel()
@@ -321,18 +327,17 @@ func (p *Container) Serve() error {
 		p.Dir = fhs.AbsRoot
 	}
 	if p.SeccompRules == nil {
-		p.SeccompRules = make([]seccomp.NativeRule, 0)
+		p.SeccompRules = make([]std.NativeRule, 0)
 	}
 
-	err := setup.Encode(
-		&initParams{
+	err := gob.NewEncoder(setup).Encode(&initParams{
 		p.Params,
 		Getuid(),
 		Getgid(),
 		len(p.ExtraFiles),
 		p.msg.IsVerbose(),
-		},
-	)
+	})
+	_ = setup.Close()
 	if err != nil {
 		p.cancel()
 	}
@@ -399,7 +404,7 @@ func (p *Container) ProcessState() *os.ProcessState {
 // New returns the address to a new instance of [Container] that requires further initialisation before use.
 func New(ctx context.Context, msg message.Msg) *Container {
 	if msg == nil {
-		msg = message.NewMsg(nil)
+		msg = message.New(nil)
 	}
 
 	p := &Container{ctx: ctx, msg: msg, Params: Params{Ops: new(Ops)}}

container/container_test.go

@@ -21,8 +21,8 @@ import (
 	"hakurei.app/command"
 	"hakurei.app/container"
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/container/vfs"
 	"hakurei.app/hst"
 	"hakurei.app/ldd"
@@ -204,22 +204,22 @@ var containerTestCases = []struct {
 	uid int
 	gid int
 
-	rules   []seccomp.NativeRule
+	rules   []std.NativeRule
 	flags   seccomp.ExportFlag
-	presets comp.FilterPreset
+	presets std.FilterPreset
 }{
 	{"minimal", true, false, false, true,
 		emptyOps, emptyMnt,
-		1000, 100, nil, 0, comp.PresetStrict},
+		1000, 100, nil, 0, std.PresetStrict},
 	{"allow", true, true, true, false,
 		emptyOps, emptyMnt,
-		1000, 100, nil, 0, comp.PresetExt | comp.PresetDenyDevel},
+		1000, 100, nil, 0, std.PresetExt | std.PresetDenyDevel},
 	{"no filter", false, true, true, true,
 		emptyOps, emptyMnt,
-		1000, 100, nil, 0, comp.PresetExt},
+		1000, 100, nil, 0, std.PresetExt},
 	{"custom rules", true, true, true, false,
 		emptyOps, emptyMnt,
-		1, 31, []seccomp.NativeRule{{Syscall: seccomp.ScmpSyscall(syscall.SYS_SETUID), Errno: seccomp.ScmpErrno(syscall.EPERM)}}, 0, comp.PresetExt},
+		1, 31, []std.NativeRule{{Syscall: std.ScmpSyscall(syscall.SYS_SETUID), Errno: std.ScmpErrno(syscall.EPERM)}}, 0, std.PresetExt},
 
 	{"tmpfs", true, false, false, true,
 		earlyOps(new(container.Ops).
@@ -228,7 +228,7 @@ var containerTestCases = []struct {
 		earlyMnt(
 			ent("/", hst.PrivateTmp, "rw,nosuid,nodev,relatime", "tmpfs", "ephemeral", ignore),
 		),
-		9, 9, nil, 0, comp.PresetStrict},
+		9, 9, nil, 0, std.PresetStrict},
 
 	{"dev", true, true /* go test output is not a tty */, false, false,
 		earlyOps(new(container.Ops).
@@ -246,7 +246,7 @@ var containerTestCases = []struct {
 			ent("/", "/dev/mqueue", "rw,nosuid,nodev,noexec,relatime", "mqueue", "mqueue", "rw"),
 			ent("/", "/dev/shm", "rw,nosuid,nodev,relatime", "tmpfs", "tmpfs", ignore),
 		),
-		1971, 100, nil, 0, comp.PresetStrict},
+		1971, 100, nil, 0, std.PresetStrict},
 
 	{"dev no mqueue", true, true /* go test output is not a tty */, false, false,
 		earlyOps(new(container.Ops).
@@ -263,7 +263,7 @@ var containerTestCases = []struct {
 			ent("/", "/dev/pts", "rw,nosuid,noexec,relatime", "devpts", "devpts", "rw,mode=620,ptmxmode=666"),
 			ent("/", "/dev/shm", "rw,nosuid,nodev,relatime", "tmpfs", "tmpfs", ignore),
 		),
-		1971, 100, nil, 0, comp.PresetStrict},
+		1971, 100, nil, 0, std.PresetStrict},
 
 	{"overlay", true, false, false, true,
 		func(t *testing.T) (*container.Ops, context.Context) {
@@ -300,7 +300,7 @@ var containerTestCases = []struct {
 						",redirect_dir=nofollow,uuid=on,userxattr"),
 			}
 		},
-		1 << 3, 1 << 14, nil, 0, comp.PresetStrict},
+		1 << 3, 1 << 14, nil, 0, std.PresetStrict},
 
 	{"overlay ephemeral", true, false, false, true,
 		func(t *testing.T) (*container.Ops, context.Context) {
@@ -324,7 +324,7 @@ var containerTestCases = []struct {
 				ent("/", hst.PrivateTmp, "rw", "overlay", "overlay", ignore),
 			}
 		},
-		1 << 3, 1 << 14, nil, 0, comp.PresetStrict},
+		1 << 3, 1 << 14, nil, 0, std.PresetStrict},
 
 	{"overlay readonly", true, false, false, true,
 		func(t *testing.T) (*container.Ops, context.Context) {
@@ -352,7 +352,7 @@ var containerTestCases = []struct {
 						",redirect_dir=nofollow,userxattr"),
 			}
 		},
-		1 << 3, 1 << 14, nil, 0, comp.PresetStrict},
+		1 << 3, 1 << 14, nil, 0, std.PresetStrict},
 }
 
 func TestContainer(t *testing.T) {
@@ -556,13 +556,13 @@ func testContainerCancel(
 
 func TestContainerString(t *testing.T) {
 	t.Parallel()
-	msg := message.NewMsg(nil)
+	msg := message.New(nil)
 	c := container.NewCommand(t.Context(), msg, check.MustAbs("/run/current-system/sw/bin/ldd"), "ldd", "/usr/bin/env")
 	c.SeccompFlags |= seccomp.AllowMultiarch
 	c.SeccompRules = seccomp.Preset(
-		comp.PresetExt|comp.PresetDenyNS|comp.PresetDenyTTY,
+		std.PresetExt|std.PresetDenyNS|std.PresetDenyTTY,
 		c.SeccompFlags)
-	c.SeccompPresets = comp.PresetStrict
+	c.SeccompPresets = std.PresetStrict
 	want := `argv: ["ldd" "/usr/bin/env"], filter: true, rules: 65, flags: 0x1, presets: 0xf`
 	if got := c.String(); got != want {
 		t.Errorf("String: %s, want %s", got, want)
@@ -721,7 +721,7 @@ func TestMain(m *testing.M) {
 }
 
 func helperNewContainerLibPaths(ctx context.Context, libPaths *[]*check.Absolute, args ...string) (c *container.Container) {
-	msg := message.NewMsg(nil)
+	msg := message.New(nil)
 	c = container.NewCommand(ctx, msg, absHelperInnerPath, "helper", args...)
 	c.Env = append(c.Env, envDoCheck+"=1")
 	c.Bind(check.MustAbs(os.Args[0]), absHelperInnerPath, 0)

container/dispatcher.go

@@ -11,6 +11,7 @@ import (
 	"syscall"
 
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/message"
 )
 
@@ -62,7 +63,7 @@ type syscallDispatcher interface {
 	ensureFile(name string, perm, pperm os.FileMode) error
 
 	// seccompLoad provides [seccomp.Load].
-	seccompLoad(rules []seccomp.NativeRule, flags seccomp.ExportFlag) error
+	seccompLoad(rules []std.NativeRule, flags seccomp.ExportFlag) error
 	// notify provides [signal.Notify].
 	notify(c chan<- os.Signal, sig ...os.Signal)
 	// start starts [os/exec.Cmd].
@@ -164,7 +165,7 @@ func (direct) ensureFile(name string, perm, pperm os.FileMode) error {
 	return ensureFile(name, perm, pperm)
 }
 
-func (direct) seccompLoad(rules []seccomp.NativeRule, flags seccomp.ExportFlag) error {
+func (direct) seccompLoad(rules []std.NativeRule, flags seccomp.ExportFlag) error {
 	return seccomp.Load(rules, flags)
 }
 func (direct) notify(c chan<- os.Signal, sig ...os.Signal) { signal.Notify(c, sig...) }

container/dispatcher_test.go

@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/container/stub"
 	"hakurei.app/message"
 )
@@ -456,7 +457,7 @@ func (k *kstub) ensureFile(name string, perm, pperm os.FileMode) error {
 		stub.CheckArg(k.Stub, "pperm", pperm, 2))
 }
 
-func (k *kstub) seccompLoad(rules []seccomp.NativeRule, flags seccomp.ExportFlag) error {
+func (k *kstub) seccompLoad(rules []std.NativeRule, flags seccomp.ExportFlag) error {
 	k.Helper()
 	return k.Expects("seccompLoad").Error(
 		stub.CheckArgReflect(k.Stub, "rules", rules, 0),

container/errors_test.go

@@ -46,8 +46,8 @@ func TestMessageFromError(t *testing.T) {
 		{"state", OpStateError("overlay"),
 			"impossible overlay state reached", true},
 
-		{"vfs parse", &vfs.DecoderError{Op: "parse", Line: 0xdeadbeef, Err: &strconv.NumError{Func: "Atoi", Num: "meow", Err: strconv.ErrSyntax}},
-			`cannot parse mountinfo at line 3735928559: numeric field "meow" invalid syntax`, true},
+		{"vfs parse", &vfs.DecoderError{Op: "parse", Line: 0xdead, Err: &strconv.NumError{Func: "Atoi", Num: "meow", Err: strconv.ErrSyntax}},
+			`cannot parse mountinfo at line 57005: numeric field "meow" invalid syntax`, true},
 
 		{"tmpfs", TmpfsSizeError(-1),
 			"tmpfs size -1 out of bounds", true},

container/executable_test.go

@@ -11,7 +11,7 @@ import (
 func TestExecutable(t *testing.T) {
 	t.Parallel()
 	for i := 0; i < 16; i++ {
-		if got := container.MustExecutable(message.NewMsg(nil)); got != os.Args[0] {
+		if got := container.MustExecutable(message.New(nil)); got != os.Args[0] {
 			t.Errorf("MustExecutable: %q, want %q", got, os.Args[0])
 		}
 	}

container/init.go

@@ -461,7 +461,7 @@ func TryArgv0(msg message.Msg) {
 	if msg == nil {
 		log.SetPrefix(initName + ": ")
 		log.SetFlags(0)
-		msg = message.NewMsg(log.Default())
+		msg = message.New(log.Default())
 	}
 
 	if len(os.Args) > 0 && path.Base(os.Args[0]) == initName {

container/initbind.go

@@ -7,7 +7,7 @@ import (
 	"syscall"
 
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
+	"hakurei.app/container/std"
 )
 
 func init() { gob.Register(new(BindMountOp)) }
@@ -29,18 +29,18 @@ type BindMountOp struct {
 func (b *BindMountOp) Valid() bool {
 	return b != nil &&
 		b.Source != nil && b.Target != nil &&
-		b.Flags&(comp.BindOptional|comp.BindEnsure) != (comp.BindOptional|comp.BindEnsure)
+		b.Flags&(std.BindOptional|std.BindEnsure) != (std.BindOptional|std.BindEnsure)
 }
 
 func (b *BindMountOp) early(_ *setupState, k syscallDispatcher) error {
-	if b.Flags&comp.BindEnsure != 0 {
+	if b.Flags&std.BindEnsure != 0 {
 		if err := k.mkdirAll(b.Source.String(), 0700); err != nil {
 			return err
 		}
 	}
 
 	if pathname, err := k.evalSymlinks(b.Source.String()); err != nil {
-		if os.IsNotExist(err) && b.Flags&comp.BindOptional != 0 {
+		if os.IsNotExist(err) && b.Flags&std.BindOptional != 0 {
 			// leave sourceFinal as nil
 			return nil
 		}
@@ -53,7 +53,7 @@ func (b *BindMountOp) early(_ *setupState, k syscallDispatcher) error {
 
 func (b *BindMountOp) apply(state *setupState, k syscallDispatcher) error {
 	if b.sourceFinal == nil {
-		if b.Flags&comp.BindOptional == 0 {
+		if b.Flags&std.BindOptional == 0 {
 			// unreachable
 			return OpStateError("bind")
 		}
@@ -76,10 +76,10 @@ func (b *BindMountOp) apply(state *setupState, k syscallDispatcher) error {
 	}
 
 	var flags uintptr = syscall.MS_REC
-	if b.Flags&comp.BindWritable == 0 {
+	if b.Flags&std.BindWritable == 0 {
 		flags |= syscall.MS_RDONLY
 	}
-	if b.Flags&comp.BindDevice == 0 {
+	if b.Flags&std.BindDevice == 0 {
 		flags |= syscall.MS_NODEV
 	}
 

container/initbind_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
+	"hakurei.app/container/std"
 	"hakurei.app/container/stub"
 )
 
@@ -25,7 +25,7 @@ func TestBindMountOp(t *testing.T) {
 		{"skip optional", new(Params), &BindMountOp{
 			Source: check.MustAbs("/bin/"),
 			Target: check.MustAbs("/bin/"),
-			Flags:  comp.BindOptional,
+			Flags:  std.BindOptional,
 		}, []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/bin/"}, "", syscall.ENOENT),
 		}, nil, nil, nil},
@@ -33,7 +33,7 @@ func TestBindMountOp(t *testing.T) {
 		{"success optional", new(Params), &BindMountOp{
 			Source: check.MustAbs("/bin/"),
 			Target: check.MustAbs("/bin/"),
-			Flags:  comp.BindOptional,
+			Flags:  std.BindOptional,
 		}, []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/bin/"}, "/usr/bin", nil),
 		}, nil, []stub.Call{
@@ -46,7 +46,7 @@ func TestBindMountOp(t *testing.T) {
 		{"ensureFile device", new(Params), &BindMountOp{
 			Source: check.MustAbs("/dev/null"),
 			Target: check.MustAbs("/dev/null"),
-			Flags:  comp.BindWritable | comp.BindDevice,
+			Flags:  std.BindWritable | std.BindDevice,
 		}, []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/dev/null"}, "/dev/null", nil),
 		}, nil, []stub.Call{
@@ -57,7 +57,7 @@ func TestBindMountOp(t *testing.T) {
 		{"mkdirAll ensure", new(Params), &BindMountOp{
 			Source: check.MustAbs("/bin/"),
 			Target: check.MustAbs("/bin/"),
-			Flags:  comp.BindEnsure,
+			Flags:  std.BindEnsure,
 		}, []stub.Call{
 			call("mkdirAll", stub.ExpectArgs{"/bin/", os.FileMode(0700)}, nil, stub.UniqueError(4)),
 		}, stub.UniqueError(4), nil, nil},
@@ -65,7 +65,7 @@ func TestBindMountOp(t *testing.T) {
 		{"success ensure", new(Params), &BindMountOp{
 			Source: check.MustAbs("/bin/"),
 			Target: check.MustAbs("/usr/bin/"),
-			Flags:  comp.BindEnsure,
+			Flags:  std.BindEnsure,
 		}, []stub.Call{
 			call("mkdirAll", stub.ExpectArgs{"/bin/", os.FileMode(0700)}, nil, nil),
 			call("evalSymlinks", stub.ExpectArgs{"/bin/"}, "/usr/bin", nil),
@@ -79,7 +79,7 @@ func TestBindMountOp(t *testing.T) {
 		{"success device ro", new(Params), &BindMountOp{
 			Source: check.MustAbs("/dev/null"),
 			Target: check.MustAbs("/dev/null"),
-			Flags:  comp.BindDevice,
+			Flags:  std.BindDevice,
 		}, []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/dev/null"}, "/dev/null", nil),
 		}, nil, []stub.Call{
@@ -92,7 +92,7 @@ func TestBindMountOp(t *testing.T) {
 		{"success device", new(Params), &BindMountOp{
 			Source: check.MustAbs("/dev/null"),
 			Target: check.MustAbs("/dev/null"),
-			Flags:  comp.BindWritable | comp.BindDevice,
+			Flags:  std.BindWritable | std.BindDevice,
 		}, []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/dev/null"}, "/dev/null", nil),
 		}, nil, []stub.Call{
@@ -182,7 +182,7 @@ func TestBindMountOp(t *testing.T) {
 		{"zero", new(BindMountOp), false},
 		{"nil source", &BindMountOp{Target: check.MustAbs("/")}, false},
 		{"nil target", &BindMountOp{Source: check.MustAbs("/")}, false},
-		{"flag optional ensure", &BindMountOp{Source: check.MustAbs("/"), Target: check.MustAbs("/"), Flags: comp.BindOptional | comp.BindEnsure}, false},
+		{"flag optional ensure", &BindMountOp{Source: check.MustAbs("/"), Target: check.MustAbs("/"), Flags: std.BindOptional | std.BindEnsure}, false},
 		{"valid", &BindMountOp{Source: check.MustAbs("/"), Target: check.MustAbs("/")}, true},
 	})
 
@@ -217,7 +217,7 @@ func TestBindMountOp(t *testing.T) {
 		}, &BindMountOp{
 			Source: check.MustAbs("/etc/"),
 			Target: check.MustAbs("/etc/.host/048090b6ed8f9ebb10e275ff5d8c0659"),
-			Flags:  comp.BindOptional,
+			Flags:  std.BindOptional,
 		}, false},
 
 		{"source differs", &BindMountOp{
@@ -256,7 +256,7 @@ func TestBindMountOp(t *testing.T) {
 		{"hostdev", &BindMountOp{
 			Source: check.MustAbs("/dev/"),
 			Target: check.MustAbs("/dev/"),
-			Flags:  comp.BindWritable | comp.BindDevice,
+			Flags:  std.BindWritable | std.BindDevice,
 		}, "mounting", `"/dev/" flags 0x6`},
 	})
 }

container/landlock.go

@@ -5,7 +5,7 @@ import (
 	"syscall"
 	"unsafe"
 
-	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 )
 
 // include/uapi/linux/landlock.h
@@ -14,7 +14,8 @@ const (
 	LANDLOCK_CREATE_RULESET_VERSION = 1 << iota
 )
 
-type LandlockAccessFS uintptr
+// LandlockAccessFS is bitmask of handled filesystem actions.
+type LandlockAccessFS uint64
 
 const (
 	LANDLOCK_ACCESS_FS_EXECUTE LandlockAccessFS = 1 << iota
@@ -105,7 +106,8 @@ func (f LandlockAccessFS) String() string {
 	}
 }
 
-type LandlockAccessNet uintptr
+// LandlockAccessNet is bitmask of handled network actions.
+type LandlockAccessNet uint64
 
 const (
 	LANDLOCK_ACCESS_NET_BIND_TCP LandlockAccessNet = 1 << iota
@@ -140,7 +142,8 @@ func (f LandlockAccessNet) String() string {
 	}
 }
 
-type LandlockScope uintptr
+// LandlockScope is bitmask of scopes restricting a Landlock domain from accessing outside resources.
+type LandlockScope uint64
 
 const (
 	LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET LandlockScope = 1 << iota
@@ -175,6 +178,7 @@ func (f LandlockScope) String() string {
 	}
 }
 
+// RulesetAttr is equivalent to struct landlock_ruleset_attr.
 type RulesetAttr struct {
 	// Bitmask of handled filesystem actions.
 	HandledAccessFS LandlockAccessFS
@@ -212,7 +216,7 @@ func (rulesetAttr *RulesetAttr) Create(flags uintptr) (fd int, err error) {
 		size = unsafe.Sizeof(*rulesetAttr)
 	}
 
-	rulesetFd, _, errno := syscall.Syscall(seccomp.SYS_LANDLOCK_CREATE_RULESET, pointer, size, flags)
+	rulesetFd, _, errno := syscall.Syscall(std.SYS_LANDLOCK_CREATE_RULESET, pointer, size, flags)
 	fd = int(rulesetFd)
 	err = errno
 
@@ -231,7 +235,7 @@ func LandlockGetABI() (int, error) {
 }
 
 func LandlockRestrictSelf(rulesetFd int, flags uintptr) error {
-	r, _, errno := syscall.Syscall(seccomp.SYS_LANDLOCK_RESTRICT_SELF, uintptr(rulesetFd), flags, 0)
+	r, _, errno := syscall.Syscall(std.SYS_LANDLOCK_RESTRICT_SELF, uintptr(rulesetFd), flags, 0)
 	if r != 0 {
 		return errno
 	}

container/mount_test.go

@@ -69,8 +69,8 @@ func TestRemount(t *testing.T) {
 403 397 0:63 / /host/run/user/1000 rw,nosuid,nodev,relatime master:295 - tmpfs tmpfs rw,size=401060k,nr_inodes=100265,mode=700,uid=1000,gid=100
 404 254 0:46 / /host/mnt/cwd rw,relatime master:96 - overlay overlay rw,lowerdir=/mnt/.ro-cwd,upperdir=/tmp/.cwd/upper,workdir=/tmp/.cwd/work
 405 254 0:47 / /host/mnt/src rw,relatime master:99 - overlay overlay rw,lowerdir=/nix/store/ihcrl3zwvp2002xyylri2wz0drwajx4z-ns0pa7q2b1jpx9pbf1l9352x6rniwxjn-source,upperdir=/tmp/.src/upper,workdir=/tmp/.src/work
-407 253 0:65 / / rw,nosuid,nodev,relatime - tmpfs rootfs rw,uid=1000000,gid=1000000
-408 407 0:65 /sysroot /sysroot rw,nosuid,nodev,relatime - tmpfs rootfs rw,uid=1000000,gid=1000000
+407 253 0:65 / / rw,nosuid,nodev,relatime - tmpfs rootfs rw,uid=10000,gid=10000
+408 407 0:65 /sysroot /sysroot rw,nosuid,nodev,relatime - tmpfs rootfs rw,uid=10000,gid=10000
 409 408 253:0 /bin /sysroot/bin rw,nosuid,nodev,relatime master:1 - ext4 /dev/disk/by-label/nixos rw
 410 408 253:0 /home /sysroot/home rw,nosuid,nodev,relatime master:1 - ext4 /dev/disk/by-label/nixos rw
 411 408 253:0 /lib64 /sysroot/lib64 rw,nosuid,nodev,relatime master:1 - ext4 /dev/disk/by-label/nixos rw
@@ -91,24 +91,24 @@ func TestRemount(t *testing.T) {
 			return newProcPaths(k, hostPath).remount(nil, "/sysroot/nix", syscall.MS_REC|syscall.MS_RDONLY|syscall.MS_NODEV)
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/nix"}, "/sysroot/nix", nil),
-			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdeadbeef, stub.UniqueError(5)),
+			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdead, stub.UniqueError(5)),
 		}}, &os.PathError{Op: "open", Path: "/sysroot/nix", Err: stub.UniqueError(5)}},
 
 		{"readlink", func(k *kstub) error {
 			return newProcPaths(k, hostPath).remount(nil, "/sysroot/nix", syscall.MS_REC|syscall.MS_RDONLY|syscall.MS_NODEV)
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/nix"}, "/sysroot/nix", nil),
-			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdeadbeef, nil),
-			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/3735928559"}, "/sysroot/nix", stub.UniqueError(4)),
+			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdead, nil),
+			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/57005"}, "/sysroot/nix", stub.UniqueError(4)),
 		}}, stub.UniqueError(4)},
 
 		{"close", func(k *kstub) error {
 			return newProcPaths(k, hostPath).remount(nil, "/sysroot/nix", syscall.MS_REC|syscall.MS_RDONLY|syscall.MS_NODEV)
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/nix"}, "/sysroot/nix", nil),
-			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdeadbeef, nil),
-			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/3735928559"}, "/sysroot/nix", nil),
-			call("close", stub.ExpectArgs{0xdeadbeef}, nil, stub.UniqueError(3)),
+			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdead, nil),
+			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/57005"}, "/sysroot/nix", nil),
+			call("close", stub.ExpectArgs{0xdead}, nil, stub.UniqueError(3)),
 		}}, &os.PathError{Op: "close", Path: "/sysroot/nix", Err: stub.UniqueError(3)}},
 
 		{"mountinfo no match", func(k *kstub) error {
@@ -116,9 +116,9 @@ func TestRemount(t *testing.T) {
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/nix"}, "/sysroot/.hakurei", nil),
 			call("verbosef", stub.ExpectArgs{"target resolves to %q", []any{"/sysroot/.hakurei"}}, nil, nil),
-			call("open", stub.ExpectArgs{"/sysroot/.hakurei", 0x280000, uint32(0)}, 0xdeadbeef, nil),
-			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/3735928559"}, "/sysroot/.hakurei", nil),
-			call("close", stub.ExpectArgs{0xdeadbeef}, nil, nil),
+			call("open", stub.ExpectArgs{"/sysroot/.hakurei", 0x280000, uint32(0)}, 0xdead, nil),
+			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/57005"}, "/sysroot/.hakurei", nil),
+			call("close", stub.ExpectArgs{0xdead}, nil, nil),
 			call("openNew", stub.ExpectArgs{"/host/proc/self/mountinfo"}, newConstFile(sampleMountinfoNix), nil),
 		}}, &vfs.DecoderError{Op: "unfold", Line: -1, Err: vfs.UnfoldTargetError("/sysroot/.hakurei")}},
 
@@ -126,9 +126,9 @@ func TestRemount(t *testing.T) {
 			return newProcPaths(k, hostPath).remount(nil, "/sysroot/nix", syscall.MS_REC|syscall.MS_RDONLY|syscall.MS_NODEV)
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/nix"}, "/sysroot/nix", nil),
-			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdeadbeef, nil),
-			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/3735928559"}, "/sysroot/nix", nil),
-			call("close", stub.ExpectArgs{0xdeadbeef}, nil, nil),
+			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdead, nil),
+			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/57005"}, "/sysroot/nix", nil),
+			call("close", stub.ExpectArgs{0xdead}, nil, nil),
 			call("openNew", stub.ExpectArgs{"/host/proc/self/mountinfo"}, newConstFile("\x00"), nil),
 		}}, &vfs.DecoderError{Op: "parse", Line: 0, Err: vfs.ErrMountInfoFields}},
 
@@ -136,9 +136,9 @@ func TestRemount(t *testing.T) {
 			return newProcPaths(k, hostPath).remount(nil, "/sysroot/nix", syscall.MS_REC|syscall.MS_RDONLY|syscall.MS_NODEV)
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/nix"}, "/sysroot/nix", nil),
-			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdeadbeef, nil),
-			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/3735928559"}, "/sysroot/nix", nil),
-			call("close", stub.ExpectArgs{0xdeadbeef}, nil, nil),
+			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdead, nil),
+			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/57005"}, "/sysroot/nix", nil),
+			call("close", stub.ExpectArgs{0xdead}, nil, nil),
 			call("openNew", stub.ExpectArgs{"/host/proc/self/mountinfo"}, newConstFile(sampleMountinfoNix), nil),
 			call("mount", stub.ExpectArgs{"none", "/sysroot/nix", "", uintptr(0x209027), ""}, nil, stub.UniqueError(2)),
 		}}, stub.UniqueError(2)},
@@ -147,9 +147,9 @@ func TestRemount(t *testing.T) {
 			return newProcPaths(k, hostPath).remount(nil, "/sysroot/nix", syscall.MS_REC|syscall.MS_RDONLY|syscall.MS_NODEV)
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/nix"}, "/sysroot/nix", nil),
-			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdeadbeef, nil),
-			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/3735928559"}, "/sysroot/nix", nil),
-			call("close", stub.ExpectArgs{0xdeadbeef}, nil, nil),
+			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdead, nil),
+			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/57005"}, "/sysroot/nix", nil),
+			call("close", stub.ExpectArgs{0xdead}, nil, nil),
 			call("openNew", stub.ExpectArgs{"/host/proc/self/mountinfo"}, newConstFile(sampleMountinfoNix), nil),
 			call("mount", stub.ExpectArgs{"none", "/sysroot/nix", "", uintptr(0x209027), ""}, nil, nil),
 			call("mount", stub.ExpectArgs{"none", "/sysroot/nix/.ro-store", "", uintptr(0x209027), ""}, nil, stub.UniqueError(1)),
@@ -170,9 +170,9 @@ func TestRemount(t *testing.T) {
 			return newProcPaths(k, hostPath).remount(nil, "/sysroot/nix", syscall.MS_REC|syscall.MS_RDONLY|syscall.MS_NODEV)
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/nix"}, "/sysroot/nix", nil),
-			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdeadbeef, nil),
-			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/3735928559"}, "/sysroot/nix", nil),
-			call("close", stub.ExpectArgs{0xdeadbeef}, nil, nil),
+			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdead, nil),
+			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/57005"}, "/sysroot/nix", nil),
+			call("close", stub.ExpectArgs{0xdead}, nil, nil),
 			call("openNew", stub.ExpectArgs{"/host/proc/self/mountinfo"}, newConstFile(sampleMountinfoNix), nil),
 			call("mount", stub.ExpectArgs{"none", "/sysroot/nix", "", uintptr(0x209027), ""}, nil, nil),
 			call("mount", stub.ExpectArgs{"none", "/sysroot/nix/.ro-store", "", uintptr(0x209027), ""}, nil, syscall.EACCES),
@@ -183,9 +183,9 @@ func TestRemount(t *testing.T) {
 			return newProcPaths(k, hostPath).remount(nil, "/sysroot/nix", syscall.MS_RDONLY|syscall.MS_NODEV)
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/nix"}, "/sysroot/nix", nil),
-			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdeadbeef, nil),
-			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/3735928559"}, "/sysroot/nix", nil),
-			call("close", stub.ExpectArgs{0xdeadbeef}, nil, nil),
+			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdead, nil),
+			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/57005"}, "/sysroot/nix", nil),
+			call("close", stub.ExpectArgs{0xdead}, nil, nil),
 			call("openNew", stub.ExpectArgs{"/host/proc/self/mountinfo"}, newConstFile(sampleMountinfoNix), nil),
 			call("mount", stub.ExpectArgs{"none", "/sysroot/nix", "", uintptr(0x209027), ""}, nil, nil),
 		}}, nil},
@@ -194,9 +194,9 @@ func TestRemount(t *testing.T) {
 			return newProcPaths(k, hostPath).remount(nil, "/sysroot/nix", syscall.MS_REC|syscall.MS_RDONLY|syscall.MS_NODEV)
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/nix"}, "/sysroot/nix", nil),
-			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdeadbeef, nil),
-			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/3735928559"}, "/sysroot/nix", nil),
-			call("close", stub.ExpectArgs{0xdeadbeef}, nil, nil),
+			call("open", stub.ExpectArgs{"/sysroot/nix", 0x280000, uint32(0)}, 0xdead, nil),
+			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/57005"}, "/sysroot/nix", nil),
+			call("close", stub.ExpectArgs{0xdead}, nil, nil),
 			call("openNew", stub.ExpectArgs{"/host/proc/self/mountinfo"}, newConstFile(sampleMountinfoNix), nil),
 			call("mount", stub.ExpectArgs{"none", "/sysroot/nix", "", uintptr(0x209027), ""}, nil, nil),
 			call("mount", stub.ExpectArgs{"none", "/sysroot/nix/.ro-store", "", uintptr(0x209027), ""}, nil, nil),
@@ -208,9 +208,9 @@ func TestRemount(t *testing.T) {
 		}, stub.Expect{Calls: []stub.Call{
 			call("evalSymlinks", stub.ExpectArgs{"/sysroot/.nix"}, "/sysroot/NIX", nil),
 			call("verbosef", stub.ExpectArgs{"target resolves to %q", []any{"/sysroot/NIX"}}, nil, nil),
-			call("open", stub.ExpectArgs{"/sysroot/NIX", 0x280000, uint32(0)}, 0xdeadbeef, nil),
-			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/3735928559"}, "/sysroot/nix", nil),
-			call("close", stub.ExpectArgs{0xdeadbeef}, nil, nil),
+			call("open", stub.ExpectArgs{"/sysroot/NIX", 0x280000, uint32(0)}, 0xdead, nil),
+			call("readlink", stub.ExpectArgs{"/host/proc/self/fd/57005"}, "/sysroot/nix", nil),
+			call("close", stub.ExpectArgs{0xdead}, nil, nil),
 			call("openNew", stub.ExpectArgs{"/host/proc/self/mountinfo"}, newConstFile(sampleMountinfoNix), nil),
 			call("mount", stub.ExpectArgs{"none", "/sysroot/nix", "", uintptr(0x209027), ""}, nil, nil),
 			call("mount", stub.ExpectArgs{"none", "/sysroot/nix/.ro-store", "", uintptr(0x209027), ""}, nil, nil),

container/params.go

@@ -9,13 +9,13 @@ import (
 )
 
 // Setup appends the read end of a pipe for setup params transmission and returns its fd.
-func Setup(extraFiles *[]*os.File) (int, *gob.Encoder, error) {
+func Setup(extraFiles *[]*os.File) (int, *os.File, error) {
 	if r, w, err := os.Pipe(); err != nil {
 		return -1, nil, err
 	} else {
 		fd := 3 + len(*extraFiles)
 		*extraFiles = append(*extraFiles, r)
-		return fd, gob.NewEncoder(w), nil
+		return fd, w, nil
 	}
 }
 

container/params_test.go

@@ -1,6 +1,7 @@
 package container_test
 
 import (
+	"encoding/gob"
 	"errors"
 	"os"
 	"slices"
@@ -55,16 +56,20 @@ func TestSetupReceive(t *testing.T) {
 	t.Run("setup receive", func(t *testing.T) {
 		check := func(t *testing.T, useNilFdp bool) {
 			const key = "TEST_SETUP_RECEIVE"
-			payload := []int{syscall.MS_MGC_VAL, syscall.MS_MGC_MSK, syscall.MS_ASYNC, syscall.MS_ACTIVE}
+			payload := []uint64{syscall.MS_MGC_VAL, syscall.MS_MGC_MSK, syscall.MS_ASYNC, syscall.MS_ACTIVE}
 
 			encoderDone := make(chan error, 1)
 			extraFiles := make([]*os.File, 0, 1)
-			if fd, encoder, err := container.Setup(&extraFiles); err != nil {
+			deadline, _ := t.Deadline()
+			if fd, f, err := container.Setup(&extraFiles); err != nil {
 				t.Fatalf("Setup: error = %v", err)
 			} else if fd != 3 {
 				t.Fatalf("Setup: fd = %d, want 3", fd)
 			} else {
-				go func() { encoderDone <- encoder.Encode(payload) }()
+				if err = f.SetDeadline(deadline); err != nil {
+					t.Fatal(err.Error())
+				}
+				go func() { encoderDone <- gob.NewEncoder(f).Encode(payload) }()
 			}
 
 			if len(extraFiles) != 1 {
@@ -81,7 +86,7 @@ func TestSetupReceive(t *testing.T) {
 			}
 
 			var (
-				gotPayload []int
+				gotPayload []uint64
 				fdp        *uintptr
 			)
 			if !useNilFdp {

container/path_test.go

@@ -173,8 +173,8 @@ func TestProcPaths(t *testing.T) {
 			}
 		})
 		t.Run("fd", func(t *testing.T) {
-			want := "/host/proc/self/fd/9223372036854775807"
-			if got := hostProc.fd(math.MaxInt64); got != want {
+			want := "/host/proc/self/fd/2147483647"
+			if got := hostProc.fd(math.MaxInt32); got != want {
 				t.Errorf("stdout: %q, want %q", got, want)
 			}
 		})

container/seccomp/libseccomp.go

@@ -14,6 +14,8 @@ import (
 	"runtime/cgo"
 	"syscall"
 	"unsafe"
+
+	"hakurei.app/container/std"
 )
 
 // ErrInvalidRules is returned for a zero-length rules slice.
@@ -54,22 +56,16 @@ func (e *LibraryError) Is(err error) bool {
 }
 
 type (
-	// ScmpSyscall represents a syscall number passed to libseccomp via [NativeRule.Syscall].
-	ScmpSyscall = C.int
-	// ScmpErrno represents an errno value passed to libseccomp via [NativeRule.Errno].
-	ScmpErrno = C.int
+	// scmpUint is equivalent to [std.ScmpUint].
+	scmpUint = C.uint
+	// scmpInt is equivalent to [std.ScmpInt].
+	scmpInt = C.int
+
+	// syscallRule is equivalent to [std.NativeRule].
+	syscallRule = C.struct_hakurei_syscall_rule
 )
 
-// A NativeRule specifies an arch-specific action taken by seccomp under certain conditions.
-type NativeRule struct {
-	// Syscall is the arch-dependent syscall number to act against.
-	Syscall ScmpSyscall
-	// Errno is the errno value to return when the condition is satisfied.
-	Errno ScmpErrno
-	// Arg is the optional struct scmp_arg_cmp passed to libseccomp.
-	Arg *ScmpArgCmp
-}
-
+// ExportFlag configures filter behaviour that are not implemented as rules.
 type ExportFlag = C.hakurei_export_flag
 
 const (
@@ -102,9 +98,9 @@ func hakurei_scmp_allocate(f C.uintptr_t, len C.size_t) (buf unsafe.Pointer) {
 	return cgo.Handle(f).Value().(cbAllocateBuffer)(len)
 }
 
-// makeFilter generates a bpf program from a slice of [NativeRule] and writes the resulting byte slice to p.
+// makeFilter generates a bpf program from a slice of [std.NativeRule] and writes the resulting byte slice to p.
 // The filter is installed to the current process if p is nil.
-func makeFilter(rules []NativeRule, flags ExportFlag, p *[]byte) error {
+func makeFilter(rules []std.NativeRule, flags ExportFlag, p *[]byte) error {
 	if len(rules) == 0 {
 		return ErrInvalidRules
 	}
@@ -152,7 +148,7 @@ func makeFilter(rules []NativeRule, flags ExportFlag, p *[]byte) error {
 	res, err := C.hakurei_scmp_make_filter(
 		&ret, C.uintptr_t(allocateP),
 		arch, multiarch,
-		(*C.struct_hakurei_syscall_rule)(unsafe.Pointer(&rules[0])),
+		(*syscallRule)(unsafe.Pointer(&rules[0])),
 		C.size_t(len(rules)),
 		flags,
 	)
@@ -167,20 +163,27 @@ func makeFilter(rules []NativeRule, flags ExportFlag, p *[]byte) error {
 	return err
 }
 
-// Export generates a bpf program from a slice of [NativeRule].
+// Export generates a bpf program from a slice of [std.NativeRule].
 // Errors returned by libseccomp is wrapped in [LibraryError].
-func Export(rules []NativeRule, flags ExportFlag) (data []byte, err error) {
+func Export(rules []std.NativeRule, flags ExportFlag) (data []byte, err error) {
 	err = makeFilter(rules, flags, &data)
 	return
 }
 
-// Load generates a bpf program from a slice of [NativeRule] and enforces it on the current process.
+// Load generates a bpf program from a slice of [std.NativeRule] and enforces it on the current process.
 // Errors returned by libseccomp is wrapped in [LibraryError].
-func Load(rules []NativeRule, flags ExportFlag) error { return makeFilter(rules, flags, nil) }
+func Load(rules []std.NativeRule, flags ExportFlag) error { return makeFilter(rules, flags, nil) }
 
-// ScmpCompare is the equivalent of scmp_compare;
-// Comparison operators
-type ScmpCompare = C.enum_scmp_compare
+type (
+	// Comparison operators.
+	scmpCompare = C.enum_scmp_compare
+
+	// Argument datum.
+	scmpDatum = C.scmp_datum_t
+
+	// Argument / Value comparison definition.
+	scmpArgCmp = C.struct_scmp_arg_cmp
+)
 
 const (
 	_SCMP_CMP_MIN = C._SCMP_CMP_MIN
@@ -203,33 +206,19 @@ const (
 	_SCMP_CMP_MAX = C._SCMP_CMP_MAX
 )
 
-// ScmpDatum is the equivalent of scmp_datum_t;
-// Argument datum
-type ScmpDatum uint64
-
-// ScmpArgCmp is the equivalent of struct scmp_arg_cmp;
-// Argument / Value comparison definition
-type ScmpArgCmp struct {
-	// argument number, starting at 0
-	Arg C.uint
-	// the comparison op, e.g. SCMP_CMP_*
-	Op ScmpCompare
-
-	DatumA, DatumB ScmpDatum
-}
-
 const (
-	// PersonaLinux is passed in a [ScmpDatum] for filtering calls to syscall.SYS_PERSONALITY.
+	// PersonaLinux is passed in a [std.ScmpDatum] for filtering calls to syscall.SYS_PERSONALITY.
 	PersonaLinux = C.PER_LINUX
-	// PersonaLinux32 is passed in a [ScmpDatum] for filtering calls to syscall.SYS_PERSONALITY.
+	// PersonaLinux32 is passed in a [std.ScmpDatum] for filtering calls to syscall.SYS_PERSONALITY.
 	PersonaLinux32 = C.PER_LINUX32
 )
 
 // syscallResolveName resolves a syscall number by name via seccomp_syscall_resolve_name.
 // This function is only for testing the lookup tables and included here for convenience.
-func syscallResolveName(s string) (trap int) {
+func syscallResolveName(s string) (trap int, ok bool) {
 	v := C.CString(s)
 	trap = int(C.seccomp_syscall_resolve_name(v))
 	C.free(unsafe.Pointer(v))
+	ok = trap != C.__NR_SCMP_ERROR
 	return
 }

container/seccomp/libseccomp_test.go

@@ -6,8 +6,8 @@ import (
 	"syscall"
 	"testing"
 
-	. "hakurei.app/container/comp"
 	. "hakurei.app/container/seccomp"
+	. "hakurei.app/container/std"
 )
 
 func TestLibraryError(t *testing.T) {

container/seccomp/presets.go

@@ -5,32 +5,32 @@ package seccomp
 import (
 	. "syscall"
 
-	"hakurei.app/container/comp"
+	. "hakurei.app/container/std"
 )
 
-func Preset(presets comp.FilterPreset, flags ExportFlag) (rules []NativeRule) {
+func Preset(presets FilterPreset, flags ExportFlag) (rules []NativeRule) {
 	allowedPersonality := PersonaLinux
-	if presets&comp.PresetLinux32 != 0 {
+	if presets&PresetLinux32 != 0 {
 		allowedPersonality = PersonaLinux32
 	}
 	presetDevelFinal := presetDevel(ScmpDatum(allowedPersonality))
 
 	l := len(presetCommon)
-	if presets&comp.PresetDenyNS != 0 {
+	if presets&PresetDenyNS != 0 {
 		l += len(presetNamespace)
 	}
-	if presets&comp.PresetDenyTTY != 0 {
+	if presets&PresetDenyTTY != 0 {
 		l += len(presetTTY)
 	}
-	if presets&comp.PresetDenyDevel != 0 {
+	if presets&PresetDenyDevel != 0 {
 		l += len(presetDevelFinal)
 	}
 	if flags&AllowMultiarch == 0 {
 		l += len(presetEmu)
 	}
-	if presets&comp.PresetExt != 0 {
+	if presets&PresetExt != 0 {
 		l += len(presetCommonExt)
-		if presets&comp.PresetDenyNS != 0 {
+		if presets&PresetDenyNS != 0 {
 			l += len(presetNamespaceExt)
 		}
 		if flags&AllowMultiarch == 0 {
@@ -40,21 +40,21 @@ func Preset(presets comp.FilterPreset, flags ExportFlag) (rules []NativeRule) {
 
 	rules = make([]NativeRule, 0, l)
 	rules = append(rules, presetCommon...)
-	if presets&comp.PresetDenyNS != 0 {
+	if presets&PresetDenyNS != 0 {
 		rules = append(rules, presetNamespace...)
 	}
-	if presets&comp.PresetDenyTTY != 0 {
+	if presets&PresetDenyTTY != 0 {
 		rules = append(rules, presetTTY...)
 	}
-	if presets&comp.PresetDenyDevel != 0 {
+	if presets&PresetDenyDevel != 0 {
 		rules = append(rules, presetDevelFinal...)
 	}
 	if flags&AllowMultiarch == 0 {
 		rules = append(rules, presetEmu...)
 	}
-	if presets&comp.PresetExt != 0 {
+	if presets&PresetExt != 0 {
 		rules = append(rules, presetCommonExt...)
-		if presets&comp.PresetDenyNS != 0 {
+		if presets&PresetDenyNS != 0 {
 			rules = append(rules, presetNamespaceExt...)
 		}
 		if flags&AllowMultiarch == 0 {

container/seccomp/presets_386_test.go

@@ -0,0 +1,27 @@
+package seccomp_test
+
+import (
+	. "hakurei.app/container/seccomp"
+	. "hakurei.app/container/std"
+)
+
+var bpfExpected = bpfLookup{
+	{AllowMultiarch | AllowCAN |
+		AllowBluetooth, PresetExt |
+		PresetDenyNS | PresetDenyTTY | PresetDenyDevel |
+		PresetLinux32}: toHash(
+		"e67735d24caba42b6801e829ea4393727a36c5e37b8a51e5648e7886047e8454484ff06872aaef810799c29cbd0c1b361f423ad0ef518e33f68436372cc90eb1"),
+
+	{0, 0}: toHash(
+		"5dbcc08a4a1ccd8c12dd0cf6d9817ea6d4f40246e1db7a60e71a50111c4897d69f6fb6d710382d70c18910c2e4fa2d2aeb2daed835dd2fabe3f71def628ade59"),
+	{0, PresetExt}: toHash(
+		"d6c0f130dbb5c793d1c10f730455701875778138bd2d03ca009d674842fd97a10815a8c539b76b7801a73de19463938701216b756c053ec91cfe304cba04a0ed"),
+	{0, PresetStrict}: toHash(
+		"af7d7b66f2e83f9a850472170c1b83d1371426faa9d0dee4e85b179d3ec75ca92828cb8529eb3012b559497494b2eab4d4b140605e3a26c70dfdbe5efe33c105"),
+	{0, PresetDenyNS | PresetDenyTTY | PresetDenyDevel}: toHash(
+		"adfb4397e6eeae8c477d315d58204aae854d60071687b8df4c758e297780e02deee1af48328cef80e16e4d6ab1a66ef13e42247c3475cf447923f15cbc17a6a6"),
+	{0, PresetExt | PresetDenyDevel}: toHash(
+		"5d641321460cf54a7036a40a08e845082e1f6d65b9dee75db85ef179f2732f321b16aee2258b74273b04e0d24562e8b1e727930a7e787f41eb5c8aaa0bc22793"),
+	{0, PresetExt | PresetDenyNS | PresetDenyDevel}: toHash(
+		"b1f802d39de5897b1e4cb0e82a199f53df0a803ea88e2fd19491fb8c90387c9e2eaa7e323f565fecaa0202a579eb050531f22e6748e04cfd935b8faac35983ec"),
+}

container/seccomp/presets_amd64_test.go

@@ -1,8 +1,8 @@
 package seccomp_test
 
 import (
-	. "hakurei.app/container/comp"
 	. "hakurei.app/container/seccomp"
+	. "hakurei.app/container/std"
 )
 
 var bpfExpected = bpfLookup{

container/seccomp/presets_arm64_test.go

@@ -1,8 +1,8 @@
 package seccomp_test
 
 import (
-	. "hakurei.app/container/comp"
 	. "hakurei.app/container/seccomp"
+	. "hakurei.app/container/std"
 )
 
 var bpfExpected = bpfLookup{

container/seccomp/presets_test.go

@@ -4,14 +4,14 @@ import (
 	"crypto/sha512"
 	"encoding/hex"
 
-	"hakurei.app/container/comp"
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 )
 
 type (
 	bpfPreset = struct {
 		seccomp.ExportFlag
-		comp.FilterPreset
+		std.FilterPreset
 	}
 	bpfLookup map[bpfPreset][sha512.Size]byte
 )

container/seccomp/std_test.go

@@ -0,0 +1,63 @@
+package seccomp
+
+import (
+	"reflect"
+	"testing"
+	"unsafe"
+
+	"hakurei.app/container/std"
+)
+
+func TestSyscallResolveName(t *testing.T) {
+	t.Parallel()
+
+	for name, want := range std.Syscalls() {
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			// this checks the std implementation against libseccomp.
+			if got, ok := syscallResolveName(name); !ok || got != want {
+				t.Errorf("syscallResolveName(%q) = %d, want %d", name, got, want)
+			}
+		})
+	}
+}
+
+func TestRuleType(t *testing.T) {
+	assertKind[std.ScmpUint, scmpUint](t)
+	assertKind[std.ScmpInt, scmpInt](t)
+
+	assertSize[std.NativeRule, syscallRule](t)
+	assertKind[std.ScmpDatum, scmpDatum](t)
+	assertKind[std.ScmpCompare, scmpCompare](t)
+	assertSize[std.ScmpArgCmp, scmpArgCmp](t)
+}
+
+// assertSize asserts that native and equivalent are of the same size.
+func assertSize[native, equivalent any](t *testing.T) {
+	t.Helper()
+
+	got, want := unsafe.Sizeof(*new(native)), unsafe.Sizeof(*new(equivalent))
+	if got != want {
+		t.Fatalf("%s: %d, want %d", reflect.TypeFor[native]().Name(), got, want)
+	}
+}
+
+// assertKind asserts that native and equivalent are of the same kind.
+func assertKind[native, equivalent any](t *testing.T) {
+	t.Helper()
+
+	assertSize[native, equivalent](t)
+	nativeType, equivalentType := reflect.TypeFor[native](), reflect.TypeFor[equivalent]()
+	got, want := nativeType.Kind(), equivalentType.Kind()
+
+	if got == reflect.Invalid || want == reflect.Invalid {
+		t.Fatalf("%s: invalid call to assertKind", nativeType.Name())
+	}
+	if got == reflect.Struct {
+		t.Fatalf("%s: struct is unsupported by assertKind", nativeType.Name())
+	}
+	if got != want {
+		t.Fatalf("%s: %s, want %s", nativeType.Name(), nativeType.Kind(), equivalentType.Kind())
+	}
+}

container/seccomp/syscall_extra_linux_amd64.go

@@ -1,48 +0,0 @@
-package seccomp
-
-/*
-#cgo linux pkg-config: --static libseccomp
-
-#include <seccomp.h>
-*/
-import "C"
-
-var syscallNumExtra = map[string]int{
-	"umount":          SYS_UMOUNT,
-	"subpage_prot":    SYS_SUBPAGE_PROT,
-	"switch_endian":   SYS_SWITCH_ENDIAN,
-	"vm86":            SYS_VM86,
-	"vm86old":         SYS_VM86OLD,
-	"clock_adjtime64": SYS_CLOCK_ADJTIME64,
-	"clock_settime64": SYS_CLOCK_SETTIME64,
-	"chown32":         SYS_CHOWN32,
-	"fchown32":        SYS_FCHOWN32,
-	"lchown32":        SYS_LCHOWN32,
-	"setgid32":        SYS_SETGID32,
-	"setgroups32":     SYS_SETGROUPS32,
-	"setregid32":      SYS_SETREGID32,
-	"setresgid32":     SYS_SETRESGID32,
-	"setresuid32":     SYS_SETRESUID32,
-	"setreuid32":      SYS_SETREUID32,
-	"setuid32":        SYS_SETUID32,
-}
-
-const (
-	SYS_UMOUNT          = C.__SNR_umount
-	SYS_SUBPAGE_PROT    = C.__SNR_subpage_prot
-	SYS_SWITCH_ENDIAN   = C.__SNR_switch_endian
-	SYS_VM86            = C.__SNR_vm86
-	SYS_VM86OLD         = C.__SNR_vm86old
-	SYS_CLOCK_ADJTIME64 = C.__SNR_clock_adjtime64
-	SYS_CLOCK_SETTIME64 = C.__SNR_clock_settime64
-	SYS_CHOWN32         = C.__SNR_chown32
-	SYS_FCHOWN32        = C.__SNR_fchown32
-	SYS_LCHOWN32        = C.__SNR_lchown32
-	SYS_SETGID32        = C.__SNR_setgid32
-	SYS_SETGROUPS32     = C.__SNR_setgroups32
-	SYS_SETREGID32      = C.__SNR_setregid32
-	SYS_SETRESGID32     = C.__SNR_setresgid32
-	SYS_SETRESUID32     = C.__SNR_setresuid32
-	SYS_SETREUID32      = C.__SNR_setreuid32
-	SYS_SETUID32        = C.__SNR_setuid32
-)

container/seccomp/syscall_extra_linux_arm64.go

@@ -1,61 +0,0 @@
-package seccomp
-
-/*
-#cgo linux pkg-config: --static libseccomp
-
-#include <seccomp.h>
-*/
-import "C"
-import "syscall"
-
-const (
-	SYS_NEWFSTATAT = syscall.SYS_FSTATAT
-)
-
-var syscallNumExtra = map[string]int{
-	"uselib":          SYS_USELIB,
-	"clock_adjtime64": SYS_CLOCK_ADJTIME64,
-	"clock_settime64": SYS_CLOCK_SETTIME64,
-	"umount":          SYS_UMOUNT,
-	"chown":           SYS_CHOWN,
-	"chown32":         SYS_CHOWN32,
-	"fchown32":        SYS_FCHOWN32,
-	"lchown":          SYS_LCHOWN,
-	"lchown32":        SYS_LCHOWN32,
-	"setgid32":        SYS_SETGID32,
-	"setgroups32":     SYS_SETGROUPS32,
-	"setregid32":      SYS_SETREGID32,
-	"setresgid32":     SYS_SETRESGID32,
-	"setresuid32":     SYS_SETRESUID32,
-	"setreuid32":      SYS_SETREUID32,
-	"setuid32":        SYS_SETUID32,
-	"modify_ldt":      SYS_MODIFY_LDT,
-	"subpage_prot":    SYS_SUBPAGE_PROT,
-	"switch_endian":   SYS_SWITCH_ENDIAN,
-	"vm86":            SYS_VM86,
-	"vm86old":         SYS_VM86OLD,
-}
-
-const (
-	SYS_USELIB          = C.__SNR_uselib
-	SYS_CLOCK_ADJTIME64 = C.__SNR_clock_adjtime64
-	SYS_CLOCK_SETTIME64 = C.__SNR_clock_settime64
-	SYS_UMOUNT          = C.__SNR_umount
-	SYS_CHOWN           = C.__SNR_chown
-	SYS_CHOWN32         = C.__SNR_chown32
-	SYS_FCHOWN32        = C.__SNR_fchown32
-	SYS_LCHOWN          = C.__SNR_lchown
-	SYS_LCHOWN32        = C.__SNR_lchown32
-	SYS_SETGID32        = C.__SNR_setgid32
-	SYS_SETGROUPS32     = C.__SNR_setgroups32
-	SYS_SETREGID32      = C.__SNR_setregid32
-	SYS_SETRESGID32     = C.__SNR_setresgid32
-	SYS_SETRESUID32     = C.__SNR_setresuid32
-	SYS_SETREUID32      = C.__SNR_setreuid32
-	SYS_SETUID32        = C.__SNR_setuid32
-	SYS_MODIFY_LDT      = C.__SNR_modify_ldt
-	SYS_SUBPAGE_PROT    = C.__SNR_subpage_prot
-	SYS_SWITCH_ENDIAN   = C.__SNR_switch_endian
-	SYS_VM86            = C.__SNR_vm86
-	SYS_VM86OLD         = C.__SNR_vm86old
-)

container/seccomp/syscall_test.go

@@ -1,22 +0,0 @@
-package seccomp
-
-import (
-	"testing"
-)
-
-func TestSyscallResolveName(t *testing.T) {
-	t.Parallel()
-
-	for name, want := range Syscalls() {
-		t.Run(name, func(t *testing.T) {
-			t.Parallel()
-
-			if got := syscallResolveName(name); got != want {
-				t.Errorf("syscallResolveName(%q) = %d, want %d", name, got, want)
-			}
-			if got, ok := SyscallResolveName(name); !ok || got != want {
-				t.Errorf("SyscallResolveName(%q) = %d, want %d", name, got, want)
-			}
-		})
-	}
-}

container/std/bits.go

@@ -1,5 +1,5 @@
-// Package comp contains constants from container packages without depending on cgo.
-package comp
+// Package std contains constants from container packages without depending on cgo.
+package std
 
 const (
 	// BindOptional skips nonexistent host paths.

container/std/mksysnum_linux.pl

@@ -9,6 +9,7 @@ use POSIX ();
 my $command = "mksysnum_linux.pl ". join(' ', @ARGV);
 my $uname_arch = (POSIX::uname)[4];
 my %syscall_cutoff_arch = (
+	"x86" => 340,
 	"x86_64" => 302,
 	"aarch64" => 281,
 );
@@ -17,7 +18,7 @@ print <<EOF;
 // $command
 // Code generated by the command above; DO NOT EDIT.
 
-package seccomp
+package std
 
 import . "syscall"
 

container/std/pnr.go

@@ -0,0 +1,267 @@
+// Code generated from include/seccomp-syscalls.h; DO NOT EDIT.
+
+package std
+
+/*
+ * pseudo syscall definitions
+ */
+
+const (
+
+	/* socket syscalls */
+
+	__PNR_socket      = -101
+	__PNR_bind        = -102
+	__PNR_connect     = -103
+	__PNR_listen      = -104
+	__PNR_accept      = -105
+	__PNR_getsockname = -106
+	__PNR_getpeername = -107
+	__PNR_socketpair  = -108
+	__PNR_send        = -109
+	__PNR_recv        = -110
+	__PNR_sendto      = -111
+	__PNR_recvfrom    = -112
+	__PNR_shutdown    = -113
+	__PNR_setsockopt  = -114
+	__PNR_getsockopt  = -115
+	__PNR_sendmsg     = -116
+	__PNR_recvmsg     = -117
+	__PNR_accept4     = -118
+	__PNR_recvmmsg    = -119
+	__PNR_sendmmsg    = -120
+
+	/* ipc syscalls */
+
+	__PNR_semop      = -201
+	__PNR_semget     = -202
+	__PNR_semctl     = -203
+	__PNR_semtimedop = -204
+	__PNR_msgsnd     = -211
+	__PNR_msgrcv     = -212
+	__PNR_msgget     = -213
+	__PNR_msgctl     = -214
+	__PNR_shmat      = -221
+	__PNR_shmdt      = -222
+	__PNR_shmget     = -223
+	__PNR_shmctl     = -224
+
+	/* single syscalls */
+
+	__PNR_arch_prctl                   = -10001
+	__PNR_bdflush                      = -10002
+	__PNR_break                        = -10003
+	__PNR_chown32                      = -10004
+	__PNR_epoll_ctl_old                = -10005
+	__PNR_epoll_wait_old               = -10006
+	__PNR_fadvise64_64                 = -10007
+	__PNR_fchown32                     = -10008
+	__PNR_fcntl64                      = -10009
+	__PNR_fstat64                      = -10010
+	__PNR_fstatat64                    = -10011
+	__PNR_fstatfs64                    = -10012
+	__PNR_ftime                        = -10013
+	__PNR_ftruncate64                  = -10014
+	__PNR_getegid32                    = -10015
+	__PNR_geteuid32                    = -10016
+	__PNR_getgid32                     = -10017
+	__PNR_getgroups32                  = -10018
+	__PNR_getresgid32                  = -10019
+	__PNR_getresuid32                  = -10020
+	__PNR_getuid32                     = -10021
+	__PNR_gtty                         = -10022
+	__PNR_idle                         = -10023
+	__PNR_ipc                          = -10024
+	__PNR_lchown32                     = -10025
+	__PNR__llseek                      = -10026
+	__PNR_lock                         = -10027
+	__PNR_lstat64                      = -10028
+	__PNR_mmap2                        = -10029
+	__PNR_mpx                          = -10030
+	__PNR_newfstatat                   = -10031
+	__PNR__newselect                   = -10032
+	__PNR_nice                         = -10033
+	__PNR_oldfstat                     = -10034
+	__PNR_oldlstat                     = -10035
+	__PNR_oldolduname                  = -10036
+	__PNR_oldstat                      = -10037
+	__PNR_olduname                     = -10038
+	__PNR_prof                         = -10039
+	__PNR_profil                       = -10040
+	__PNR_readdir                      = -10041
+	__PNR_security                     = -10042
+	__PNR_sendfile64                   = -10043
+	__PNR_setfsgid32                   = -10044
+	__PNR_setfsuid32                   = -10045
+	__PNR_setgid32                     = -10046
+	__PNR_setgroups32                  = -10047
+	__PNR_setregid32                   = -10048
+	__PNR_setresgid32                  = -10049
+	__PNR_setresuid32                  = -10050
+	__PNR_setreuid32                   = -10051
+	__PNR_setuid32                     = -10052
+	__PNR_sgetmask                     = -10053
+	__PNR_sigaction                    = -10054
+	__PNR_signal                       = -10055
+	__PNR_sigpending                   = -10056
+	__PNR_sigprocmask                  = -10057
+	__PNR_sigreturn                    = -10058
+	__PNR_sigsuspend                   = -10059
+	__PNR_socketcall                   = -10060
+	__PNR_ssetmask                     = -10061
+	__PNR_stat64                       = -10062
+	__PNR_statfs64                     = -10063
+	__PNR_stime                        = -10064
+	__PNR_stty                         = -10065
+	__PNR_truncate64                   = -10066
+	__PNR_tuxcall                      = -10067
+	__PNR_ugetrlimit                   = -10068
+	__PNR_ulimit                       = -10069
+	__PNR_umount                       = -10070
+	__PNR_vm86                         = -10071
+	__PNR_vm86old                      = -10072
+	__PNR_waitpid                      = -10073
+	__PNR_create_module                = -10074
+	__PNR_get_kernel_syms              = -10075
+	__PNR_get_thread_area              = -10076
+	__PNR_nfsservctl                   = -10077
+	__PNR_query_module                 = -10078
+	__PNR_set_thread_area              = -10079
+	__PNR__sysctl                      = -10080
+	__PNR_uselib                       = -10081
+	__PNR_vserver                      = -10082
+	__PNR_arm_fadvise64_64             = -10083
+	__PNR_arm_sync_file_range          = -10084
+	__PNR_pciconfig_iobase             = -10086
+	__PNR_pciconfig_read               = -10087
+	__PNR_pciconfig_write              = -10088
+	__PNR_sync_file_range2             = -10089
+	__PNR_syscall                      = -10090
+	__PNR_afs_syscall                  = -10091
+	__PNR_fadvise64                    = -10092
+	__PNR_getpmsg                      = -10093
+	__PNR_ioperm                       = -10094
+	__PNR_iopl                         = -10095
+	__PNR_migrate_pages                = -10097
+	__PNR_modify_ldt                   = -10098
+	__PNR_putpmsg                      = -10099
+	__PNR_sync_file_range              = -10100
+	__PNR_select                       = -10101
+	__PNR_vfork                        = -10102
+	__PNR_cachectl                     = -10103
+	__PNR_cacheflush                   = -10104
+	__PNR_sysmips                      = -10106
+	__PNR_timerfd                      = -10107
+	__PNR_time                         = -10108
+	__PNR_getrandom                    = -10109
+	__PNR_memfd_create                 = -10110
+	__PNR_kexec_file_load              = -10111
+	__PNR_sysfs                        = -10145
+	__PNR_oldwait4                     = -10146
+	__PNR_access                       = -10147
+	__PNR_alarm                        = -10148
+	__PNR_chmod                        = -10149
+	__PNR_chown                        = -10150
+	__PNR_creat                        = -10151
+	__PNR_dup2                         = -10152
+	__PNR_epoll_create                 = -10153
+	__PNR_epoll_wait                   = -10154
+	__PNR_eventfd                      = -10155
+	__PNR_fork                         = -10156
+	__PNR_futimesat                    = -10157
+	__PNR_getdents                     = -10158
+	__PNR_getpgrp                      = -10159
+	__PNR_inotify_init                 = -10160
+	__PNR_lchown                       = -10161
+	__PNR_link                         = -10162
+	__PNR_lstat                        = -10163
+	__PNR_mkdir                        = -10164
+	__PNR_mknod                        = -10165
+	__PNR_open                         = -10166
+	__PNR_pause                        = -10167
+	__PNR_pipe                         = -10168
+	__PNR_poll                         = -10169
+	__PNR_readlink                     = -10170
+	__PNR_rename                       = -10171
+	__PNR_rmdir                        = -10172
+	__PNR_signalfd                     = -10173
+	__PNR_stat                         = -10174
+	__PNR_symlink                      = -10175
+	__PNR_unlink                       = -10176
+	__PNR_ustat                        = -10177
+	__PNR_utime                        = -10178
+	__PNR_utimes                       = -10179
+	__PNR_getrlimit                    = -10180
+	__PNR_mmap                         = -10181
+	__PNR_breakpoint                   = -10182
+	__PNR_set_tls                      = -10183
+	__PNR_usr26                        = -10184
+	__PNR_usr32                        = -10185
+	__PNR_multiplexer                  = -10186
+	__PNR_rtas                         = -10187
+	__PNR_spu_create                   = -10188
+	__PNR_spu_run                      = -10189
+	__PNR_swapcontext                  = -10190
+	__PNR_sys_debug_setcontext         = -10191
+	__PNR_switch_endian                = -10191
+	__PNR_get_mempolicy                = -10192
+	__PNR_move_pages                   = -10193
+	__PNR_mbind                        = -10194
+	__PNR_set_mempolicy                = -10195
+	__PNR_s390_runtime_instr           = -10196
+	__PNR_s390_pci_mmio_read           = -10197
+	__PNR_s390_pci_mmio_write          = -10198
+	__PNR_membarrier                   = -10199
+	__PNR_userfaultfd                  = -10200
+	__PNR_pkey_mprotect                = -10201
+	__PNR_pkey_alloc                   = -10202
+	__PNR_pkey_free                    = -10203
+	__PNR_get_tls                      = -10204
+	__PNR_s390_guarded_storage         = -10205
+	__PNR_s390_sthyi                   = -10206
+	__PNR_subpage_prot                 = -10207
+	__PNR_statx                        = -10208
+	__PNR_io_pgetevents                = -10209
+	__PNR_rseq                         = -10210
+	__PNR_setrlimit                    = -10211
+	__PNR_clock_adjtime64              = -10212
+	__PNR_clock_getres_time64          = -10213
+	__PNR_clock_gettime64              = -10214
+	__PNR_clock_nanosleep_time64       = -10215
+	__PNR_clock_settime64              = -10216
+	__PNR_clone3                       = -10217
+	__PNR_fsconfig                     = -10218
+	__PNR_fsmount                      = -10219
+	__PNR_fsopen                       = -10220
+	__PNR_fspick                       = -10221
+	__PNR_futex_time64                 = -10222
+	__PNR_io_pgetevents_time64         = -10223
+	__PNR_move_mount                   = -10224
+	__PNR_mq_timedreceive_time64       = -10225
+	__PNR_mq_timedsend_time64          = -10226
+	__PNR_open_tree                    = -10227
+	__PNR_pidfd_open                   = -10228
+	__PNR_pidfd_send_signal            = -10229
+	__PNR_ppoll_time64                 = -10230
+	__PNR_pselect6_time64              = -10231
+	__PNR_recvmmsg_time64              = -10232
+	__PNR_rt_sigtimedwait_time64       = -10233
+	__PNR_sched_rr_get_interval_time64 = -10234
+	__PNR_semtimedop_time64            = -10235
+	__PNR_timer_gettime64              = -10236
+	__PNR_timer_settime64              = -10237
+	__PNR_timerfd_gettime64            = -10238
+	__PNR_timerfd_settime64            = -10239
+	__PNR_utimensat_time64             = -10240
+	__PNR_ppoll                        = -10241
+	__PNR_renameat                     = -10242
+	__PNR_riscv_flush_icache           = -10243
+	__PNR_memfd_secret                 = -10244
+	__PNR_map_shadow_stack             = -10245
+	__PNR_fstat                        = -10246
+	__PNR_atomic_barrier               = -10247
+	__PNR_atomic_cmpxchg_32            = -10248
+	__PNR_getpagesize                  = -10249
+	__PNR_riscv_hwprobe                = -10250
+	__PNR_uretprobe                    = -10251
+)

container/std/seccomp.go

@@ -0,0 +1,76 @@
+package std
+
+import (
+	"encoding/json"
+	"strconv"
+)
+
+type (
+	// ScmpUint is equivalent to C.uint.
+	ScmpUint uint32
+	// ScmpInt is equivalent to C.int.
+	ScmpInt int32
+
+	// ScmpSyscall represents a syscall number passed to libseccomp via [NativeRule.Syscall].
+	ScmpSyscall ScmpInt
+	// ScmpErrno represents an errno value passed to libseccomp via [NativeRule.Errno].
+	ScmpErrno ScmpInt
+
+	// ScmpCompare is equivalent to enum scmp_compare;
+	ScmpCompare ScmpUint
+	// ScmpDatum is equivalent to scmp_datum_t.
+	ScmpDatum uint64
+
+	// ScmpArgCmp is equivalent to struct scmp_arg_cmp.
+	ScmpArgCmp struct {
+		// argument number, starting at 0
+		Arg ScmpUint `json:"arg"`
+		// the comparison op, e.g. SCMP_CMP_*
+		Op ScmpCompare `json:"op"`
+
+		DatumA ScmpDatum `json:"a,omitempty"`
+		DatumB ScmpDatum `json:"b,omitempty"`
+	}
+
+	// A NativeRule specifies an arch-specific action taken by seccomp under certain conditions.
+	NativeRule struct {
+		// Syscall is the arch-dependent syscall number to act against.
+		Syscall ScmpSyscall `json:"syscall"`
+		// Errno is the errno value to return when the condition is satisfied.
+		Errno ScmpErrno `json:"errno"`
+		// Arg is the optional struct scmp_arg_cmp passed to libseccomp.
+		Arg *ScmpArgCmp `json:"arg,omitempty"`
+	}
+)
+
+// MarshalJSON resolves the name of [ScmpSyscall] and encodes it as a [json] string.
+// If such a name does not exist, the syscall number is encoded instead.
+func (num *ScmpSyscall) MarshalJSON() ([]byte, error) {
+	n := int(*num)
+	for name, cur := range Syscalls() {
+		if cur == n {
+			return json.Marshal(name)
+		}
+	}
+	return json.Marshal(n)
+}
+
+// SyscallNameError is returned when trying to unmarshal an invalid syscall name into [ScmpSyscall].
+type SyscallNameError string
+
+func (e SyscallNameError) Error() string { return "invalid syscall name " + strconv.Quote(string(e)) }
+
+// UnmarshalJSON looks up the syscall number corresponding to name encoded in data
+// by calling [SyscallResolveName].
+func (num *ScmpSyscall) UnmarshalJSON(data []byte) error {
+	var name string
+	if err := json.Unmarshal(data, &name); err != nil {
+		return err
+	}
+	if n, ok := SyscallResolveName(name); !ok {
+		return SyscallNameError(name)
+	} else {
+		*num = ScmpSyscall(n)
+		return nil
+	}
+}

container/std/seccomp_test.go

@@ -0,0 +1,63 @@
+package std_test
+
+import (
+	"encoding/json"
+	"errors"
+	"math"
+	"reflect"
+	"syscall"
+	"testing"
+
+	"hakurei.app/container/std"
+)
+
+func TestScmpSyscall(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		name string
+		data string
+		want std.ScmpSyscall
+		err  error
+	}{
+		{"select", `"select"`, syscall.SYS_SELECT, nil},
+		{"clone3", `"clone3"`, std.SYS_CLONE3, nil},
+
+		{"oob", `-2147483647`, -math.MaxInt32,
+			&json.UnmarshalTypeError{Value: "number", Type: reflect.TypeFor[string](), Offset: 11}},
+		{"name", `"nonexistent_syscall"`, -math.MaxInt32,
+			std.SyscallNameError("nonexistent_syscall")},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			t.Run("decode", func(t *testing.T) {
+				var got std.ScmpSyscall
+				if err := json.Unmarshal([]byte(tc.data), &got); !reflect.DeepEqual(err, tc.err) {
+					t.Fatalf("Unmarshal: error = %#v, want %#v", err, tc.err)
+				} else if err == nil && got != tc.want {
+					t.Errorf("Unmarshal: %v, want %v", got, tc.want)
+				}
+			})
+			if errors.As(tc.err, new(std.SyscallNameError)) {
+				return
+			}
+
+			t.Run("encode", func(t *testing.T) {
+				if got, err := json.Marshal(&tc.want); err != nil {
+					t.Fatalf("Marshal: error = %v", err)
+				} else if string(got) != tc.data {
+					t.Errorf("Marshal: %s, want %s", string(got), tc.data)
+				}
+			})
+		})
+	}
+
+	t.Run("error", func(t *testing.T) {
+		const want = `invalid syscall name "\x00"`
+		if got := std.SyscallNameError("\x00").Error(); got != want {
+			t.Fatalf("Error: %q, want %q", got, want)
+		}
+	})
+}

container/std/syscall.go

@@ -1,4 +1,4 @@
-package seccomp
+package std
 
 import "iter"
 

container/std/syscall_extra_linux_386.go

@@ -0,0 +1,13 @@
+package std
+
+var syscallNumExtra = map[string]int{
+	"kexec_file_load": SYS_KEXEC_FILE_LOAD,
+	"subpage_prot":    SYS_SUBPAGE_PROT,
+	"switch_endian":   SYS_SWITCH_ENDIAN,
+}
+
+const (
+	SYS_KEXEC_FILE_LOAD = __PNR_kexec_file_load
+	SYS_SUBPAGE_PROT    = __PNR_subpage_prot
+	SYS_SWITCH_ENDIAN   = __PNR_switch_endian
+)

container/std/syscall_extra_linux_amd64.go

@@ -0,0 +1,41 @@
+package std
+
+var syscallNumExtra = map[string]int{
+	"umount":          SYS_UMOUNT,
+	"subpage_prot":    SYS_SUBPAGE_PROT,
+	"switch_endian":   SYS_SWITCH_ENDIAN,
+	"vm86":            SYS_VM86,
+	"vm86old":         SYS_VM86OLD,
+	"clock_adjtime64": SYS_CLOCK_ADJTIME64,
+	"clock_settime64": SYS_CLOCK_SETTIME64,
+	"chown32":         SYS_CHOWN32,
+	"fchown32":        SYS_FCHOWN32,
+	"lchown32":        SYS_LCHOWN32,
+	"setgid32":        SYS_SETGID32,
+	"setgroups32":     SYS_SETGROUPS32,
+	"setregid32":      SYS_SETREGID32,
+	"setresgid32":     SYS_SETRESGID32,
+	"setresuid32":     SYS_SETRESUID32,
+	"setreuid32":      SYS_SETREUID32,
+	"setuid32":        SYS_SETUID32,
+}
+
+const (
+	SYS_UMOUNT          = __PNR_umount
+	SYS_SUBPAGE_PROT    = __PNR_subpage_prot
+	SYS_SWITCH_ENDIAN   = __PNR_switch_endian
+	SYS_VM86            = __PNR_vm86
+	SYS_VM86OLD         = __PNR_vm86old
+	SYS_CLOCK_ADJTIME64 = __PNR_clock_adjtime64
+	SYS_CLOCK_SETTIME64 = __PNR_clock_settime64
+	SYS_CHOWN32         = __PNR_chown32
+	SYS_FCHOWN32        = __PNR_fchown32
+	SYS_LCHOWN32        = __PNR_lchown32
+	SYS_SETGID32        = __PNR_setgid32
+	SYS_SETGROUPS32     = __PNR_setgroups32
+	SYS_SETREGID32      = __PNR_setregid32
+	SYS_SETRESGID32     = __PNR_setresgid32
+	SYS_SETRESUID32     = __PNR_setresuid32
+	SYS_SETREUID32      = __PNR_setreuid32
+	SYS_SETUID32        = __PNR_setuid32
+)

container/std/syscall_extra_linux_arm64.go

@@ -0,0 +1,55 @@
+package std
+
+import "syscall"
+
+const (
+	SYS_NEWFSTATAT = syscall.SYS_FSTATAT
+)
+
+var syscallNumExtra = map[string]int{
+	"uselib":          SYS_USELIB,
+	"clock_adjtime64": SYS_CLOCK_ADJTIME64,
+	"clock_settime64": SYS_CLOCK_SETTIME64,
+	"umount":          SYS_UMOUNT,
+	"chown":           SYS_CHOWN,
+	"chown32":         SYS_CHOWN32,
+	"fchown32":        SYS_FCHOWN32,
+	"lchown":          SYS_LCHOWN,
+	"lchown32":        SYS_LCHOWN32,
+	"setgid32":        SYS_SETGID32,
+	"setgroups32":     SYS_SETGROUPS32,
+	"setregid32":      SYS_SETREGID32,
+	"setresgid32":     SYS_SETRESGID32,
+	"setresuid32":     SYS_SETRESUID32,
+	"setreuid32":      SYS_SETREUID32,
+	"setuid32":        SYS_SETUID32,
+	"modify_ldt":      SYS_MODIFY_LDT,
+	"subpage_prot":    SYS_SUBPAGE_PROT,
+	"switch_endian":   SYS_SWITCH_ENDIAN,
+	"vm86":            SYS_VM86,
+	"vm86old":         SYS_VM86OLD,
+}
+
+const (
+	SYS_USELIB          = __PNR_uselib
+	SYS_CLOCK_ADJTIME64 = __PNR_clock_adjtime64
+	SYS_CLOCK_SETTIME64 = __PNR_clock_settime64
+	SYS_UMOUNT          = __PNR_umount
+	SYS_CHOWN           = __PNR_chown
+	SYS_CHOWN32         = __PNR_chown32
+	SYS_FCHOWN32        = __PNR_fchown32
+	SYS_LCHOWN          = __PNR_lchown
+	SYS_LCHOWN32        = __PNR_lchown32
+	SYS_SETGID32        = __PNR_setgid32
+	SYS_SETGROUPS32     = __PNR_setgroups32
+	SYS_SETREGID32      = __PNR_setregid32
+	SYS_SETRESGID32     = __PNR_setresgid32
+	SYS_SETRESUID32     = __PNR_setresuid32
+	SYS_SETREUID32      = __PNR_setreuid32
+	SYS_SETUID32        = __PNR_setuid32
+	SYS_MODIFY_LDT      = __PNR_modify_ldt
+	SYS_SUBPAGE_PROT    = __PNR_subpage_prot
+	SYS_SWITCH_ENDIAN   = __PNR_switch_endian
+	SYS_VM86            = __PNR_vm86
+	SYS_VM86OLD         = __PNR_vm86old
+)

container/std/syscall_linux_386.go

@@ -0,0 +1,579 @@
+// mksysnum_linux.pl /usr/include/asm/unistd_32.h
+// Code generated by the command above; DO NOT EDIT.
+
+package std
+
+import . "syscall"
+
+var syscallNum = map[string]int{
+	"restart_syscall":              SYS_RESTART_SYSCALL,
+	"exit":                         SYS_EXIT,
+	"fork":                         SYS_FORK,
+	"read":                         SYS_READ,
+	"write":                        SYS_WRITE,
+	"open":                         SYS_OPEN,
+	"close":                        SYS_CLOSE,
+	"waitpid":                      SYS_WAITPID,
+	"creat":                        SYS_CREAT,
+	"link":                         SYS_LINK,
+	"unlink":                       SYS_UNLINK,
+	"execve":                       SYS_EXECVE,
+	"chdir":                        SYS_CHDIR,
+	"time":                         SYS_TIME,
+	"mknod":                        SYS_MKNOD,
+	"chmod":                        SYS_CHMOD,
+	"lchown":                       SYS_LCHOWN,
+	"break":                        SYS_BREAK,
+	"oldstat":                      SYS_OLDSTAT,
+	"lseek":                        SYS_LSEEK,
+	"getpid":                       SYS_GETPID,
+	"mount":                        SYS_MOUNT,
+	"umount":                       SYS_UMOUNT,
+	"setuid":                       SYS_SETUID,
+	"getuid":                       SYS_GETUID,
+	"stime":                        SYS_STIME,
+	"ptrace":                       SYS_PTRACE,
+	"alarm":                        SYS_ALARM,
+	"oldfstat":                     SYS_OLDFSTAT,
+	"pause":                        SYS_PAUSE,
+	"utime":                        SYS_UTIME,
+	"stty":                         SYS_STTY,
+	"gtty":                         SYS_GTTY,
+	"access":                       SYS_ACCESS,
+	"nice":                         SYS_NICE,
+	"ftime":                        SYS_FTIME,
+	"sync":                         SYS_SYNC,
+	"kill":                         SYS_KILL,
+	"rename":                       SYS_RENAME,
+	"mkdir":                        SYS_MKDIR,
+	"rmdir":                        SYS_RMDIR,
+	"dup":                          SYS_DUP,
+	"pipe":                         SYS_PIPE,
+	"times":                        SYS_TIMES,
+	"prof":                         SYS_PROF,
+	"brk":                          SYS_BRK,
+	"setgid":                       SYS_SETGID,
+	"getgid":                       SYS_GETGID,
+	"signal":                       SYS_SIGNAL,
+	"geteuid":                      SYS_GETEUID,
+	"getegid":                      SYS_GETEGID,
+	"acct":                         SYS_ACCT,
+	"umount2":                      SYS_UMOUNT2,
+	"lock":                         SYS_LOCK,
+	"ioctl":                        SYS_IOCTL,
+	"fcntl":                        SYS_FCNTL,
+	"mpx":                          SYS_MPX,
+	"setpgid":                      SYS_SETPGID,
+	"ulimit":                       SYS_ULIMIT,
+	"oldolduname":                  SYS_OLDOLDUNAME,
+	"umask":                        SYS_UMASK,
+	"chroot":                       SYS_CHROOT,
+	"ustat":                        SYS_USTAT,
+	"dup2":                         SYS_DUP2,
+	"getppid":                      SYS_GETPPID,
+	"getpgrp":                      SYS_GETPGRP,
+	"setsid":                       SYS_SETSID,
+	"sigaction":                    SYS_SIGACTION,
+	"sgetmask":                     SYS_SGETMASK,
+	"ssetmask":                     SYS_SSETMASK,
+	"setreuid":                     SYS_SETREUID,
+	"setregid":                     SYS_SETREGID,
+	"sigsuspend":                   SYS_SIGSUSPEND,
+	"sigpending":                   SYS_SIGPENDING,
+	"sethostname":                  SYS_SETHOSTNAME,
+	"setrlimit":                    SYS_SETRLIMIT,
+	"getrlimit":                    SYS_GETRLIMIT,
+	"getrusage":                    SYS_GETRUSAGE,
+	"gettimeofday":                 SYS_GETTIMEOFDAY,
+	"settimeofday":                 SYS_SETTIMEOFDAY,
+	"getgroups":                    SYS_GETGROUPS,
+	"setgroups":                    SYS_SETGROUPS,
+	"select":                       SYS_SELECT,
+	"symlink":                      SYS_SYMLINK,
+	"oldlstat":                     SYS_OLDLSTAT,
+	"readlink":                     SYS_READLINK,
+	"uselib":                       SYS_USELIB,
+	"swapon":                       SYS_SWAPON,
+	"reboot":                       SYS_REBOOT,
+	"readdir":                      SYS_READDIR,
+	"mmap":                         SYS_MMAP,
+	"munmap":                       SYS_MUNMAP,
+	"truncate":                     SYS_TRUNCATE,
+	"ftruncate":                    SYS_FTRUNCATE,
+	"fchmod":                       SYS_FCHMOD,
+	"fchown":                       SYS_FCHOWN,
+	"getpriority":                  SYS_GETPRIORITY,
+	"setpriority":                  SYS_SETPRIORITY,
+	"profil":                       SYS_PROFIL,
+	"statfs":                       SYS_STATFS,
+	"fstatfs":                      SYS_FSTATFS,
+	"ioperm":                       SYS_IOPERM,
+	"socketcall":                   SYS_SOCKETCALL,
+	"syslog":                       SYS_SYSLOG,
+	"setitimer":                    SYS_SETITIMER,
+	"getitimer":                    SYS_GETITIMER,
+	"stat":                         SYS_STAT,
+	"lstat":                        SYS_LSTAT,
+	"fstat":                        SYS_FSTAT,
+	"olduname":                     SYS_OLDUNAME,
+	"iopl":                         SYS_IOPL,
+	"vhangup":                      SYS_VHANGUP,
+	"idle":                         SYS_IDLE,
+	"vm86old":                      SYS_VM86OLD,
+	"wait4":                        SYS_WAIT4,
+	"swapoff":                      SYS_SWAPOFF,
+	"sysinfo":                      SYS_SYSINFO,
+	"ipc":                          SYS_IPC,
+	"fsync":                        SYS_FSYNC,
+	"sigreturn":                    SYS_SIGRETURN,
+	"clone":                        SYS_CLONE,
+	"setdomainname":                SYS_SETDOMAINNAME,
+	"uname":                        SYS_UNAME,
+	"modify_ldt":                   SYS_MODIFY_LDT,
+	"adjtimex":                     SYS_ADJTIMEX,
+	"mprotect":                     SYS_MPROTECT,
+	"sigprocmask":                  SYS_SIGPROCMASK,
+	"create_module":                SYS_CREATE_MODULE,
+	"init_module":                  SYS_INIT_MODULE,
+	"delete_module":                SYS_DELETE_MODULE,
+	"get_kernel_syms":              SYS_GET_KERNEL_SYMS,
+	"quotactl":                     SYS_QUOTACTL,
+	"getpgid":                      SYS_GETPGID,
+	"fchdir":                       SYS_FCHDIR,
+	"bdflush":                      SYS_BDFLUSH,
+	"sysfs":                        SYS_SYSFS,
+	"personality":                  SYS_PERSONALITY,
+	"afs_syscall":                  SYS_AFS_SYSCALL,
+	"setfsuid":                     SYS_SETFSUID,
+	"setfsgid":                     SYS_SETFSGID,
+	"_llseek":                      SYS__LLSEEK,
+	"getdents":                     SYS_GETDENTS,
+	"_newselect":                   SYS__NEWSELECT,
+	"flock":                        SYS_FLOCK,
+	"msync":                        SYS_MSYNC,
+	"readv":                        SYS_READV,
+	"writev":                       SYS_WRITEV,
+	"getsid":                       SYS_GETSID,
+	"fdatasync":                    SYS_FDATASYNC,
+	"_sysctl":                      SYS__SYSCTL,
+	"mlock":                        SYS_MLOCK,
+	"munlock":                      SYS_MUNLOCK,
+	"mlockall":                     SYS_MLOCKALL,
+	"munlockall":                   SYS_MUNLOCKALL,
+	"sched_setparam":               SYS_SCHED_SETPARAM,
+	"sched_getparam":               SYS_SCHED_GETPARAM,
+	"sched_setscheduler":           SYS_SCHED_SETSCHEDULER,
+	"sched_getscheduler":           SYS_SCHED_GETSCHEDULER,
+	"sched_yield":                  SYS_SCHED_YIELD,
+	"sched_get_priority_max":       SYS_SCHED_GET_PRIORITY_MAX,
+	"sched_get_priority_min":       SYS_SCHED_GET_PRIORITY_MIN,
+	"sched_rr_get_interval":        SYS_SCHED_RR_GET_INTERVAL,
+	"nanosleep":                    SYS_NANOSLEEP,
+	"mremap":                       SYS_MREMAP,
+	"setresuid":                    SYS_SETRESUID,
+	"getresuid":                    SYS_GETRESUID,
+	"vm86":                         SYS_VM86,
+	"query_module":                 SYS_QUERY_MODULE,
+	"poll":                         SYS_POLL,
+	"nfsservctl":                   SYS_NFSSERVCTL,
+	"setresgid":                    SYS_SETRESGID,
+	"getresgid":                    SYS_GETRESGID,
+	"prctl":                        SYS_PRCTL,
+	"rt_sigreturn":                 SYS_RT_SIGRETURN,
+	"rt_sigaction":                 SYS_RT_SIGACTION,
+	"rt_sigprocmask":               SYS_RT_SIGPROCMASK,
+	"rt_sigpending":                SYS_RT_SIGPENDING,
+	"rt_sigtimedwait":              SYS_RT_SIGTIMEDWAIT,
+	"rt_sigqueueinfo":              SYS_RT_SIGQUEUEINFO,
+	"rt_sigsuspend":                SYS_RT_SIGSUSPEND,
+	"pread64":                      SYS_PREAD64,
+	"pwrite64":                     SYS_PWRITE64,
+	"chown":                        SYS_CHOWN,
+	"getcwd":                       SYS_GETCWD,
+	"capget":                       SYS_CAPGET,
+	"capset":                       SYS_CAPSET,
+	"sigaltstack":                  SYS_SIGALTSTACK,
+	"sendfile":                     SYS_SENDFILE,
+	"getpmsg":                      SYS_GETPMSG,
+	"putpmsg":                      SYS_PUTPMSG,
+	"vfork":                        SYS_VFORK,
+	"ugetrlimit":                   SYS_UGETRLIMIT,
+	"mmap2":                        SYS_MMAP2,
+	"truncate64":                   SYS_TRUNCATE64,
+	"ftruncate64":                  SYS_FTRUNCATE64,
+	"stat64":                       SYS_STAT64,
+	"lstat64":                      SYS_LSTAT64,
+	"fstat64":                      SYS_FSTAT64,
+	"lchown32":                     SYS_LCHOWN32,
+	"getuid32":                     SYS_GETUID32,
+	"getgid32":                     SYS_GETGID32,
+	"geteuid32":                    SYS_GETEUID32,
+	"getegid32":                    SYS_GETEGID32,
+	"setreuid32":                   SYS_SETREUID32,
+	"setregid32":                   SYS_SETREGID32,
+	"getgroups32":                  SYS_GETGROUPS32,
+	"setgroups32":                  SYS_SETGROUPS32,
+	"fchown32":                     SYS_FCHOWN32,
+	"setresuid32":                  SYS_SETRESUID32,
+	"getresuid32":                  SYS_GETRESUID32,
+	"setresgid32":                  SYS_SETRESGID32,
+	"getresgid32":                  SYS_GETRESGID32,
+	"chown32":                      SYS_CHOWN32,
+	"setuid32":                     SYS_SETUID32,
+	"setgid32":                     SYS_SETGID32,
+	"setfsuid32":                   SYS_SETFSUID32,
+	"setfsgid32":                   SYS_SETFSGID32,
+	"pivot_root":                   SYS_PIVOT_ROOT,
+	"mincore":                      SYS_MINCORE,
+	"madvise":                      SYS_MADVISE,
+	"getdents64":                   SYS_GETDENTS64,
+	"fcntl64":                      SYS_FCNTL64,
+	"gettid":                       SYS_GETTID,
+	"readahead":                    SYS_READAHEAD,
+	"setxattr":                     SYS_SETXATTR,
+	"lsetxattr":                    SYS_LSETXATTR,
+	"fsetxattr":                    SYS_FSETXATTR,
+	"getxattr":                     SYS_GETXATTR,
+	"lgetxattr":                    SYS_LGETXATTR,
+	"fgetxattr":                    SYS_FGETXATTR,
+	"listxattr":                    SYS_LISTXATTR,
+	"llistxattr":                   SYS_LLISTXATTR,
+	"flistxattr":                   SYS_FLISTXATTR,
+	"removexattr":                  SYS_REMOVEXATTR,
+	"lremovexattr":                 SYS_LREMOVEXATTR,
+	"fremovexattr":                 SYS_FREMOVEXATTR,
+	"tkill":                        SYS_TKILL,
+	"sendfile64":                   SYS_SENDFILE64,
+	"futex":                        SYS_FUTEX,
+	"sched_setaffinity":            SYS_SCHED_SETAFFINITY,
+	"sched_getaffinity":            SYS_SCHED_GETAFFINITY,
+	"set_thread_area":              SYS_SET_THREAD_AREA,
+	"get_thread_area":              SYS_GET_THREAD_AREA,
+	"io_setup":                     SYS_IO_SETUP,
+	"io_destroy":                   SYS_IO_DESTROY,
+	"io_getevents":                 SYS_IO_GETEVENTS,
+	"io_submit":                    SYS_IO_SUBMIT,
+	"io_cancel":                    SYS_IO_CANCEL,
+	"fadvise64":                    SYS_FADVISE64,
+	"exit_group":                   SYS_EXIT_GROUP,
+	"lookup_dcookie":               SYS_LOOKUP_DCOOKIE,
+	"epoll_create":                 SYS_EPOLL_CREATE,
+	"epoll_ctl":                    SYS_EPOLL_CTL,
+	"epoll_wait":                   SYS_EPOLL_WAIT,
+	"remap_file_pages":             SYS_REMAP_FILE_PAGES,
+	"set_tid_address":              SYS_SET_TID_ADDRESS,
+	"timer_create":                 SYS_TIMER_CREATE,
+	"timer_settime":                SYS_TIMER_SETTIME,
+	"timer_gettime":                SYS_TIMER_GETTIME,
+	"timer_getoverrun":             SYS_TIMER_GETOVERRUN,
+	"timer_delete":                 SYS_TIMER_DELETE,
+	"clock_settime":                SYS_CLOCK_SETTIME,
+	"clock_gettime":                SYS_CLOCK_GETTIME,
+	"clock_getres":                 SYS_CLOCK_GETRES,
+	"clock_nanosleep":              SYS_CLOCK_NANOSLEEP,
+	"statfs64":                     SYS_STATFS64,
+	"fstatfs64":                    SYS_FSTATFS64,
+	"tgkill":                       SYS_TGKILL,
+	"utimes":                       SYS_UTIMES,
+	"fadvise64_64":                 SYS_FADVISE64_64,
+	"vserver":                      SYS_VSERVER,
+	"mbind":                        SYS_MBIND,
+	"get_mempolicy":                SYS_GET_MEMPOLICY,
+	"set_mempolicy":                SYS_SET_MEMPOLICY,
+	"mq_open":                      SYS_MQ_OPEN,
+	"mq_unlink":                    SYS_MQ_UNLINK,
+	"mq_timedsend":                 SYS_MQ_TIMEDSEND,
+	"mq_timedreceive":              SYS_MQ_TIMEDRECEIVE,
+	"mq_notify":                    SYS_MQ_NOTIFY,
+	"mq_getsetattr":                SYS_MQ_GETSETATTR,
+	"kexec_load":                   SYS_KEXEC_LOAD,
+	"waitid":                       SYS_WAITID,
+	"add_key":                      SYS_ADD_KEY,
+	"request_key":                  SYS_REQUEST_KEY,
+	"keyctl":                       SYS_KEYCTL,
+	"ioprio_set":                   SYS_IOPRIO_SET,
+	"ioprio_get":                   SYS_IOPRIO_GET,
+	"inotify_init":                 SYS_INOTIFY_INIT,
+	"inotify_add_watch":            SYS_INOTIFY_ADD_WATCH,
+	"inotify_rm_watch":             SYS_INOTIFY_RM_WATCH,
+	"migrate_pages":                SYS_MIGRATE_PAGES,
+	"openat":                       SYS_OPENAT,
+	"mkdirat":                      SYS_MKDIRAT,
+	"mknodat":                      SYS_MKNODAT,
+	"fchownat":                     SYS_FCHOWNAT,
+	"futimesat":                    SYS_FUTIMESAT,
+	"fstatat64":                    SYS_FSTATAT64,
+	"unlinkat":                     SYS_UNLINKAT,
+	"renameat":                     SYS_RENAMEAT,
+	"linkat":                       SYS_LINKAT,
+	"symlinkat":                    SYS_SYMLINKAT,
+	"readlinkat":                   SYS_READLINKAT,
+	"fchmodat":                     SYS_FCHMODAT,
+	"faccessat":                    SYS_FACCESSAT,
+	"pselect6":                     SYS_PSELECT6,
+	"ppoll":                        SYS_PPOLL,
+	"unshare":                      SYS_UNSHARE,
+	"set_robust_list":              SYS_SET_ROBUST_LIST,
+	"get_robust_list":              SYS_GET_ROBUST_LIST,
+	"splice":                       SYS_SPLICE,
+	"sync_file_range":              SYS_SYNC_FILE_RANGE,
+	"tee":                          SYS_TEE,
+	"vmsplice":                     SYS_VMSPLICE,
+	"move_pages":                   SYS_MOVE_PAGES,
+	"getcpu":                       SYS_GETCPU,
+	"epoll_pwait":                  SYS_EPOLL_PWAIT,
+	"utimensat":                    SYS_UTIMENSAT,
+	"signalfd":                     SYS_SIGNALFD,
+	"timerfd_create":               SYS_TIMERFD_CREATE,
+	"eventfd":                      SYS_EVENTFD,
+	"fallocate":                    SYS_FALLOCATE,
+	"timerfd_settime":              SYS_TIMERFD_SETTIME,
+	"timerfd_gettime":              SYS_TIMERFD_GETTIME,
+	"signalfd4":                    SYS_SIGNALFD4,
+	"eventfd2":                     SYS_EVENTFD2,
+	"epoll_create1":                SYS_EPOLL_CREATE1,
+	"dup3":                         SYS_DUP3,
+	"pipe2":                        SYS_PIPE2,
+	"inotify_init1":                SYS_INOTIFY_INIT1,
+	"preadv":                       SYS_PREADV,
+	"pwritev":                      SYS_PWRITEV,
+	"rt_tgsigqueueinfo":            SYS_RT_TGSIGQUEUEINFO,
+	"perf_event_open":              SYS_PERF_EVENT_OPEN,
+	"recvmmsg":                     __PNR_recvmmsg,
+	"fanotify_init":                SYS_FANOTIFY_INIT,
+	"fanotify_mark":                SYS_FANOTIFY_MARK,
+	"prlimit64":                    SYS_PRLIMIT64,
+	"name_to_handle_at":            SYS_NAME_TO_HANDLE_AT,
+	"open_by_handle_at":            SYS_OPEN_BY_HANDLE_AT,
+	"clock_adjtime":                SYS_CLOCK_ADJTIME,
+	"syncfs":                       SYS_SYNCFS,
+	"sendmmsg":                     __PNR_sendmmsg,
+	"setns":                        SYS_SETNS,
+	"process_vm_readv":             SYS_PROCESS_VM_READV,
+	"process_vm_writev":            SYS_PROCESS_VM_WRITEV,
+	"kcmp":                         SYS_KCMP,
+	"finit_module":                 SYS_FINIT_MODULE,
+	"sched_setattr":                SYS_SCHED_SETATTR,
+	"sched_getattr":                SYS_SCHED_GETATTR,
+	"renameat2":                    SYS_RENAMEAT2,
+	"seccomp":                      SYS_SECCOMP,
+	"getrandom":                    SYS_GETRANDOM,
+	"memfd_create":                 SYS_MEMFD_CREATE,
+	"bpf":                          SYS_BPF,
+	"execveat":                     SYS_EXECVEAT,
+	"socket":                       __PNR_socket,
+	"socketpair":                   __PNR_socketpair,
+	"bind":                         __PNR_bind,
+	"connect":                      __PNR_connect,
+	"listen":                       __PNR_listen,
+	"accept4":                      __PNR_accept4,
+	"getsockopt":                   __PNR_getsockopt,
+	"setsockopt":                   __PNR_setsockopt,
+	"getsockname":                  __PNR_getsockname,
+	"getpeername":                  __PNR_getpeername,
+	"sendto":                       __PNR_sendto,
+	"sendmsg":                      __PNR_sendmsg,
+	"recvfrom":                     __PNR_recvfrom,
+	"recvmsg":                      __PNR_recvmsg,
+	"shutdown":                     __PNR_shutdown,
+	"userfaultfd":                  SYS_USERFAULTFD,
+	"membarrier":                   SYS_MEMBARRIER,
+	"mlock2":                       SYS_MLOCK2,
+	"copy_file_range":              SYS_COPY_FILE_RANGE,
+	"preadv2":                      SYS_PREADV2,
+	"pwritev2":                     SYS_PWRITEV2,
+	"pkey_mprotect":                SYS_PKEY_MPROTECT,
+	"pkey_alloc":                   SYS_PKEY_ALLOC,
+	"pkey_free":                    SYS_PKEY_FREE,
+	"statx":                        SYS_STATX,
+	"arch_prctl":                   SYS_ARCH_PRCTL,
+	"io_pgetevents":                SYS_IO_PGETEVENTS,
+	"rseq":                         SYS_RSEQ,
+	"semget":                       __PNR_semget,
+	"semctl":                       __PNR_semctl,
+	"shmget":                       __PNR_shmget,
+	"shmctl":                       __PNR_shmctl,
+	"shmat":                        __PNR_shmat,
+	"shmdt":                        __PNR_shmdt,
+	"msgget":                       __PNR_msgget,
+	"msgsnd":                       __PNR_msgsnd,
+	"msgrcv":                       __PNR_msgrcv,
+	"msgctl":                       __PNR_msgctl,
+	"clock_gettime64":              SYS_CLOCK_GETTIME64,
+	"clock_settime64":              SYS_CLOCK_SETTIME64,
+	"clock_adjtime64":              SYS_CLOCK_ADJTIME64,
+	"clock_getres_time64":          SYS_CLOCK_GETRES_TIME64,
+	"clock_nanosleep_time64":       SYS_CLOCK_NANOSLEEP_TIME64,
+	"timer_gettime64":              SYS_TIMER_GETTIME64,
+	"timer_settime64":              SYS_TIMER_SETTIME64,
+	"timerfd_gettime64":            SYS_TIMERFD_GETTIME64,
+	"timerfd_settime64":            SYS_TIMERFD_SETTIME64,
+	"utimensat_time64":             SYS_UTIMENSAT_TIME64,
+	"pselect6_time64":              SYS_PSELECT6_TIME64,
+	"ppoll_time64":                 SYS_PPOLL_TIME64,
+	"io_pgetevents_time64":         SYS_IO_PGETEVENTS_TIME64,
+	"recvmmsg_time64":              SYS_RECVMMSG_TIME64,
+	"mq_timedsend_time64":          SYS_MQ_TIMEDSEND_TIME64,
+	"mq_timedreceive_time64":       SYS_MQ_TIMEDRECEIVE_TIME64,
+	"semtimedop_time64":            SYS_SEMTIMEDOP_TIME64,
+	"rt_sigtimedwait_time64":       SYS_RT_SIGTIMEDWAIT_TIME64,
+	"futex_time64":                 SYS_FUTEX_TIME64,
+	"sched_rr_get_interval_time64": SYS_SCHED_RR_GET_INTERVAL_TIME64,
+	"pidfd_send_signal":            SYS_PIDFD_SEND_SIGNAL,
+	"io_uring_setup":               SYS_IO_URING_SETUP,
+	"io_uring_enter":               SYS_IO_URING_ENTER,
+	"io_uring_register":            SYS_IO_URING_REGISTER,
+	"open_tree":                    SYS_OPEN_TREE,
+	"move_mount":                   SYS_MOVE_MOUNT,
+	"fsopen":                       SYS_FSOPEN,
+	"fsconfig":                     SYS_FSCONFIG,
+	"fsmount":                      SYS_FSMOUNT,
+	"fspick":                       SYS_FSPICK,
+	"pidfd_open":                   SYS_PIDFD_OPEN,
+	"clone3":                       SYS_CLONE3,
+	"close_range":                  SYS_CLOSE_RANGE,
+	"openat2":                      SYS_OPENAT2,
+	"pidfd_getfd":                  SYS_PIDFD_GETFD,
+	"faccessat2":                   SYS_FACCESSAT2,
+	"process_madvise":              SYS_PROCESS_MADVISE,
+	"epoll_pwait2":                 SYS_EPOLL_PWAIT2,
+	"mount_setattr":                SYS_MOUNT_SETATTR,
+	"quotactl_fd":                  SYS_QUOTACTL_FD,
+	"landlock_create_ruleset":      SYS_LANDLOCK_CREATE_RULESET,
+	"landlock_add_rule":            SYS_LANDLOCK_ADD_RULE,
+	"landlock_restrict_self":       SYS_LANDLOCK_RESTRICT_SELF,
+	"memfd_secret":                 SYS_MEMFD_SECRET,
+	"process_mrelease":             SYS_PROCESS_MRELEASE,
+	"futex_waitv":                  SYS_FUTEX_WAITV,
+	"set_mempolicy_home_node":      SYS_SET_MEMPOLICY_HOME_NODE,
+	"cachestat":                    SYS_CACHESTAT,
+	"fchmodat2":                    SYS_FCHMODAT2,
+	"map_shadow_stack":             SYS_MAP_SHADOW_STACK,
+	"futex_wake":                   SYS_FUTEX_WAKE,
+	"futex_wait":                   SYS_FUTEX_WAIT,
+	"futex_requeue":                SYS_FUTEX_REQUEUE,
+	"statmount":                    SYS_STATMOUNT,
+	"listmount":                    SYS_LISTMOUNT,
+	"lsm_get_self_attr":            SYS_LSM_GET_SELF_ATTR,
+	"lsm_set_self_attr":            SYS_LSM_SET_SELF_ATTR,
+	"lsm_list_modules":             SYS_LSM_LIST_MODULES,
+	"mseal":                        SYS_MSEAL,
+}
+
+const (
+	SYS_NAME_TO_HANDLE_AT            = 341
+	SYS_OPEN_BY_HANDLE_AT            = 342
+	SYS_CLOCK_ADJTIME                = 343
+	SYS_SYNCFS                       = 344
+	SYS_SENDMMSG                     = 345
+	SYS_SETNS                        = 346
+	SYS_PROCESS_VM_READV             = 347
+	SYS_PROCESS_VM_WRITEV            = 348
+	SYS_KCMP                         = 349
+	SYS_FINIT_MODULE                 = 350
+	SYS_SCHED_SETATTR                = 351
+	SYS_SCHED_GETATTR                = 352
+	SYS_RENAMEAT2                    = 353
+	SYS_SECCOMP                      = 354
+	SYS_GETRANDOM                    = 355
+	SYS_MEMFD_CREATE                 = 356
+	SYS_BPF                          = 357
+	SYS_EXECVEAT                     = 358
+	SYS_SOCKET                       = 359
+	SYS_SOCKETPAIR                   = 360
+	SYS_BIND                         = 361
+	SYS_CONNECT                      = 362
+	SYS_LISTEN                       = 363
+	SYS_ACCEPT4                      = 364
+	SYS_GETSOCKOPT                   = 365
+	SYS_SETSOCKOPT                   = 366
+	SYS_GETSOCKNAME                  = 367
+	SYS_GETPEERNAME                  = 368
+	SYS_SENDTO                       = 369
+	SYS_SENDMSG                      = 370
+	SYS_RECVFROM                     = 371
+	SYS_RECVMSG                      = 372
+	SYS_SHUTDOWN                     = 373
+	SYS_USERFAULTFD                  = 374
+	SYS_MEMBARRIER                   = 375
+	SYS_MLOCK2                       = 376
+	SYS_COPY_FILE_RANGE              = 377
+	SYS_PREADV2                      = 378
+	SYS_PWRITEV2                     = 379
+	SYS_PKEY_MPROTECT                = 380
+	SYS_PKEY_ALLOC                   = 381
+	SYS_PKEY_FREE                    = 382
+	SYS_STATX                        = 383
+	SYS_ARCH_PRCTL                   = 384
+	SYS_IO_PGETEVENTS                = 385
+	SYS_RSEQ                         = 386
+	SYS_SEMGET                       = 393
+	SYS_SEMCTL                       = 394
+	SYS_SHMGET                       = 395
+	SYS_SHMCTL                       = 396
+	SYS_SHMAT                        = 397
+	SYS_SHMDT                        = 398
+	SYS_MSGGET                       = 399
+	SYS_MSGSND                       = 400
+	SYS_MSGRCV                       = 401
+	SYS_MSGCTL                       = 402
+	SYS_CLOCK_GETTIME64              = 403
+	SYS_CLOCK_SETTIME64              = 404
+	SYS_CLOCK_ADJTIME64              = 405
+	SYS_CLOCK_GETRES_TIME64          = 406
+	SYS_CLOCK_NANOSLEEP_TIME64       = 407
+	SYS_TIMER_GETTIME64              = 408
+	SYS_TIMER_SETTIME64              = 409
+	SYS_TIMERFD_GETTIME64            = 410
+	SYS_TIMERFD_SETTIME64            = 411
+	SYS_UTIMENSAT_TIME64             = 412
+	SYS_PSELECT6_TIME64              = 413
+	SYS_PPOLL_TIME64                 = 414
+	SYS_IO_PGETEVENTS_TIME64         = 416
+	SYS_RECVMMSG_TIME64              = 417
+	SYS_MQ_TIMEDSEND_TIME64          = 418
+	SYS_MQ_TIMEDRECEIVE_TIME64       = 419
+	SYS_SEMTIMEDOP_TIME64            = 420
+	SYS_RT_SIGTIMEDWAIT_TIME64       = 421
+	SYS_FUTEX_TIME64                 = 422
+	SYS_SCHED_RR_GET_INTERVAL_TIME64 = 423
+	SYS_PIDFD_SEND_SIGNAL            = 424
+	SYS_IO_URING_SETUP               = 425
+	SYS_IO_URING_ENTER               = 426
+	SYS_IO_URING_REGISTER            = 427
+	SYS_OPEN_TREE                    = 428
+	SYS_MOVE_MOUNT                   = 429
+	SYS_FSOPEN                       = 430
+	SYS_FSCONFIG                     = 431
+	SYS_FSMOUNT                      = 432
+	SYS_FSPICK                       = 433
+	SYS_PIDFD_OPEN                   = 434
+	SYS_CLONE3                       = 435
+	SYS_CLOSE_RANGE                  = 436
+	SYS_OPENAT2                      = 437
+	SYS_PIDFD_GETFD                  = 438
+	SYS_FACCESSAT2                   = 439
+	SYS_PROCESS_MADVISE              = 440
+	SYS_EPOLL_PWAIT2                 = 441
+	SYS_MOUNT_SETATTR                = 442
+	SYS_QUOTACTL_FD                  = 443
+	SYS_LANDLOCK_CREATE_RULESET      = 444
+	SYS_LANDLOCK_ADD_RULE            = 445
+	SYS_LANDLOCK_RESTRICT_SELF       = 446
+	SYS_MEMFD_SECRET                 = 447
+	SYS_PROCESS_MRELEASE             = 448
+	SYS_FUTEX_WAITV                  = 449
+	SYS_SET_MEMPOLICY_HOME_NODE      = 450
+	SYS_CACHESTAT                    = 451
+	SYS_FCHMODAT2                    = 452
+	SYS_MAP_SHADOW_STACK             = 453
+	SYS_FUTEX_WAKE                   = 454
+	SYS_FUTEX_WAIT                   = 455
+	SYS_FUTEX_REQUEUE                = 456
+	SYS_STATMOUNT                    = 457
+	SYS_LISTMOUNT                    = 458
+	SYS_LSM_GET_SELF_ATTR            = 459
+	SYS_LSM_SET_SELF_ATTR            = 460
+	SYS_LSM_LIST_MODULES             = 461
+	SYS_MSEAL                        = 462
+)

container/std/syscall_linux_amd64.go

@@ -1,7 +1,7 @@
 // mksysnum_linux.pl /usr/include/asm/unistd_64.h
 // Code generated by the command above; DO NOT EDIT.
 
-package seccomp
+package std
 
 import . "syscall"
 

container/std/syscall_linux_arm64.go

@@ -1,7 +1,7 @@
 // mksysnum_linux.pl /usr/include/asm/unistd_64.h
 // Code generated by the command above; DO NOT EDIT.
 
-package seccomp
+package std
 
 import . "syscall"
 

container/std/syscall_test.go

@@ -0,0 +1,21 @@
+package std_test
+
+import (
+	"testing"
+
+	"hakurei.app/container/std"
+)
+
+func TestSyscallResolveName(t *testing.T) {
+	t.Parallel()
+
+	for name, want := range std.Syscalls() {
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			if got, ok := std.SyscallResolveName(name); !ok || got != want {
+				t.Errorf("SyscallResolveName(%q) = %d, want %d", name, got, want)
+			}
+		})
+	}
+}

container/stub/errors.go

@@ -13,7 +13,7 @@ var (
 type UniqueError uintptr
 
 func (e UniqueError) Error() string {
-	return "unique error " + strconv.Itoa(int(e)) + " injected by the test suite"
+	return "unique error " + strconv.FormatUint(uint64(e), 10) + " injected by the test suite"
 }
 
 func (e UniqueError) Is(target error) bool {

container/stub/exit.go

@@ -3,10 +3,10 @@ package stub
 import "testing"
 
 // PanicExit is a magic panic value treated as a simulated exit.
-const PanicExit = 0xdeadbeef
+const PanicExit = 0xdead
 
 const (
-	panicFailNow = 0xcafe0000 + iota
+	panicFailNow = 0xcafe0 + iota
 	panicFatal
 	panicFatalf
 )

container/stub/exit_test.go

@@ -53,7 +53,7 @@ func TestHandleExit(t *testing.T) {
 				}
 			}()
 			defer stub.HandleExit(ot)
-			panic(0xcafe0000)
+			panic(0xcafe0)
 		})
 
 		t.Run("Fail", func(t *testing.T) {
@@ -66,7 +66,7 @@ func TestHandleExit(t *testing.T) {
 				}
 			}()
 			defer handleExitNew(ot)
-			panic(0xcafe0000)
+			panic(0xcafe0)
 		})
 	})
 
@@ -82,14 +82,14 @@ func TestHandleExit(t *testing.T) {
 			t.Parallel()
 
 			defer func() {
-				want := 0xcafebabe
+				want := 0xcafe
 				if r := recover(); r != want {
 					t.Errorf("recover: %v, want %v", r, want)
 				}
 
 			}()
 			defer stub.HandleExit(t)
-			panic(0xcafebabe)
+			panic(0xcafe)
 		})
 
 		t.Run("new", func(t *testing.T) {

container/syscall_386.go

@@ -0,0 +1,7 @@
+package container
+
+const (
+	O_PATH = 0x200000
+
+	PR_SET_NO_NEW_PRIVS = 0x26
+)

container/vfs/mountinfo_test.go

@@ -26,11 +26,11 @@ func TestDecoderError(t *testing.T) {
 		target  error
 		targetF error
 	}{
-		{"errno", &vfs.DecoderError{Op: "parse", Line: 0xdeadbeef, Err: syscall.ENOTRECOVERABLE},
-			"parse mountinfo at line 3735928559: state not recoverable", syscall.ENOTRECOVERABLE, syscall.EROFS},
+		{"errno", &vfs.DecoderError{Op: "parse", Line: 0xdead, Err: syscall.ENOTRECOVERABLE},
+			"parse mountinfo at line 57005: state not recoverable", syscall.ENOTRECOVERABLE, syscall.EROFS},
 
-		{"strconv", &vfs.DecoderError{Op: "parse", Line: 0xdeadbeef, Err: &strconv.NumError{Func: "Atoi", Num: "meow", Err: strconv.ErrSyntax}},
-			`parse mountinfo at line 3735928559: numeric field "meow" invalid syntax`, strconv.ErrSyntax, os.ErrInvalid},
+		{"strconv", &vfs.DecoderError{Op: "parse", Line: 0xdead, Err: &strconv.NumError{Func: "Atoi", Num: "meow", Err: strconv.ErrSyntax}},
+			`parse mountinfo at line 57005: numeric field "meow" invalid syntax`, strconv.ErrSyntax, os.ErrInvalid},
 
 		{"unfold", &vfs.DecoderError{Op: "unfold", Line: -1, Err: vfs.UnfoldTargetError("/proc/nonexistent")},
 			"unfold mountinfo: mount point /proc/nonexistent never appeared in mountinfo", vfs.UnfoldTargetError("/proc/nonexistent"), os.ErrNotExist},

flake.nix

@@ -244,10 +244,10 @@
               shellHook = "exec ${pkgs.writeShellScript "generate-syscall-table" ''
                 set -e
                 ${pkgs.perl}/bin/perl \
-                  container/seccomp/mksysnum_linux.pl \
+                  container/std/mksysnum_linux.pl \
                   ${pkgs.linuxHeaders}/include/asm/unistd_64.h | \
                   ${pkgs.go}/bin/gofmt > \
-                  container/seccomp/syscall_linux_${GOARCH.${system}}.go
+                  container/std/syscall_linux_${GOARCH.${system}}.go
               ''}";
             };
         }

hst/config.go

@@ -12,7 +12,7 @@ import (
 type Config struct {
 	// Reverse-DNS style configured arbitrary identifier string.
 	// Passed to wayland security-context-v1 and used as part of defaults in dbus session proxy.
-	ID string `json:"id"`
+	ID string `json:"id,omitempty"`
 
 	// System services to make available in the container.
 	Enablements *Enablements `json:"enablements,omitempty"`
@@ -59,7 +59,7 @@ func (config *Config) Validate() error {
 	}
 
 	// this is checked again in hsu
-	if config.Identity < IdentityMin || config.Identity > IdentityMax {
+	if config.Identity < IdentityStart || config.Identity > IdentityEnd {
 		return &AppError{Step: "validate configuration", Err: ErrIdentityBounds,
 			Msg: "identity " + strconv.Itoa(config.Identity) + " out of range"}
 	}

hst/container.go

@@ -20,11 +20,6 @@ const (
 	WaitDelayDefault = 5 * time.Second
 	// WaitDelayMax is used if WaitDelay exceeds its value.
 	WaitDelayMax = 30 * time.Second
-
-	// IdentityMin is the minimum value of [Config.Identity]. This is enforced by cmd/hsu.
-	IdentityMin = 0
-	// IdentityMax is the maximum value of [Config.Identity]. This is enforced by cmd/hsu.
-	IdentityMax = 9999
 )
 
 const (

hst/enablement_test.go

@@ -80,7 +80,7 @@ func TestEnablements(t *testing.T) {
 
 				if got, err := json.Marshal(struct {
 					Value *hst.Enablements `json:"value"`
-					Magic int              `json:"magic"`
+					Magic uint64           `json:"magic"`
 				}{tc.e, syscall.MS_MGC_VAL}); err != nil {
 					t.Fatalf("Marshal: error = %v", err)
 				} else if string(got) != tc.sData {
@@ -108,7 +108,7 @@ func TestEnablements(t *testing.T) {
 				{
 					got := *(new(struct {
 						Value *hst.Enablements `json:"value"`
-						Magic int              `json:"magic"`
+						Magic uint64           `json:"magic"`
 					}))
 					if err := json.Unmarshal([]byte(tc.sData), &got); err != nil {
 						t.Fatalf("Unmarshal: error = %v", err)

hst/fs_test.go

@@ -241,7 +241,7 @@ func (s stubFS) String() string          { return "<invalid " + s.typeName + ">"
 
 type sCheck struct {
 	FS    hst.FilesystemConfigJSON `json:"fs"`
-	Magic int                      `json:"magic"`
+	Magic uint64                   `json:"magic"`
 }
 
 type fsTestCase struct {

hst/fsbind.go

@@ -5,8 +5,8 @@ import (
 	"strings"
 
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/fhs"
+	"hakurei.app/container/std"
 )
 
 func init() { gob.Register(new(FSBind)) }
@@ -97,16 +97,16 @@ func (b *FSBind) Apply(z *ApplyState) {
 	}
 	var flags int
 	if b.Write {
-		flags |= comp.BindWritable
+		flags |= std.BindWritable
 	}
 	if b.Device {
-		flags |= comp.BindDevice | comp.BindWritable
+		flags |= std.BindDevice | std.BindWritable
 	}
 	if b.Ensure {
-		flags |= comp.BindEnsure
+		flags |= std.BindEnsure
 	}
 	if b.Optional {
-		flags |= comp.BindOptional
+		flags |= std.BindOptional
 	}
 
 	switch {

hst/fsbind_test.go

@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"hakurei.app/container"
-	"hakurei.app/container/comp"
+	"hakurei.app/container/std"
 	"hakurei.app/hst"
 )
 
@@ -24,7 +24,7 @@ func TestFSBind(t *testing.T) {
 		}, true, container.Ops{&container.BindMountOp{
 			Source: m("/mnt/dev"),
 			Target: m("/dev"),
-			Flags:  comp.BindWritable | comp.BindDevice | comp.BindOptional,
+			Flags:  std.BindWritable | std.BindDevice | std.BindOptional,
 		}}, m("/dev"), ms("/mnt/dev"),
 			"d+/mnt/dev:/dev"},
 
@@ -36,7 +36,7 @@ func TestFSBind(t *testing.T) {
 		}, true, container.Ops{&container.BindMountOp{
 			Source: m("/mnt/dev"),
 			Target: m("/dev"),
-			Flags:  comp.BindWritable | comp.BindDevice | comp.BindEnsure,
+			Flags:  std.BindWritable | std.BindDevice | std.BindEnsure,
 		}}, m("/dev"), ms("/mnt/dev"),
 			"d-/mnt/dev:/dev"},
 
@@ -48,7 +48,7 @@ func TestFSBind(t *testing.T) {
 		}, true, container.Ops{&container.BindMountOp{
 			Source: m("/mnt/dev"),
 			Target: m("/dev"),
-			Flags:  comp.BindWritable | comp.BindDevice,
+			Flags:  std.BindWritable | std.BindDevice,
 		}}, m("/dev"), ms("/mnt/dev"),
 			"d*/mnt/dev:/dev"},
 
@@ -59,7 +59,7 @@ func TestFSBind(t *testing.T) {
 		}, true, container.Ops{&container.BindMountOp{
 			Source: m("/mnt/tmp"),
 			Target: m("/tmp"),
-			Flags:  comp.BindWritable,
+			Flags:  std.BindWritable,
 		}}, m("/tmp"), ms("/mnt/tmp"),
 			"w*/mnt/tmp:/tmp"},
 
@@ -98,7 +98,7 @@ func TestFSBind(t *testing.T) {
 			Special: true,
 		}, true, container.Ops{&container.AutoRootOp{
 			Host:  m("/"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}}, m("/"), ms("/"), "autoroot:w"},
 
 		{"autoroot silly", &hst.FSBind{
@@ -108,7 +108,7 @@ func TestFSBind(t *testing.T) {
 			Special: true,
 		}, true, container.Ops{&container.AutoRootOp{
 			Host:  m("/etc"),
-			Flags: comp.BindWritable,
+			Flags: std.BindWritable,
 		}}, m("/"), ms("/etc"), "autoroot:w:/etc"},
 
 		{"autoetc", &hst.FSBind{

hst/grp_pwd.go

@@ -0,0 +1,61 @@
+package hst
+
+import (
+	"fmt"
+	"strconv"
+)
+
+const (
+	// UserOffset is the offset for UID and GID ranges for each user.
+	UserOffset = 100000
+	// RangeSize is the size of each UID and GID range.
+	RangeSize = UserOffset / 10
+
+	// IdentityStart is the first [Config.Identity] value. This is enforced in cmd/hsu.
+	IdentityStart = 0
+	// IdentityEnd is the last [Config.Identity] value. This is enforced in cmd/hsu.
+	IdentityEnd = AppEnd - AppStart
+
+	// AppStart is the first app user UID and GID.
+	AppStart = RangeSize * 1
+	// AppEnd is the last app user UID and GID.
+	AppEnd = AppStart + RangeSize - 1
+
+	/* these are for Rosa OS: use the ranges below to determine whether a process is isolated */
+
+	// IsolatedStart is the start of UID and GID for fully isolated sandboxed processes.
+	IsolatedStart = RangeSize * 9
+	// IsolatedEnd is the end of UID and GID for fully isolated sandboxed processes.
+	IsolatedEnd = IsolatedStart + RangeSize - 1
+)
+
+// A UID represents a kernel uid in the init namespace.
+type UID uint32
+
+// String returns the username corresponding to this uid.
+//
+// Not safe against untrusted input.
+func (uid UID) String() string {
+	appid := uid % UserOffset
+	userid := uid / UserOffset
+	if appid >= IsolatedStart && appid <= IsolatedEnd {
+		return fmt.Sprintf("u%d_i%d", userid, appid-IsolatedStart)
+	} else if appid >= AppStart && appid <= AppEnd {
+		return fmt.Sprintf("u%d_a%d", userid, appid-AppStart)
+	} else {
+		return strconv.Itoa(int(uid))
+	}
+}
+
+// A GID represents a kernel gid in the init namespace.
+type GID uint32
+
+// String returns the group name corresponding to this gid.
+//
+// Not safe against untrusted input.
+func (gid GID) String() string { return UID(gid).String() }
+
+// ToUser returns a [hst.UID] value from userid and appid.
+//
+// Not safe against untrusted input.
+func ToUser[U int | uint32](userid, appid U) U { return userid*UserOffset + AppStart + appid }

hst/grp_pwd_test.go

@@ -0,0 +1,40 @@
+package hst_test
+
+import (
+	"strconv"
+	"testing"
+
+	"hakurei.app/hst"
+)
+
+func TestUIDString(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		val  uint32
+		want string
+	}{
+		{hst.AppStart + hst.IdentityStart, "u0_a0"},                           // uidStart
+		{hst.ToUser[uint32](hst.RangeSize-1, hst.IdentityEnd), "u9999_a9999"}, // uidEnd
+
+		{hst.IsolatedStart + hst.IdentityStart, "u0_i0"},                    // isolatedStart
+		{(hst.RangeSize-1)*hst.UserOffset + hst.IsolatedEnd, "u9999_i9999"}, // isolatedEnd
+
+		{hst.ToUser[uint32](10, 127), "u10_a127"},
+		{hst.ToUser[uint32](11, 127), "u11_a127"},
+
+		{0, "0"}, // out of bounds
+	}
+	for _, tc := range testCases {
+		t.Run(strconv.Itoa(int(tc.val)), func(t *testing.T) {
+			t.Parallel()
+
+			if got := hst.UID(tc.val).String(); got != tc.want {
+				t.Fatalf("UID.String: %q, want %q", got, tc.want)
+			}
+			if got := hst.GID(tc.val).String(); got != tc.want {
+				t.Fatalf("GID.String: %q, want %q", got, tc.want)
+			}
+		})
+	}
+}

internal/env/env.go

@@ -29,12 +29,11 @@ func (env *Paths) Copy(v *hst.Paths, userid int) {
 
 	if env.RuntimePath == nil {
 		// fall back to path in share since hakurei has no hard XDG dependency
-		v.RunDirPath = v.SharePath.Append("run")
-		v.RuntimePath = v.RunDirPath.Append("compat")
+		v.RuntimePath = v.SharePath.Append("compat")
 	} else {
 		v.RuntimePath = env.RuntimePath
-		v.RunDirPath = env.RuntimePath.Append("hakurei")
 	}
+	v.RunDirPath = v.RuntimePath.Append("hakurei")
 }
 
 // CopyPaths returns a populated [Paths].

internal/env/env_test.go

@@ -34,9 +34,9 @@ func TestPaths(t *testing.T) {
 			TempDir: fhs.AbsTmp,
 		}, hst.Paths{
 			TempDir:     fhs.AbsTmp,
-			SharePath:   fhs.AbsTmp.Append("hakurei.3735928559"),
-			RuntimePath: fhs.AbsTmp.Append("hakurei.3735928559/run/compat"),
-			RunDirPath:  fhs.AbsTmp.Append("hakurei.3735928559/run"),
+			SharePath:   fhs.AbsTmp.Append("hakurei.57005"),
+			RuntimePath: fhs.AbsTmp.Append("hakurei.57005/compat"),
+			RunDirPath:  fhs.AbsTmp.Append("hakurei.57005/compat/hakurei"),
 		}, ""},
 
 		{"full", &env.Paths{
@@ -44,7 +44,7 @@ func TestPaths(t *testing.T) {
 			RuntimePath: fhs.AbsRunUser.Append("1000"),
 		}, hst.Paths{
 			TempDir:     fhs.AbsTmp,
-			SharePath:   fhs.AbsTmp.Append("hakurei.3735928559"),
+			SharePath:   fhs.AbsTmp.Append("hakurei.57005"),
 			RuntimePath: fhs.AbsRunUser.Append("1000"),
 			RunDirPath:  fhs.AbsRunUser.Append("1000/hakurei"),
 		}, ""},
@@ -61,7 +61,7 @@ func TestPaths(t *testing.T) {
 			}
 
 			var sc hst.Paths
-			tc.env.Copy(&sc, 0xdeadbeef)
+			tc.env.Copy(&sc, 0xdead)
 			if !reflect.DeepEqual(&sc, &tc.want) {
 				t.Errorf("Copy: %#v, want %#v", sc, tc.want)
 			}

internal/outcome/dispatcher.go

@@ -13,6 +13,7 @@ import (
 	"hakurei.app/container"
 	"hakurei.app/container/check"
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/internal"
 	"hakurei.app/message"
 	"hakurei.app/system/dbus"
@@ -32,6 +33,8 @@ type syscallDispatcher interface {
 	// just synchronising access is not enough, as this is for test instrumentation.
 	new(f func(k syscallDispatcher, msg message.Msg))
 
+	// getppid provides [os.Getppid].
+	getppid() int
 	// getpid provides [os.Getpid].
 	getpid() int
 	// getuid provides [os.Getuid].
@@ -84,7 +87,7 @@ type syscallDispatcher interface {
 	containerWait(z *container.Container) error
 
 	// seccompLoad provides [seccomp.Load].
-	seccompLoad(rules []seccomp.NativeRule, flags seccomp.ExportFlag) error
+	seccompLoad(rules []std.NativeRule, flags seccomp.ExportFlag) error
 
 	// mustHsuPath provides [internal.MustHsuPath].
 	mustHsuPath() *check.Absolute
@@ -108,6 +111,7 @@ type direct struct{ msg message.Msg }
 
 func (k direct) new(f func(k syscallDispatcher, msg message.Msg)) { go f(k, k.msg) }
 
+func (direct) getppid() int                               { return os.Getppid() }
 func (direct) getpid() int                                { return os.Getpid() }
 func (direct) getuid() int                                { return os.Getuid() }
 func (direct) getgid() int                                { return os.Getgid() }
@@ -148,7 +152,7 @@ func (direct) containerStart(z *container.Container) error { return z.Start() }
 func (direct) containerServe(z *container.Container) error { return z.Serve() }
 func (direct) containerWait(z *container.Container) error  { return z.Wait() }
 
-func (direct) seccompLoad(rules []seccomp.NativeRule, flags seccomp.ExportFlag) error {
+func (direct) seccompLoad(rules []std.NativeRule, flags seccomp.ExportFlag) error {
 	return seccomp.Load(rules, flags)
 }
 

internal/outcome/dispatcher_test.go

@@ -21,6 +21,7 @@ import (
 	"hakurei.app/container"
 	"hakurei.app/container/check"
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/container/stub"
 	"hakurei.app/hst"
 	"hakurei.app/message"
@@ -35,7 +36,7 @@ func call(name string, args stub.ExpectArgs, ret any, err error) stub.Call {
 
 const (
 	// checkExpectUid is the uid value used by checkOpBehaviour to initialise [system.I].
-	checkExpectUid = 0xcafebabe
+	checkExpectUid = 0xcafe
 	// wantAutoEtcPrefix is the autoetc prefix corresponding to checkExpectInstanceId.
 	wantAutoEtcPrefix = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
 	// wantInstancePrefix is the SharePath corresponding to checkExpectInstanceId.
@@ -331,6 +332,7 @@ func (k *kstub) new(f func(k syscallDispatcher, msg message.Msg)) {
 	k.New(func(k syscallDispatcher) { f(k, k.(*kstub)) })
 }
 
+func (k *kstub) getppid() int { k.Helper(); return k.Expects("getppid").Ret.(int) }
 func (k *kstub) getpid() int  { k.Helper(); return k.Expects("getpid").Ret.(int) }
 func (k *kstub) getuid() int  { k.Helper(); return k.Expects("getuid").Ret.(int) }
 func (k *kstub) getgid() int  { k.Helper(); return k.Expects("getgid").Ret.(int) }
@@ -434,7 +436,7 @@ func (k *kstub) containerWait(z *container.Container) error {
 	return k.expectCheckContainer(k.Expects("containerWait"), z)
 }
 
-func (k *kstub) seccompLoad(rules []seccomp.NativeRule, flags seccomp.ExportFlag) error {
+func (k *kstub) seccompLoad(rules []std.NativeRule, flags seccomp.ExportFlag) error {
 	k.Helper()
 	return k.Expects("seccompLoad").Error(
 		stub.CheckArgReflect(k.Stub, "rules", rules, 0),
@@ -689,6 +691,7 @@ func (panicMsgContext) Value(any) any               { panic("unreachable") }
 type panicDispatcher struct{}
 
 func (panicDispatcher) new(func(k syscallDispatcher, msg message.Msg))      { panic("unreachable") }
+func (panicDispatcher) getppid() int                                        { panic("unreachable") }
 func (panicDispatcher) getpid() int                                         { panic("unreachable") }
 func (panicDispatcher) getuid() int                                         { panic("unreachable") }
 func (panicDispatcher) getgid() int                                         { panic("unreachable") }
@@ -720,6 +723,6 @@ func (panicDispatcher) fatalf(string, ...any)                               { pa
 func (panicDispatcher) notifyContext(context.Context, ...os.Signal) (context.Context, context.CancelFunc) {
 	panic("unreachable")
 }
-func (panicDispatcher) seccompLoad([]seccomp.NativeRule, seccomp.ExportFlag) error {
+func (panicDispatcher) seccompLoad([]std.NativeRule, seccomp.ExportFlag) error {
 	panic("unreachable")
 }

internal/outcome/finalise.go

@@ -6,7 +6,6 @@ import (
 	"fmt"
 	"os"
 	"os/user"
-	"sync/atomic"
 
 	"hakurei.app/hst"
 	"hakurei.app/message"
@@ -26,12 +25,9 @@ type outcome struct {
 	sys *system.I
 	// Transmitted to shim. Populated during finalise.
 	state *outcomeState
-	// Kept for saving to [state].
+	// Retained for registering current instance.
 	config *hst.Config
 
-	// Whether the current process is in outcome.main.
-	active atomic.Bool
-
 	ctx context.Context
 	syscallDispatcher
 }

internal/outcome/hsu.go

@@ -86,16 +86,12 @@ func (h *Hsu) MustID(msg message.Msg) int {
 			msg.Verbose("*"+fallback, err)
 		}
 		os.Exit(1)
-		return -0xdeadbeef // not reached
+		return -0xbad // not reached
 	} else if m, ok := message.GetMessage(err); ok {
 		log.Fatal(m)
-		return -0xdeadbeef // not reached
+		return -0xbad // not reached
 	} else {
 		log.Fatalln(fallback, err)
-		return -0xdeadbeef // not reached
+		return -0xbad // not reached
 	}
 }
-
-// HsuUid returns target uid for the stable hsu uid format.
-// No bounds check is performed, a value retrieved by [Hsu] is expected.
-func HsuUid(id, identity int) int { return 1000000 + id*10000 + identity }

internal/outcome/main.go

@@ -3,6 +3,7 @@ package outcome
 import (
 	"context"
 	"log"
+	"time"
 
 	"hakurei.app/hst"
 	"hakurei.app/message"
@@ -16,10 +17,13 @@ func Main(ctx context.Context, msg message.Msg, config *hst.Config) {
 	}
 
 	seal := outcome{syscallDispatcher: direct{msg}}
+
+	finaliseTime := time.Now()
 	if err := seal.finalise(ctx, msg, &id, config); err != nil {
 		printMessageError(msg.GetLogger().Fatalln, "cannot seal app:", err)
 		panic("unreachable")
 	}
+	msg.Verbosef("finalise took %.2f ms", float64(time.Since(finaliseTime).Nanoseconds())/1e6)
 
 	seal.main(msg)
 	panic("unreachable")

internal/outcome/main_test.go

@@ -17,9 +17,9 @@ import (
 
 	"hakurei.app/container"
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/fhs"
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/hst"
 	"hakurei.app/message"
 	"hakurei.app/system"
@@ -29,7 +29,7 @@ import (
 
 func TestOutcomeMain(t *testing.T) {
 	t.Parallel()
-	msg := message.NewMsg(nil)
+	msg := message.New(nil)
 	msg.SwapVerbose(testing.Verbose())
 
 	testCases := []struct {
@@ -40,7 +40,7 @@ func TestOutcomeMain(t *testing.T) {
 		wantSys    *system.I
 		wantParams *container.Params
 	}{
-		{"template", new(stubNixOS), hst.Template(), checkExpectInstanceId, system.New(panicMsgContext{}, message.NewMsg(nil), 1000009).
+		{"template", new(stubNixOS), hst.Template(), checkExpectInstanceId, system.New(panicMsgContext{}, message.New(nil), 10009).
 			// spParamsOp
 			Ensure(m("/tmp/hakurei.0"), 0711).
 
@@ -68,10 +68,10 @@ func TestOutcomeMain(t *testing.T) {
 			).
 
 			// ensureRuntimeDir
-			Ensure(m("/run/user/1971/hakurei"), 0700).
-			UpdatePermType(system.User, m("/run/user/1971/hakurei"), acl.Execute).
 			Ensure(m("/run/user/1971"), 0700).
 			UpdatePermType(system.User, m("/run/user/1971"), acl.Execute).
+			Ensure(m("/run/user/1971/hakurei"), 0700).
+			UpdatePermType(system.User, m("/run/user/1971/hakurei"), acl.Execute).
 
 			// runtime
 			Ephemeral(system.Process, m("/run/user/1971/hakurei/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), 0700).
@@ -136,19 +136,19 @@ func TestOutcomeMain(t *testing.T) {
 
 			Ops: new(container.Ops).
 				// resolveRoot
-				Root(m("/var/lib/hakurei/base/org.debian"), comp.BindWritable).
+				Root(m("/var/lib/hakurei/base/org.debian"), std.BindWritable).
 				// spParamsOp
 				Proc(fhs.AbsProc).
 				Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
-				Bind(fhs.AbsDev, fhs.AbsDev, comp.BindWritable|comp.BindDevice).
+				Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice).
 				Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777).
 
 				// spRuntimeOp
 				Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
-				Bind(m("/tmp/hakurei.0/runtime/9"), m("/run/user/1971"), comp.BindWritable).
+				Bind(m("/tmp/hakurei.0/runtime/9"), m("/run/user/1971"), std.BindWritable).
 
 				// spTmpdirOp
-				Bind(m("/tmp/hakurei.0/tmpdir/9"), fhs.AbsTmp, comp.BindWritable).
+				Bind(m("/tmp/hakurei.0/tmpdir/9"), fhs.AbsTmp, std.BindWritable).
 
 				// spAccountOp
 				Place(m("/etc/passwd"), []byte("chronos:x:1971:100:Hakurei:/data/data/org.chromium.Chromium:/run/current-system/sw/bin/zsh\n")).
@@ -176,9 +176,9 @@ func TestOutcomeMain(t *testing.T) {
 				Link(m("/run/opengl-driver"), "/run/opengl-driver", true).
 				Bind(fhs.AbsVarLib.Append("hakurei/u0/org.chromium.Chromium"),
 					m("/data/data/org.chromium.Chromium"),
-					comp.BindWritable|comp.BindEnsure).
+					std.BindWritable|std.BindEnsure).
 				Bind(fhs.AbsDev.Append("dri"), fhs.AbsDev.Append("dri"),
-					comp.BindOptional|comp.BindWritable|comp.BindDevice).
+					std.BindOptional|std.BindWritable|std.BindDevice).
 				Remount(fhs.AbsRoot, syscall.MS_RDONLY),
 		}},
 
@@ -215,7 +215,7 @@ func TestOutcomeMain(t *testing.T) {
 			0x96, 0xd7, 0xbc, 0x15,
 			0xbd, 0x01, 0x78, 0x0e,
 			0xb9, 0xa6, 0x07, 0xac,
-		}, system.New(t.Context(), msg, 1000000).
+		}, system.New(t.Context(), msg, 10000).
 			Ensure(m("/tmp/hakurei.0"), 0711).
 			Ensure(m("/tmp/hakurei.0/runtime"), 0700).
 			UpdatePermType(system.User, m("/tmp/hakurei.0/runtime"), acl.Execute).
@@ -239,24 +239,24 @@ func TestOutcomeMain(t *testing.T) {
 				"XDG_SESSION_TYPE=tty",
 			},
 			Ops: new(container.Ops).
-				Root(m("/"), comp.BindWritable).
+				Root(m("/"), std.BindWritable).
 				Proc(m("/proc/")).
 				Tmpfs(hst.AbsPrivateTmp, 4096, 0755).
 				DevWritable(m("/dev/"), true).
 				Tmpfs(m("/dev/shm"), 0, 01777).
 				Tmpfs(m("/run/user/"), 4096, 0755).
-				Bind(m("/tmp/hakurei.0/runtime/0"), m("/run/user/65534"), comp.BindWritable).
-				Bind(m("/tmp/hakurei.0/tmpdir/0"), m("/tmp/"), comp.BindWritable).
+				Bind(m("/tmp/hakurei.0/runtime/0"), m("/run/user/65534"), std.BindWritable).
+				Bind(m("/tmp/hakurei.0/tmpdir/0"), m("/tmp/"), std.BindWritable).
 				Place(m("/etc/passwd"), []byte("chronos:x:65534:65534:Hakurei:/home/chronos:/run/current-system/sw/bin/zsh\n")).
 				Place(m("/etc/group"), []byte("hakurei:x:65534:\n")).
-				Bind(m("/dev/kvm"), m("/dev/kvm"), comp.BindWritable|comp.BindDevice|comp.BindOptional).
+				Bind(m("/dev/kvm"), m("/dev/kvm"), std.BindWritable|std.BindDevice|std.BindOptional).
 				Etc(m("/etc/"), "4a450b6596d7bc15bd01780eb9a607ac").
 				Tmpfs(m("/run/user/1971"), 8192, 0755).
 				Tmpfs(m("/run/nscd"), 8192, 0755).
 				Tmpfs(m("/run/dbus"), 8192, 0755).
 				Remount(m("/dev/"), syscall.MS_RDONLY).
 				Remount(m("/"), syscall.MS_RDONLY),
-			SeccompPresets: comp.PresetExt | comp.PresetDenyDevel,
+			SeccompPresets: std.PresetExt | std.PresetDenyDevel,
 			HostNet:        true,
 			HostAbstract:   true,
 			RetainSession:  true,
@@ -339,7 +339,7 @@ func TestOutcomeMain(t *testing.T) {
 			0xb1, 0x75, 0x91, 0x17,
 			0x82, 0xd4, 0x13, 0x36,
 			0x9b, 0x64, 0xce, 0x7c,
-		}, system.New(t.Context(), msg, 1000009).
+		}, system.New(t.Context(), msg, 10009).
 			Ensure(m("/tmp/hakurei.0"), 0711).
 			Ensure(m("/tmp/hakurei.0/runtime"), 0700).UpdatePermType(system.User, m("/tmp/hakurei.0/runtime"), acl.Execute).
 			Ensure(m("/tmp/hakurei.0/runtime/9"), 0700).UpdatePermType(system.User, m("/tmp/hakurei.0/runtime/9"), acl.Read, acl.Write, acl.Execute).
@@ -347,8 +347,8 @@ func TestOutcomeMain(t *testing.T) {
 			Ensure(m("/tmp/hakurei.0/tmpdir/9"), 01700).UpdatePermType(system.User, m("/tmp/hakurei.0/tmpdir/9"), acl.Read, acl.Write, acl.Execute).
 			Ephemeral(system.Process, m("/tmp/hakurei.0/ebf083d1b175911782d413369b64ce7c"), 0711).
 			Wayland(m("/tmp/hakurei.0/ebf083d1b175911782d413369b64ce7c/wayland"), m("/run/user/1971/wayland-0"), "org.chromium.Chromium", "ebf083d1b175911782d413369b64ce7c").
-			Ensure(m("/run/user/1971/hakurei"), 0700).UpdatePermType(system.User, m("/run/user/1971/hakurei"), acl.Execute).
 			Ensure(m("/run/user/1971"), 0700).UpdatePermType(system.User, m("/run/user/1971"), acl.Execute). // this is ordered as is because the previous Ensure only calls mkdir if XDG_RUNTIME_DIR is unset
+			Ensure(m("/run/user/1971/hakurei"), 0700).UpdatePermType(system.User, m("/run/user/1971/hakurei"), acl.Execute).
 			Ephemeral(system.Process, m("/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c"), 0700).UpdatePermType(system.Process, m("/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c"), acl.Execute).
 			Link(m("/run/user/1971/pulse/native"), m("/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c/pulse")).
 			MustProxyDBus(&hst.BusConfig{
@@ -408,14 +408,14 @@ func TestOutcomeMain(t *testing.T) {
 				"XDG_SESSION_TYPE=wayland",
 			},
 			Ops: new(container.Ops).
-				Root(m("/"), comp.BindWritable).
+				Root(m("/"), std.BindWritable).
 				Proc(m("/proc/")).
 				Tmpfs(hst.AbsPrivateTmp, 4096, 0755).
 				DevWritable(m("/dev/"), true).
 				Tmpfs(m("/dev/shm"), 0, 01777).
 				Tmpfs(m("/run/user/"), 4096, 0755).
-				Bind(m("/tmp/hakurei.0/runtime/9"), m("/run/user/65534"), comp.BindWritable).
-				Bind(m("/tmp/hakurei.0/tmpdir/9"), m("/tmp/"), comp.BindWritable).
+				Bind(m("/tmp/hakurei.0/runtime/9"), m("/run/user/65534"), std.BindWritable).
+				Bind(m("/tmp/hakurei.0/tmpdir/9"), m("/tmp/"), std.BindWritable).
 				Place(m("/etc/passwd"), []byte("chronos:x:65534:65534:Hakurei:/home/chronos:/run/current-system/sw/bin/zsh\n")).
 				Place(m("/etc/group"), []byte("hakurei:x:65534:\n")).
 				Bind(m("/tmp/hakurei.0/ebf083d1b175911782d413369b64ce7c/wayland"), m("/run/user/65534/wayland-0"), 0).
@@ -423,15 +423,15 @@ func TestOutcomeMain(t *testing.T) {
 				Place(m(hst.PrivateTmp+"/pulse-cookie"), bytes.Repeat([]byte{0}, pulseCookieSizeMax)).
 				Bind(m("/tmp/hakurei.0/ebf083d1b175911782d413369b64ce7c/bus"), m("/run/user/65534/bus"), 0).
 				Bind(m("/tmp/hakurei.0/ebf083d1b175911782d413369b64ce7c/system_bus_socket"), m("/var/run/dbus/system_bus_socket"), 0).
-				Bind(m("/dev/dri"), m("/dev/dri"), comp.BindWritable|comp.BindDevice|comp.BindOptional).
-				Bind(m("/dev/kvm"), m("/dev/kvm"), comp.BindWritable|comp.BindDevice|comp.BindOptional).
+				Bind(m("/dev/dri"), m("/dev/dri"), std.BindWritable|std.BindDevice|std.BindOptional).
+				Bind(m("/dev/kvm"), m("/dev/kvm"), std.BindWritable|std.BindDevice|std.BindOptional).
 				Etc(m("/etc/"), "ebf083d1b175911782d413369b64ce7c").
 				Tmpfs(m("/run/user/1971"), 8192, 0755).
 				Tmpfs(m("/run/nscd"), 8192, 0755).
 				Tmpfs(m("/run/dbus"), 8192, 0755).
 				Remount(m("/dev/"), syscall.MS_RDONLY).
 				Remount(m("/"), syscall.MS_RDONLY),
-			SeccompPresets: comp.PresetExt | comp.PresetDenyDevel,
+			SeccompPresets: std.PresetExt | std.PresetDenyDevel,
 			HostNet:        true,
 			HostAbstract:   true,
 			RetainSession:  true,
@@ -493,14 +493,14 @@ func TestOutcomeMain(t *testing.T) {
 			0x66, 0xda, 0xbe, 0x57,
 			0x4c, 0xf0, 0x73, 0xbd,
 			0xb4, 0x6e, 0xb5, 0xc1,
-		}, system.New(t.Context(), msg, 1000001).
+		}, system.New(t.Context(), msg, 10001).
 			Ensure(m("/tmp/hakurei.0"), 0711).
 			Ensure(m("/tmp/hakurei.0/runtime"), 0700).UpdatePermType(system.User, m("/tmp/hakurei.0/runtime"), acl.Execute).
 			Ensure(m("/tmp/hakurei.0/runtime/1"), 0700).UpdatePermType(system.User, m("/tmp/hakurei.0/runtime/1"), acl.Read, acl.Write, acl.Execute).
 			Ensure(m("/tmp/hakurei.0/tmpdir"), 0700).UpdatePermType(system.User, m("/tmp/hakurei.0/tmpdir"), acl.Execute).
 			Ensure(m("/tmp/hakurei.0/tmpdir/1"), 01700).UpdatePermType(system.User, m("/tmp/hakurei.0/tmpdir/1"), acl.Read, acl.Write, acl.Execute).
-			Ensure(m("/run/user/1971/hakurei"), 0700).UpdatePermType(system.User, m("/run/user/1971/hakurei"), acl.Execute).
 			Ensure(m("/run/user/1971"), 0700).UpdatePermType(system.User, m("/run/user/1971"), acl.Execute). // this is ordered as is because the previous Ensure only calls mkdir if XDG_RUNTIME_DIR is unset
+			Ensure(m("/run/user/1971/hakurei"), 0700).UpdatePermType(system.User, m("/run/user/1971/hakurei"), acl.Execute).
 			UpdatePermType(hst.EWayland, m("/run/user/1971/wayland-0"), acl.Read, acl.Write, acl.Execute).
 			Ephemeral(system.Process, m("/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1"), 0700).UpdatePermType(system.Process, m("/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1"), acl.Execute).
 			Link(m("/run/user/1971/pulse/native"), m("/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1/pulse")).
@@ -560,8 +560,8 @@ func TestOutcomeMain(t *testing.T) {
 				DevWritable(m("/dev/"), true).
 				Tmpfs(m("/dev/shm"), 0, 01777).
 				Tmpfs(m("/run/user/"), 4096, 0755).
-				Bind(m("/tmp/hakurei.0/runtime/1"), m("/run/user/1971"), comp.BindWritable).
-				Bind(m("/tmp/hakurei.0/tmpdir/1"), m("/tmp/"), comp.BindWritable).
+				Bind(m("/tmp/hakurei.0/runtime/1"), m("/run/user/1971"), std.BindWritable).
+				Bind(m("/tmp/hakurei.0/tmpdir/1"), m("/tmp/"), std.BindWritable).
 				Place(m("/etc/passwd"), []byte("u0_a1:x:1971:100:Hakurei:/var/lib/persist/module/hakurei/0/1:/run/current-system/sw/bin/zsh\n")).
 				Place(m("/etc/group"), []byte("hakurei:x:100:\n")).
 				Bind(m("/run/user/1971/wayland-0"), m("/run/user/1971/wayland-0"), 0).
@@ -573,18 +573,18 @@ func TestOutcomeMain(t *testing.T) {
 				Bind(m("/usr/bin/"), m("/usr/bin/"), 0).
 				Bind(m("/nix/store"), m("/nix/store"), 0).
 				Bind(m("/run/current-system"), m("/run/current-system"), 0).
-				Bind(m("/sys/block"), m("/sys/block"), comp.BindOptional).
-				Bind(m("/sys/bus"), m("/sys/bus"), comp.BindOptional).
-				Bind(m("/sys/class"), m("/sys/class"), comp.BindOptional).
-				Bind(m("/sys/dev"), m("/sys/dev"), comp.BindOptional).
-				Bind(m("/sys/devices"), m("/sys/devices"), comp.BindOptional).
+				Bind(m("/sys/block"), m("/sys/block"), std.BindOptional).
+				Bind(m("/sys/bus"), m("/sys/bus"), std.BindOptional).
+				Bind(m("/sys/class"), m("/sys/class"), std.BindOptional).
+				Bind(m("/sys/dev"), m("/sys/dev"), std.BindOptional).
+				Bind(m("/sys/devices"), m("/sys/devices"), std.BindOptional).
 				Bind(m("/run/opengl-driver"), m("/run/opengl-driver"), 0).
-				Bind(m("/dev/dri"), m("/dev/dri"), comp.BindDevice|comp.BindWritable|comp.BindOptional).
+				Bind(m("/dev/dri"), m("/dev/dri"), std.BindDevice|std.BindWritable|std.BindOptional).
 				Etc(m("/etc/"), "8e2c76b066dabe574cf073bdb46eb5c1").
-				Bind(m("/var/lib/persist/module/hakurei/0/1"), m("/var/lib/persist/module/hakurei/0/1"), comp.BindWritable|comp.BindEnsure).
+				Bind(m("/var/lib/persist/module/hakurei/0/1"), m("/var/lib/persist/module/hakurei/0/1"), std.BindWritable|std.BindEnsure).
 				Remount(m("/dev/"), syscall.MS_RDONLY).
 				Remount(m("/"), syscall.MS_RDONLY),
-			SeccompPresets: comp.PresetExt | comp.PresetDenyTTY | comp.PresetDenyDevel,
+			SeccompPresets: std.PresetExt | std.PresetDenyTTY | std.PresetDenyDevel,
 			HostNet:        true,
 			ForwardCancel:  true,
 		}},
@@ -700,7 +700,8 @@ type stubNixOS struct {
 	panicDispatcher
 }
 
-func (k *stubNixOS) getpid() int { return 0xdeadbeef }
+func (k *stubNixOS) getppid() int { return 0xbad }
+func (k *stubNixOS) getpid() int  { return 0xdead }
 func (k *stubNixOS) getuid() int  { return 1971 }
 func (k *stubNixOS) getgid() int  { return 100 }
 

internal/outcome/outcome.go

@@ -128,7 +128,7 @@ func (s *outcomeState) populateLocal(k syscallDispatcher, msg message.Msg) error
 
 	s.identity = newInt(s.Identity)
 	s.mapuid, s.mapgid = newInt(s.Mapuid), newInt(s.Mapgid)
-	s.uid = newInt(HsuUid(s.UserID, s.identity.unwrap()))
+	s.uid = newInt(hst.ToUser(s.UserID, s.identity.unwrap()))
 
 	return nil
 }
@@ -196,10 +196,10 @@ func (state *outcomeStateSys) ensureRuntimeDir() {
 		return
 	}
 	state.useRuntimeDir = true
-	state.sys.Ensure(state.sc.RunDirPath, 0700)
-	state.sys.UpdatePermType(system.User, state.sc.RunDirPath, acl.Execute)
-	state.sys.Ensure(state.sc.RuntimePath, 0700) // ensure this dir in case XDG_RUNTIME_DIR is unset
-	state.sys.UpdatePermType(system.User, state.sc.RuntimePath, acl.Execute)
+	state.sys.
+		// ensure this dir in case XDG_RUNTIME_DIR is unset
+		Ensure(state.sc.RuntimePath, 0700).UpdatePermType(system.User, state.sc.RuntimePath, acl.Execute).
+		Ensure(state.sc.RunDirPath, 0700).UpdatePermType(system.User, state.sc.RunDirPath, acl.Execute)
 }
 
 // instance returns the pathname to a process-specific directory within TMPDIR.

internal/outcome/process.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/gob"
 	"errors"
+	"math"
 	"os"
 	"os/exec"
 	"strconv"
@@ -12,200 +13,27 @@ import (
 	"time"
 
 	"hakurei.app/container"
+	"hakurei.app/container/check"
 	"hakurei.app/container/fhs"
 	"hakurei.app/hst"
 	"hakurei.app/internal"
-	"hakurei.app/internal/state"
+	"hakurei.app/internal/store"
 	"hakurei.app/message"
 	"hakurei.app/system"
 )
 
-// Duration to wait for shim to exit on top of container WaitDelay.
-const shimWaitTimeout = 5 * time.Second
-
-// mainState holds persistent state bound to outcome.main.
-type mainState struct {
-	// done is whether beforeExit has been called already.
-	done bool
-
-	// Time is the exact point in time where the process was created.
-	// Location must be set to UTC.
-	//
-	// Time is nil if no process was ever created.
-	Time *time.Time
-
-	store   state.Store
-	cancel  context.CancelFunc
-	cmd     *exec.Cmd
-	cmdWait chan error
-
-	k *outcome
-	message.Msg
-	uintptr
-}
-
 const (
-	// mainNeedsRevert indicates the call to Commit has succeeded.
-	mainNeedsRevert uintptr = 1 << iota
-	// mainNeedsDestroy indicates the instance state entry is present in the store.
-	mainNeedsDestroy
+	// Duration to wait for shim to exit on top of container WaitDelay.
+	shimWaitTimeout = 5 * time.Second
+	// Timeout for writing outcomeState to the shim setup pipe.
+	shimSetupTimeout = 5 * time.Second
 )
 
-// beforeExit must be called immediately before a call to [os.Exit].
-func (ms mainState) beforeExit(isFault bool) {
-	if ms.done {
-		panic("attempting to call beforeExit twice")
-	}
-	ms.done = true
-	defer ms.BeforeExit()
-
-	if isFault && ms.cancel != nil {
-		ms.cancel()
-	}
-
-	var hasErr bool
-	// updates hasErr but does not terminate
-	perror := func(err error, message string) {
-		hasErr = true
-		printMessageError(ms.GetLogger().Println, "cannot "+message+":", err)
-	}
-	exitCode := 1
-	defer func() {
-		if hasErr {
-			os.Exit(exitCode)
-		}
-	}()
-
-	// this also handles wait for a non-fault termination
-	if ms.cmd != nil && ms.cmdWait != nil {
-		waitDone := make(chan struct{})
-
-		// this ties waitDone to ctx with the additional compensated timeout duration
-		go func() { <-ms.k.ctx.Done(); time.Sleep(ms.k.state.Shim.WaitDelay + shimWaitTimeout); close(waitDone) }()
-
-		select {
-		case err := <-ms.cmdWait:
-			wstatus, ok := ms.cmd.ProcessState.Sys().(syscall.WaitStatus)
-			if ok {
-				if v := wstatus.ExitStatus(); v != 0 {
-					hasErr = true
-					exitCode = v
-				}
-			}
-
-			if ms.IsVerbose() {
-				if !ok {
-					if err != nil {
-						ms.Verbosef("wait: %v", err)
-					}
-				} else {
-					switch {
-					case wstatus.Exited():
-						ms.Verbosef("process %d exited with code %d", ms.cmd.Process.Pid, wstatus.ExitStatus())
-
-					case wstatus.CoreDump():
-						ms.Verbosef("process %d dumped core", ms.cmd.Process.Pid)
-
-					case wstatus.Signaled():
-						ms.Verbosef("process %d got %s", ms.cmd.Process.Pid, wstatus.Signal())
-
-					default:
-						ms.Verbosef("process %d exited with status %#x", ms.cmd.Process.Pid, wstatus)
-					}
-				}
-			}
-
-		case <-waitDone:
-			ms.Resume()
-			// this is only reachable when shim did not exit within shimWaitTimeout, after its WaitDelay has elapsed.
-			// This is different from the container failing to terminate within its timeout period, as that is enforced
-			// by the shim. This path is instead reached when there is a lockup in shim preventing it from completing.
-			ms.GetLogger().Printf("process %d did not terminate", ms.cmd.Process.Pid)
-		}
-
-		ms.Resume()
-	}
-
-	if ms.uintptr&mainNeedsRevert != 0 {
-		if ok, err := ms.store.Do(ms.k.state.identity.unwrap(), func(c state.Cursor) {
-			if ms.uintptr&mainNeedsDestroy != 0 {
-				if err := c.Destroy(ms.k.state.id.unwrap()); err != nil {
-					perror(err, "destroy state entry")
-				}
-			}
-
-			var rt hst.Enablement
-			if states, err := c.Load(); err != nil {
-				// it is impossible to continue from this point;
-				// revert per-process state here to limit damage
-				ec := system.Process
-				if revertErr := ms.k.sys.Revert((*system.Criteria)(&ec)); revertErr != nil {
-					var joinError interface {
-						Unwrap() []error
-						error
-					}
-					if !errors.As(revertErr, &joinError) || joinError == nil {
-						perror(revertErr, "revert system setup")
-					} else {
-						for _, v := range joinError.Unwrap() {
-							perror(v, "revert system setup step")
-						}
-					}
-				}
-				perror(err, "load instance states")
-			} else {
-				ec := system.Process
-				if l := len(states); l == 0 {
-					ec |= system.User
-				} else {
-					ms.Verbosef("found %d instances, cleaning up without user-scoped operations", l)
-				}
-
-				// accumulate enablements of remaining launchers
-				for i, s := range states {
-					if s.Config != nil {
-						rt |= s.Config.Enablements.Unwrap()
-					} else {
-						ms.GetLogger().Printf("state entry %d does not contain config", i)
-					}
-				}
-
-				ec |= rt ^ (hst.EWayland | hst.EX11 | hst.EDBus | hst.EPulse)
-				if ms.IsVerbose() {
-					if ec > 0 {
-						ms.Verbose("reverting operations scope", system.TypeString(ec))
-					}
-				}
-
-				if err = ms.k.sys.Revert((*system.Criteria)(&ec)); err != nil {
-					perror(err, "revert system setup")
-				}
-			}
-		}); err != nil {
-			if ok {
-				perror(err, "unlock state store")
-			} else {
-				perror(err, "open state store")
-			}
-		}
-	} else if ms.uintptr&mainNeedsDestroy != 0 {
-		panic("unreachable")
-	}
-}
-
-// fatal calls printMessageError, performs necessary cleanup, followed by a call to [os.Exit](1).
-func (ms mainState) fatal(fallback string, ferr error) {
-	printMessageError(ms.GetLogger().Println, fallback, ferr)
-	ms.beforeExit(true)
-	os.Exit(1)
-}
+// NewStore returns the address of a new instance of [store.Store].
+func NewStore(sc *hst.Paths) *store.Store { return store.New(sc.SharePath.Append("state")) }
 
 // main carries out outcome and terminates. main does not return.
 func (k *outcome) main(msg message.Msg) {
-	if !k.active.CompareAndSwap(false, true) {
-		panic("outcome: attempted to run twice")
-	}
-
 	if k.ctx == nil || k.sys == nil || k.state == nil {
 		panic("outcome: did not finalise")
 	}
@@ -213,31 +41,303 @@ func (k *outcome) main(msg message.Msg) {
 	// read comp value early for early failure
 	hsuPath := internal.MustHsuPath()
 
-	// ms.beforeExit required beyond this point
-	ms := &mainState{Msg: msg, k: k}
-
-	if err := k.sys.Commit(); err != nil {
-		ms.fatal("cannot commit system setup:", err)
-	}
-	ms.uintptr |= mainNeedsRevert
-	ms.store = state.NewMulti(msg, k.state.sc.RunDirPath)
+	const (
+		// transitions to processCommit, or processFinal on failure
+		processStart = iota
+		// transitions to processServe, or processLifecycle on failure
+		processCommit
+		// transitions to processLifecycle only
+		processServe
+		// transitions to processCleanup only
+		processLifecycle
+		// transitions to processFinal only
+		processCleanup
+		// execution terminates, must be the final state
+		processFinal
+	)
 
+	// for the shim process
 	ctx, cancel := context.WithCancel(k.ctx)
 	defer cancel()
-	ms.cancel = cancel
 
-	ms.cmd = exec.CommandContext(ctx, hsuPath.String())
-	ms.cmd.Stdin, ms.cmd.Stdout, ms.cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
-	ms.cmd.Dir = fhs.Root // container init enters final working directory
-	// shim runs in the same session as monitor; see shim.go for behaviour
-	ms.cmd.Cancel = func() error { return ms.cmd.Process.Signal(syscall.SIGCONT) }
+	var (
+		// state for next iteration
+		processState uintptr = processStart
+		// current state, must not be mutated directly
+		processStateCur uintptr = math.MaxUint
+		// point in time the current iteration began
+		processTime time.Time
 
-	var e *gob.Encoder
-	if fd, encoder, err := container.Setup(&ms.cmd.ExtraFiles); err != nil {
-		ms.fatal("cannot create shim setup pipe:", err)
+		// whether sys is currently in between a call to Commit and Revert
+		isBeforeRevert bool
+
+		// initialised during processStart if successful
+		handle *store.Handle
+		// initialised during processServe if state is saved
+		entryHandle *store.EntryHandle
+
+		// can be set in any state, used in processFinal
+		exitCode int
+
+		// shim process startup time,
+		// populated in processStart, accessed by processServe
+		startTime time.Time
+		// shim process as target uid,
+		// populated in processStart, accessed by processServe
+		shimCmd *exec.Cmd
+		// write end of shim setup pipe,
+		// populated in processStart, accessed by processServe
+		shimPipe *os.File
+
+		// perror cancels ctx and prints an error message
+		perror = func(err error, message string) {
+			cancel()
+			if shimPipe != nil {
+				if closeErr := shimPipe.Close(); closeErr != nil {
+					msg.Verbose(closeErr.Error())
+				}
+				shimPipe = nil
+			}
+			if exitCode == 0 {
+				exitCode = 1
+			}
+			printMessageError(msg.GetLogger().Println, "cannot "+message+":", err)
+		}
+
+		// perrorFatal cancels ctx, prints an error message, and sets the next state
+		perrorFatal = func(err error, message string, newState uintptr) {
+			perror(err, message)
+			processState = newState
+		}
+	)
+
+	for {
+		var processStatePrev uintptr
+		processStatePrev, processStateCur = processStateCur, processState
+
+		if !processTime.IsZero() && processStatePrev != processLifecycle {
+			msg.Verbosef("state %d took %.2f ms", processStatePrev, float64(time.Since(processTime).Nanoseconds())/1e6)
+		}
+		processTime = time.Now()
+
+		switch processState {
+		case processStart:
+			if h, err := NewStore(&k.state.sc).Handle(k.state.identity.unwrap()); err != nil {
+				perrorFatal(err, "obtain store segment handle", processFinal)
+				continue
 			} else {
-		e = encoder
-		ms.cmd.Env = []string{
+				handle = h
+			}
+
+			cmd, f, err := k.start(ctx, msg, hsuPath, &startTime)
+			if err != nil {
+				perrorFatal(err, "start shim", processFinal)
+				continue
+			} else {
+				shimCmd, shimPipe = cmd, f
+			}
+
+			processState = processCommit
+
+		case processCommit:
+			if isBeforeRevert {
+				perrorFatal(newWithMessage("invalid transition to commit state"), "commit", processLifecycle)
+				continue
+			}
+
+			unlock, err := handle.Lock()
+			if err != nil {
+				perrorFatal(err, "acquire lock on store segment", processLifecycle)
+				continue
+			}
+			if entryHandle, err = handle.Save(&hst.State{
+				ID:      k.state.id.unwrap(),
+				PID:     os.Getpid(),
+				ShimPID: shimCmd.Process.Pid,
+				Config:  k.config,
+				Time:    startTime,
+			}); err != nil {
+				unlock()
+				// transition here to avoid the commit/revert cycle on the doomed instance
+				perrorFatal(err, "save instance state", processLifecycle)
+				continue
+			}
+
+			err = k.sys.Commit()
+			unlock()
+			if err != nil {
+				perrorFatal(err, "commit system setup", processLifecycle)
+				continue
+			}
+			isBeforeRevert = true
+
+			processState = processServe
+
+		case processServe:
+			// this state transition to processLifecycle only
+			processState = processLifecycle
+
+			// this starts the container, system setup must complete before this point
+			if err := serveShim(msg, shimPipe, k.state); err != nil {
+				perror(err, "serve shim payload")
+				continue
+			} else {
+				shimPipe = nil // this is already closed by serveShim
+			}
+
+		case processLifecycle:
+			// this state transition to processCleanup only
+			processState = processCleanup
+
+			msg.Suspend()
+			select {
+			case err := <-func() chan error { w := make(chan error, 1); go func() { w <- shimCmd.Wait(); cancel() }(); return w }():
+				wstatus, ok := shimCmd.ProcessState.Sys().(syscall.WaitStatus)
+				if ok {
+					if v := wstatus.ExitStatus(); v != 0 {
+						exitCode = v
+					}
+				}
+
+				if msg.IsVerbose() {
+					if !ok {
+						if err != nil {
+							msg.Verbosef("wait: %v", err)
+						}
+					} else {
+						switch {
+						case wstatus.Exited():
+							msg.Verbosef("process %d exited with code %d", shimCmd.Process.Pid, wstatus.ExitStatus())
+
+						case wstatus.CoreDump():
+							msg.Verbosef("process %d dumped core", shimCmd.Process.Pid)
+
+						case wstatus.Signaled():
+							msg.Verbosef("process %d got %s", shimCmd.Process.Pid, wstatus.Signal())
+
+						default:
+							msg.Verbosef("process %d exited with status %#x", shimCmd.Process.Pid, wstatus)
+						}
+					}
+				}
+
+			case <-func() chan struct{} {
+				w := make(chan struct{})
+				// this ties processLifecycle to ctx with the additional compensated timeout duration
+				// to allow transition to the next state on a locked up shim
+				go func() { <-ctx.Done(); time.Sleep(k.state.Shim.WaitDelay + shimWaitTimeout); close(w) }()
+				return w
+			}():
+				// this is only reachable when wait did not return within shimWaitTimeout, after its WaitDelay has elapsed.
+				// This is different from the container failing to terminate within its timeout period, as that is enforced
+				// by the shim. This path is instead reached when there is a lockup in shim preventing it from completing.
+				msg.GetLogger().Printf("process %d did not terminate", shimCmd.Process.Pid)
+			}
+			msg.Resume()
+
+		case processCleanup:
+			// this state transition to processFinal only
+			processState = processFinal
+
+			unlock := func() { msg.Verbose("skipping unlock as lock was not successfully acquired") }
+			if f, err := handle.Lock(); err != nil {
+				perror(err, "acquire lock on store segment")
+			} else {
+				unlock = f
+			}
+
+			if entryHandle != nil {
+				if err := entryHandle.Destroy(); err != nil {
+					perror(err, "destroy state entry")
+				}
+			}
+
+			if isBeforeRevert {
+				ec := system.Process
+
+				if entries, _, err := handle.Entries(); err != nil {
+					// it is impossible to continue from this point,
+					// per-process state will be reverted to limit damage
+					perror(err, "read store segment entries")
+				} else {
+					// accumulate enablements of remaining instances
+					var (
+						// alive enablement bits
+						rt hst.Enablement
+						// alive instance count
+						n int
+					)
+					for eh := range entries {
+						var et hst.Enablement
+						if et, err = eh.Load(nil); err != nil {
+							perror(err, "read state header of instance "+eh.ID.String())
+						} else {
+							rt |= et
+							n++
+						}
+					}
+
+					if n == 0 {
+						ec |= system.User
+					} else {
+						msg.Verbosef("found %d instances, cleaning up without user-scoped operations", n)
+					}
+					ec |= rt ^ (hst.EWayland | hst.EX11 | hst.EDBus | hst.EPulse)
+					if msg.IsVerbose() {
+						if ec > 0 {
+							msg.Verbose("reverting operations scope", system.TypeString(ec))
+						}
+					}
+				}
+
+				if err := k.sys.Revert((*system.Criteria)(&ec)); err != nil {
+					var joinError interface {
+						Unwrap() []error
+						error
+					}
+					if !errors.As(err, &joinError) || joinError == nil {
+						perror(err, "revert system setup")
+					} else {
+						for _, v := range joinError.Unwrap() {
+							perror(v, "revert system setup step")
+						}
+					}
+				}
+				isBeforeRevert = false
+			}
+			unlock()
+
+		case processFinal:
+			msg.BeforeExit()
+			os.Exit(exitCode)
+
+		default: // not reached
+			k.fatalf("invalid transition from state %d to %d", processStatePrev, processState)
+			panic("unreachable")
+		}
+	}
+}
+
+// start starts the shim via cmd/hsu.
+//
+// If successful, a [time.Time] value for [hst.State] is stored in the value pointed to by startTime.
+// The resulting [exec.Cmd] and write end of the shim setup pipe is returned.
+func (k *outcome) start(ctx context.Context, msg message.Msg,
+	hsuPath *check.Absolute,
+	startTime *time.Time,
+) (*exec.Cmd, *os.File, error) {
+	cmd := exec.CommandContext(ctx, hsuPath.String())
+	cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
+	cmd.Dir = fhs.Root // container init enters final working directory
+	// shim runs in the same session as monitor; see shim.go for behaviour
+	cmd.Cancel = func() error { return cmd.Process.Signal(syscall.SIGCONT) }
+
+	var shimPipe *os.File
+	if fd, w, err := container.Setup(&cmd.ExtraFiles); err != nil {
+		return cmd, nil, &hst.AppError{Step: "create shim setup pipe", Err: err}
+	} else {
+		shimPipe = w
+		cmd.Env = []string{
 			// passed through to shim by hsu
 			shimEnv + "=" + strconv.Itoa(fd),
 			// interpreted by hsu
@@ -248,63 +348,34 @@ func (k *outcome) main(msg message.Msg) {
 	if len(k.supp) > 0 {
 		msg.Verbosef("attaching supplementary group ids %s", k.supp)
 		// interpreted by hsu
-		ms.cmd.Env = append(ms.cmd.Env, "HAKUREI_GROUPS="+strings.Join(k.supp, " "))
+		cmd.Env = append(cmd.Env, "HAKUREI_GROUPS="+strings.Join(k.supp, " "))
 	}
 
 	msg.Verbosef("setuid helper at %s", hsuPath)
-	msg.Suspend()
-	if err := ms.cmd.Start(); err != nil {
-		ms.fatal("cannot start setuid wrapper:", err)
-	}
-	startTime := time.Now().UTC()
-	ms.cmdWait = make(chan error, 1)
-	// this ties context back to the life of the process
-	go func() { ms.cmdWait <- ms.cmd.Wait(); cancel() }()
-	ms.Time = &startTime
-
-	// unfortunately the I/O here cannot be directly canceled;
-	// the cancellation path leads to fatal in this case so that is fine
-	select {
-	case err := <-func() (setupErr chan error) {
-		setupErr = make(chan error, 1)
-		go func() { setupErr <- e.Encode(k.state) }()
-		return
-	}():
-		if err != nil {
+	if err := cmd.Start(); err != nil {
 		msg.Resume()
-			ms.fatal("cannot transmit shim config:", err)
+		return cmd, shimPipe, &hst.AppError{Step: "start setuid wrapper", Err: err}
 	}
 
-	case <-ctx.Done():
+	*startTime = time.Now().UTC()
+	return cmd, shimPipe, nil
+}
+
+// serveShim serves outcomeState through the shim setup pipe.
+func serveShim(msg message.Msg, shimPipe *os.File, state *outcomeState) error {
+	if shimPipe == nil {
+		return newWithMessage("shim pipe not available")
+	}
+
+	if err := shimPipe.SetDeadline(time.Now().Add(shimSetupTimeout)); err != nil {
+		msg.Verbose(err.Error())
+	}
+	if err := gob.NewEncoder(shimPipe).Encode(state); err != nil {
 		msg.Resume()
-		ms.fatal("shim context canceled:", newWithMessageError("shim setup canceled", ctx.Err()))
+		return &hst.AppError{Step: "transmit shim config", Err: err}
 	}
-
-	// shim accepted setup payload, create process state
-	if ok, err := ms.store.Do(k.state.identity.unwrap(), func(c state.Cursor) {
-		if err := c.Save(&hst.State{
-			ID:      k.state.id.unwrap(),
-			PID:     os.Getpid(),
-			ShimPID: ms.cmd.Process.Pid,
-			Config:  k.config,
-			Time:    *ms.Time,
-		}); err != nil {
-			ms.fatal("cannot save state entry:", err)
-		}
-	}); err != nil {
-		if ok {
-			ms.uintptr |= mainNeedsDestroy
-			ms.fatal("cannot unlock state store:", err)
-		} else {
-			ms.fatal("cannot open state store:", err)
-		}
-	}
-	// state in store at this point, destroy defunct state entry on termination
-	ms.uintptr |= mainNeedsDestroy
-
-	// beforeExit ties shim process to context
-	ms.beforeExit(false)
-	os.Exit(0)
+	_ = shimPipe.Close()
+	return nil
 }
 
 // printMessageError prints the error message according to [message.GetMessage],

internal/outcome/shim.go

@@ -14,8 +14,8 @@ import (
 	"time"
 
 	"hakurei.app/container"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/hst"
 	"hakurei.app/message"
 )
@@ -78,7 +78,7 @@ const shimName = "shim"
 // Shim does not return.
 func Shim(msg message.Msg) {
 	if msg == nil {
-		msg = message.NewMsg(log.Default())
+		msg = message.New(log.Default())
 	}
 	shimEntrypoint(direct{msg})
 }
@@ -96,11 +96,37 @@ func shimEntrypoint(k syscallDispatcher) {
 		k.fatalf("cannot set SUID_DUMP_DISABLE: %v", err)
 	}
 
+	// the Go runtime does not expose siginfo_t so SIGCONT is handled in C to check si_pid
+	ppid := k.getppid()
+	var signalPipe io.ReadCloser
+	if r, wKeepAlive, err := k.setupContSignal(ppid); err != nil {
+		switch {
+		case errors.As(err, new(*os.SyscallError)): // returned by os.Pipe
+			k.fatal(err.Error())
+			return
+
+		case errors.As(err, new(syscall.Errno)): // returned by hakurei_shim_setup_cont_signal
+			k.fatalf("cannot install SIGCONT handler: %v", err)
+			return
+
+		default: // unreachable
+			k.fatalf("cannot set up exit request: %v", err)
+			return
+		}
+	} else {
+		defer wKeepAlive()
+		signalPipe = r
+	}
+
 	var (
 		state      outcomeState
 		closeSetup func() error
 	)
 	if f, err := k.receive(shimEnv, &state, nil); err != nil {
+		if errors.Is(err, io.EOF) {
+			// fallback exit request: signal handler not yet installed
+			k.exit(hst.ExitRequest)
+		}
 		if errors.Is(err, syscall.EBADF) {
 			k.fatal("invalid config descriptor")
 		}
@@ -119,25 +145,8 @@ func shimEntrypoint(k syscallDispatcher) {
 		}
 	}
 
-	// the Go runtime does not expose siginfo_t so SIGCONT is handled in C to check si_pid
-	var signalPipe io.ReadCloser
-	if r, wKeepAlive, err := k.setupContSignal(state.Shim.PrivPID); err != nil {
-		switch {
-		case errors.As(err, new(*os.SyscallError)): // returned by os.Pipe
-			k.fatal(err.Error())
-			return
-
-		case errors.As(err, new(syscall.Errno)): // returned by hakurei_shim_setup_cont_signal
-			k.fatalf("cannot install SIGCONT handler: %v", err)
-			return
-
-		default: // unreachable
-			k.fatalf("cannot set up exit request: %v", err)
-			return
-		}
-	} else {
-		defer wKeepAlive()
-		signalPipe = r
+	if state.Shim.PrivPID != ppid {
+		k.fatalf("unexpectedly reparented from %d to %d", state.Shim.PrivPID, ppid)
 	}
 
 	// pdeath_signal delivery is checked as if the dying process called kill(2), see kernel/exit.c
@@ -224,7 +233,7 @@ func shimEntrypoint(k syscallDispatcher) {
 	}
 
 	if err := k.seccompLoad(
-		seccomp.Preset(comp.PresetStrict, seccomp.AllowMultiarch),
+		seccomp.Preset(std.PresetStrict, seccomp.AllowMultiarch),
 		seccomp.AllowMultiarch,
 	); err != nil {
 		k.fatalf("cannot load syscall filter: %v", err)

internal/outcome/shim_test.go

@@ -3,15 +3,16 @@ package outcome
 import (
 	"bytes"
 	"context"
+	"io"
 	"log"
 	"os"
 	"syscall"
 	"testing"
 
 	"hakurei.app/container"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/fhs"
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/container/stub"
 	"hakurei.app/hst"
 	"hakurei.app/internal/env"
@@ -19,7 +20,7 @@ import (
 
 func TestShimEntrypoint(t *testing.T) {
 	t.Parallel()
-	shimPreset := seccomp.Preset(comp.PresetStrict, seccomp.AllowMultiarch)
+	shimPreset := seccomp.Preset(std.PresetStrict, seccomp.AllowMultiarch)
 	templateParams := &container.Params{
 		Dir: m("/data/data/org.chromium.Chromium"),
 		Env: []string{
@@ -60,19 +61,19 @@ func TestShimEntrypoint(t *testing.T) {
 
 		Ops: new(container.Ops).
 			// resolveRoot
-			Root(m("/var/lib/hakurei/base/org.debian"), comp.BindWritable).
+			Root(m("/var/lib/hakurei/base/org.debian"), std.BindWritable).
 			// spParamsOp
 			Proc(fhs.AbsProc).
 			Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
-			Bind(fhs.AbsDev, fhs.AbsDev, comp.BindWritable|comp.BindDevice).
+			Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice).
 			Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777).
 
 			// spRuntimeOp
 			Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
-			Bind(m("/tmp/hakurei.10/runtime/9999"), m("/run/user/1000"), comp.BindWritable).
+			Bind(m("/tmp/hakurei.10/runtime/9999"), m("/run/user/1000"), std.BindWritable).
 
 			// spTmpdirOp
-			Bind(m("/tmp/hakurei.10/tmpdir/9999"), fhs.AbsTmp, comp.BindWritable).
+			Bind(m("/tmp/hakurei.10/tmpdir/9999"), fhs.AbsTmp, std.BindWritable).
 
 			// spAccountOp
 			Place(m("/etc/passwd"), []byte("chronos:x:1000:100:Hakurei:/data/data/org.chromium.Chromium:/run/current-system/sw/bin/zsh\n")).
@@ -100,9 +101,9 @@ func TestShimEntrypoint(t *testing.T) {
 			Link(m("/run/opengl-driver"), "/run/opengl-driver", true).
 			Bind(fhs.AbsVarLib.Append("hakurei/u0/org.chromium.Chromium"),
 				m("/data/data/org.chromium.Chromium"),
-				comp.BindWritable|comp.BindEnsure).
+				std.BindWritable|std.BindEnsure).
 			Bind(fhs.AbsDev.Append("dri"), fhs.AbsDev.Append("dri"),
-				comp.BindOptional|comp.BindWritable|comp.BindDevice).
+				std.BindOptional|std.BindWritable|std.BindDevice).
 			Remount(fhs.AbsRoot, syscall.MS_RDONLY),
 	}
 
@@ -122,7 +123,7 @@ func TestShimEntrypoint(t *testing.T) {
 	templateState := outcomeState{
 		Shim:      newShimParams(),
 		ID:        &checkExpectInstanceId,
-		Identity:  hst.IdentityMax,
+		Identity:  hst.IdentityEnd,
 		UserID:    10,
 		Container: hst.Template().Container,
 		Mapuid:    1000,
@@ -138,34 +139,84 @@ func TestShimEntrypoint(t *testing.T) {
 			call("fatalf", stub.ExpectArgs{"cannot set SUID_DUMP_DISABLE: %v", []any{stub.UniqueError(11)}}, nil, nil),
 		}}, nil},
 
+		{"receive exit request", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
+			call("getMsg", stub.ExpectArgs{}, nil, nil),
+			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
+			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
+			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, io.EOF),
+			call("exit", stub.ExpectArgs{hst.ExitRequest}, stub.PanicExit, nil),
+
+			// deferred
+			call("wKeepAlive", stub.ExpectArgs{}, nil, nil),
+		}}, nil},
+
 		{"receive fd", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, syscall.EBADF),
 			call("fatal", stub.ExpectArgs{[]any{"invalid config descriptor"}}, nil, nil),
+
+			// deferred
+			call("wKeepAlive", stub.ExpectArgs{}, nil, nil),
 		}}, nil},
 
 		{"receive env", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, container.ErrReceiveEnv),
 			call("fatal", stub.ExpectArgs{[]any{"HAKUREI_SHIM not set"}}, nil, nil),
+
+			// deferred
+			call("wKeepAlive", stub.ExpectArgs{}, nil, nil),
 		}}, nil},
 
 		{"receive strange", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, stub.UniqueError(10)),
 			call("fatalf", stub.ExpectArgs{"cannot receive shim setup params: %v", []any{stub.UniqueError(10)}}, nil, nil),
+
+			// deferred
+			call("wKeepAlive", stub.ExpectArgs{}, nil, nil),
+		}}, nil},
+
+		{"reparent", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
+			call("getMsg", stub.ExpectArgs{}, nil, nil),
+			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
+			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
+			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState {
+				state := templateState
+				state.Shim = newShimParams()
+				state.Shim.PrivPID = 0xfff
+				return state
+			}(), nil}, nil, nil),
+			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
+			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
+			call("fatalf", stub.ExpectArgs{"unexpectedly reparented from %d to %d", []any{0xfff, 0xbad}}, nil, nil),
+
+			// deferred
+			call("wKeepAlive", stub.ExpectArgs{}, nil, nil),
 		}}, nil},
 
 		{"invalid state", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState {
 				state := templateState
 				state.Shim = newShimParams()
@@ -174,15 +225,16 @@ func TestShimEntrypoint(t *testing.T) {
 			}(), nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("fatal", stub.ExpectArgs{[]any{"impossible outcome state reached\n"}}, nil, nil),
+
+			// deferred
+			call("wKeepAlive", stub.ExpectArgs{}, nil, nil),
 		}}, nil},
 
 		{"sigaction pipe", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
-			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
-			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
-			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
 			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, &os.SyscallError{Syscall: "pipe2", Err: stub.UniqueError(9)}),
 			call("fatal", stub.ExpectArgs{[]any{"pipe2: unique error 9 injected by the test suite"}}, nil, nil),
 		}}, nil},
@@ -191,9 +243,7 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
-			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
-			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
-			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
 			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, syscall.ENOTRECOVERABLE),
 			call("fatalf", stub.ExpectArgs{"cannot install SIGCONT handler: %v", []any{syscall.ENOTRECOVERABLE}}, nil, nil),
 		}}, nil},
@@ -202,9 +252,7 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
-			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
-			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
-			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
 			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, stub.UniqueError(8)),
 			call("fatalf", stub.ExpectArgs{"cannot set up exit request: %v", []any{stub.UniqueError(8)}}, nil, nil),
 		}}, nil},
@@ -213,10 +261,11 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, stub.UniqueError(7)),
 			call("fatalf", stub.ExpectArgs{"cannot set parent-death signal: %v", []any{stub.UniqueError(7)}}, nil, nil),
 
@@ -228,6 +277,8 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState {
 				state := templateState
 				state.Shim = newShimParams()
@@ -236,7 +287,6 @@ func TestShimEntrypoint(t *testing.T) {
 			}(), nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("fatal", stub.ExpectArgs{[]any{"cannot create container state: unique error 6 injected by the test suite\n"}}, nil, nil),
 
@@ -248,6 +298,8 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState {
 				state := templateState
 				state.Shim = newShimParams()
@@ -256,7 +308,6 @@ func TestShimEntrypoint(t *testing.T) {
 			}(), nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("fatal", stub.ExpectArgs{[]any{"invalid container state"}}, nil, nil),
 
@@ -268,10 +319,11 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("New", stub.ExpectArgs{}, nil, nil),
 			call("closeReceive", stub.ExpectArgs{}, nil, nil),
@@ -291,10 +343,11 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("New", stub.ExpectArgs{}, nil, nil),
 			call("closeReceive", stub.ExpectArgs{}, nil, nil),
@@ -314,10 +367,11 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("New", stub.ExpectArgs{}, nil, nil),
 			call("closeReceive", stub.ExpectArgs{}, nil, nil),
@@ -336,10 +390,11 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("New", stub.ExpectArgs{}, nil, nil),
 			call("closeReceive", stub.ExpectArgs{}, nil, nil),
@@ -359,10 +414,11 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("New", stub.ExpectArgs{}, nil, nil),
 			call("closeReceive", stub.ExpectArgs{}, nil, stub.UniqueError(1)),
@@ -385,10 +441,11 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("New", stub.ExpectArgs{}, nil, nil),
 			call("closeReceive", stub.ExpectArgs{}, nil, nil),
@@ -411,10 +468,11 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("New", stub.ExpectArgs{}, nil, nil),
 			call("closeReceive", stub.ExpectArgs{}, nil, nil),
@@ -436,10 +494,11 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("New", stub.ExpectArgs{}, nil, nil),
 			call("closeReceive", stub.ExpectArgs{}, nil, nil),
@@ -462,10 +521,11 @@ func TestShimEntrypoint(t *testing.T) {
 			call("getMsg", stub.ExpectArgs{}, nil, nil),
 			call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
 			call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil),
+			call("getppid", stub.ExpectArgs{}, 0xbad, nil),
+			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
 			call("swapVerbose", stub.ExpectArgs{true}, false, nil),
 			call("verbosef", stub.ExpectArgs{"process share directory at %q, runtime directory at %q", []any{m("/tmp/hakurei.10"), m("/run/user/1000/hakurei")}}, nil, nil),
-			call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
 			call("prctl", stub.ExpectArgs{uintptr(syscall.PR_SET_PDEATHSIG), uintptr(syscall.SIGCONT), uintptr(0)}, nil, nil),
 			call("New", stub.ExpectArgs{}, nil, nil),
 			call("closeReceive", stub.ExpectArgs{}, nil, nil),

internal/outcome/spcontainer.go

@@ -12,9 +12,9 @@ import (
 
 	"hakurei.app/container"
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/fhs"
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/hst"
 	"hakurei.app/internal/validate"
 	"hakurei.app/message"
@@ -76,16 +76,16 @@ func (s *spParamsOp) toContainer(state *outcomeStateParams) error {
 	}
 
 	if state.Container.Flags&hst.FSeccompCompat == 0 {
-		state.params.SeccompPresets |= comp.PresetExt
+		state.params.SeccompPresets |= std.PresetExt
 	}
 	if state.Container.Flags&hst.FDevel == 0 {
-		state.params.SeccompPresets |= comp.PresetDenyDevel
+		state.params.SeccompPresets |= std.PresetDenyDevel
 	}
 	if state.Container.Flags&hst.FUserns == 0 {
-		state.params.SeccompPresets |= comp.PresetDenyNS
+		state.params.SeccompPresets |= std.PresetDenyNS
 	}
 	if state.Container.Flags&hst.FTty == 0 {
-		state.params.SeccompPresets |= comp.PresetDenyTTY
+		state.params.SeccompPresets |= std.PresetDenyTTY
 	}
 
 	if state.Container.Flags&hst.FMapRealUID != 0 {
@@ -113,7 +113,7 @@ func (s *spParamsOp) toContainer(state *outcomeStateParams) error {
 	if state.Container.Flags&hst.FDevice == 0 {
 		state.params.DevWritable(fhs.AbsDev, true)
 	} else {
-		state.params.Bind(fhs.AbsDev, fhs.AbsDev, comp.BindWritable|comp.BindDevice)
+		state.params.Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice)
 	}
 	// /dev is mounted readonly later on, this prevents /dev/shm from going readonly with it
 	state.params.Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777)

internal/outcome/spcontainer_test.go

@@ -9,9 +9,9 @@ import (
 
 	"hakurei.app/container"
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/fhs"
 	"hakurei.app/container/seccomp"
+	"hakurei.app/container/std"
 	"hakurei.app/container/stub"
 	"hakurei.app/hst"
 	"hakurei.app/system"
@@ -65,11 +65,11 @@ func TestSpParamsOp(t *testing.T) {
 			HostAbstract:   true,
 			Path:           config.Container.Path,
 			Args:           []string{config.Container.Path.String()},
-			SeccompPresets: comp.PresetExt | comp.PresetDenyDevel | comp.PresetDenyNS | comp.PresetDenyTTY,
+			SeccompPresets: std.PresetExt | std.PresetDenyDevel | std.PresetDenyNS | std.PresetDenyTTY,
 			Uid:            1000,
 			Gid:            100,
 			Ops: new(container.Ops).
-				Root(m("/var/lib/hakurei/base/org.debian"), comp.BindWritable).
+				Root(m("/var/lib/hakurei/base/org.debian"), std.BindWritable).
 				Proc(fhs.AbsProc).Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
 				DevWritable(fhs.AbsDev, true).
 				Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777),
@@ -107,9 +107,9 @@ func TestSpParamsOp(t *testing.T) {
 			Uid:           1000,
 			Gid:           100,
 			Ops: new(container.Ops).
-				Root(m("/var/lib/hakurei/base/org.debian"), comp.BindWritable).
+				Root(m("/var/lib/hakurei/base/org.debian"), std.BindWritable).
 				Proc(fhs.AbsProc).Tmpfs(hst.AbsPrivateTmp, 1<<12, 0755).
-				Bind(fhs.AbsDev, fhs.AbsDev, comp.BindWritable|comp.BindDevice).
+				Bind(fhs.AbsDev, fhs.AbsDev, std.BindWritable|std.BindDevice).
 				Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777),
 		}, paramsWantEnv(config, map[string]string{
 			"TERM": "xterm",
@@ -425,8 +425,8 @@ func TestSpFilesystemOp(t *testing.T) {
 				Bind(
 					fhs.AbsVarLib.Append("hakurei/u0/org.chromium.Chromium"),
 					check.MustAbs("/data/data/org.chromium.Chromium"),
-					comp.BindWritable|comp.BindEnsure).
-				Bind(fhs.AbsDev.Append("dri"), fhs.AbsDev.Append("dri"), comp.BindDevice|comp.BindWritable|comp.BindOptional).
+					std.BindWritable|std.BindEnsure).
+				Bind(fhs.AbsDev.Append("dri"), fhs.AbsDev.Append("dri"), std.BindDevice|std.BindWritable|std.BindOptional).
 				Remount(fhs.AbsRoot, syscall.MS_RDONLY),
 		}, nil, nil},
 	})

internal/outcome/spdbus_test.go

@@ -80,7 +80,7 @@ func TestSpDBusOp(t *testing.T) {
 				"--broadcast=org.freedesktop.portal.*=@/org/freedesktop/portal/*",
 			)}}, nil, nil),
 		}, func() *system.I {
-			sys := system.New(panicMsgContext{}, message.NewMsg(nil), checkExpectUid)
+			sys := system.New(panicMsgContext{}, message.New(nil), checkExpectUid)
 			sys.Ephemeral(system.Process, m(wantInstancePrefix), 0711)
 			if err := sys.ProxyDBus(
 				dbus.NewConfig(config.ID, true, true), nil,
@@ -162,7 +162,7 @@ func TestSpDBusOp(t *testing.T) {
 				"--talk=org.freedesktop.UPower",
 			)}}, nil, nil),
 		}, func() *system.I {
-			sys := system.New(panicMsgContext{}, message.NewMsg(nil), checkExpectUid)
+			sys := system.New(panicMsgContext{}, message.New(nil), checkExpectUid)
 			sys.Ephemeral(system.Process, m(wantInstancePrefix), 0711)
 			if err := sys.ProxyDBus(
 				config.SessionBus, config.SystemBus,

internal/outcome/sppulse_test.go

@@ -127,10 +127,10 @@ func TestSpPulseOp(t *testing.T) {
 			call("open", stub.ExpectArgs{"/proc/nonexistent/cookie"}, &stubOsFile{Reader: bytes.NewReader(sampleCookie)}, nil),
 		}, newI().
 			// state.ensureRuntimeDir
-			Ensure(m(wantRunDirPath), 0700).
-			UpdatePermType(system.User, m(wantRunDirPath), acl.Execute).
 			Ensure(m(wantRuntimePath), 0700).
 			UpdatePermType(system.User, m(wantRuntimePath), acl.Execute).
+			Ensure(m(wantRunDirPath), 0700).
+			UpdatePermType(system.User, m(wantRunDirPath), acl.Execute).
 			// state.runtime
 			Ephemeral(system.Process, m(wantRuntimeSharePath), 0700).
 			UpdatePerm(m(wantRuntimeSharePath), acl.Execute).
@@ -159,10 +159,10 @@ func TestSpPulseOp(t *testing.T) {
 			call("open", stub.ExpectArgs{"/proc/nonexistent/cookie"}, &stubOsFile{Reader: bytes.NewReader(sampleCookie[:len(sampleCookie)-0xe])}, nil),
 		}, newI().
 			// state.ensureRuntimeDir
-			Ensure(m(wantRunDirPath), 0700).
-			UpdatePermType(system.User, m(wantRunDirPath), acl.Execute).
 			Ensure(m(wantRuntimePath), 0700).
 			UpdatePermType(system.User, m(wantRuntimePath), acl.Execute).
+			Ensure(m(wantRunDirPath), 0700).
+			UpdatePermType(system.User, m(wantRunDirPath), acl.Execute).
 			// state.runtime
 			Ephemeral(system.Process, m(wantRuntimeSharePath), 0700).
 			UpdatePerm(m(wantRuntimeSharePath), acl.Execute).
@@ -192,10 +192,10 @@ func TestSpPulseOp(t *testing.T) {
 			call("open", stub.ExpectArgs{"/proc/nonexistent/cookie"}, &stubOsFile{Reader: bytes.NewReader(sampleCookie)}, nil),
 		}, newI().
 			// state.ensureRuntimeDir
-			Ensure(m(wantRunDirPath), 0700).
-			UpdatePermType(system.User, m(wantRunDirPath), acl.Execute).
 			Ensure(m(wantRuntimePath), 0700).
 			UpdatePermType(system.User, m(wantRuntimePath), acl.Execute).
+			Ensure(m(wantRunDirPath), 0700).
+			UpdatePermType(system.User, m(wantRunDirPath), acl.Execute).
 			// state.runtime
 			Ephemeral(system.Process, m(wantRuntimeSharePath), 0700).
 			UpdatePerm(m(wantRuntimeSharePath), acl.Execute).
@@ -222,10 +222,10 @@ func TestSpPulseOp(t *testing.T) {
 			call("verbose", stub.ExpectArgs{[]any{"cannot locate PulseAudio cookie (tried $PULSE_COOKIE, $XDG_CONFIG_HOME/pulse/cookie, $HOME/.pulse-cookie)"}}, nil, nil),
 		}, newI().
 			// state.ensureRuntimeDir
-			Ensure(m(wantRunDirPath), 0700).
-			UpdatePermType(system.User, m(wantRunDirPath), acl.Execute).
 			Ensure(m(wantRuntimePath), 0700).
 			UpdatePermType(system.User, m(wantRuntimePath), acl.Execute).
+			Ensure(m(wantRunDirPath), 0700).
+			UpdatePermType(system.User, m(wantRunDirPath), acl.Execute).
 			// state.runtime
 			Ephemeral(system.Process, m(wantRuntimeSharePath), 0700).
 			UpdatePerm(m(wantRuntimeSharePath), acl.Execute).

internal/outcome/spruntime.go

@@ -4,8 +4,8 @@ import (
 	"encoding/gob"
 
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/fhs"
+	"hakurei.app/container/std"
 	"hakurei.app/hst"
 	"hakurei.app/system"
 	"hakurei.app/system/acl"
@@ -111,7 +111,7 @@ func (s *spRuntimeOp) toContainer(state *outcomeStateParams) error {
 	state.params.Tmpfs(fhs.AbsRunUser, 1<<12, 0755)
 	if state.Container.Flags&hst.FShareRuntime != 0 {
 		_, runtimeDirInst := s.commonPaths(state.outcomeState)
-		state.params.Bind(runtimeDirInst, state.runtimeDir, comp.BindWritable)
+		state.params.Bind(runtimeDirInst, state.runtimeDir, std.BindWritable)
 	} else {
 		state.params.Mkdir(state.runtimeDir, 0700)
 	}

internal/outcome/spruntime_test.go

@@ -4,8 +4,8 @@ import (
 	"testing"
 
 	"hakurei.app/container"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/fhs"
+	"hakurei.app/container/std"
 	"hakurei.app/container/stub"
 	"hakurei.app/hst"
 	"hakurei.app/system"
@@ -41,7 +41,7 @@ func TestSpRuntimeOp(t *testing.T) {
 		}, &container.Params{
 			Ops: new(container.Ops).
 				Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
-				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), comp.BindWritable),
+				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), std.BindWritable),
 		}, paramsWantEnv(config, map[string]string{
 			"XDG_RUNTIME_DIR":   "/run/user/1000",
 			"XDG_SESSION_CLASS": "user",
@@ -68,7 +68,7 @@ func TestSpRuntimeOp(t *testing.T) {
 		}, &container.Params{
 			Ops: new(container.Ops).
 				Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
-				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), comp.BindWritable),
+				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), std.BindWritable),
 		}, paramsWantEnv(config, map[string]string{
 			"XDG_RUNTIME_DIR":   "/run/user/1000",
 			"XDG_SESSION_CLASS": "user",
@@ -95,7 +95,7 @@ func TestSpRuntimeOp(t *testing.T) {
 		}, &container.Params{
 			Ops: new(container.Ops).
 				Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
-				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), comp.BindWritable),
+				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), std.BindWritable),
 		}, paramsWantEnv(config, map[string]string{
 			"XDG_RUNTIME_DIR":   "/run/user/1000",
 			"XDG_SESSION_CLASS": "user",
@@ -118,7 +118,7 @@ func TestSpRuntimeOp(t *testing.T) {
 		}, &container.Params{
 			Ops: new(container.Ops).
 				Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
-				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), comp.BindWritable),
+				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), std.BindWritable),
 		}, paramsWantEnv(config, map[string]string{
 			"XDG_RUNTIME_DIR":   "/run/user/1000",
 			"XDG_SESSION_CLASS": "user",

internal/outcome/sptmpdir.go

@@ -4,8 +4,8 @@ import (
 	"encoding/gob"
 
 	"hakurei.app/container/check"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/fhs"
+	"hakurei.app/container/std"
 	"hakurei.app/hst"
 	"hakurei.app/system"
 	"hakurei.app/system/acl"
@@ -30,7 +30,7 @@ func (s spTmpdirOp) toSystem(state *outcomeStateSys) error {
 func (s spTmpdirOp) toContainer(state *outcomeStateParams) error {
 	if state.Container.Flags&hst.FShareTmpdir != 0 {
 		_, tmpdirInst := s.commonPaths(state.outcomeState)
-		state.params.Bind(tmpdirInst, fhs.AbsTmp, comp.BindWritable)
+		state.params.Bind(tmpdirInst, fhs.AbsTmp, std.BindWritable)
 	} else {
 		state.params.Tmpfs(fhs.AbsTmp, 0, 01777)
 	}

internal/outcome/sptmpdir_test.go

@@ -4,8 +4,8 @@ import (
 	"testing"
 
 	"hakurei.app/container"
-	"hakurei.app/container/comp"
 	"hakurei.app/container/fhs"
+	"hakurei.app/container/std"
 	"hakurei.app/container/stub"
 	"hakurei.app/hst"
 	"hakurei.app/system"
@@ -28,7 +28,7 @@ func TestSpTmpdirOp(t *testing.T) {
 			// this op configures the container state and does not make calls during toContainer
 		}, &container.Params{
 			Ops: new(container.Ops).
-				Bind(m("/proc/nonexistent/tmp/hakurei.0/tmpdir/9"), fhs.AbsTmp, comp.BindWritable),
+				Bind(m("/proc/nonexistent/tmp/hakurei.0/tmpdir/9"), fhs.AbsTmp, std.BindWritable),
 		}, nil, nil},
 	})
 }

internal/outcome/spwayland_test.go

@@ -64,10 +64,10 @@ func TestSpWaylandOp(t *testing.T) {
 			call("verbose", stub.ExpectArgs{[]any{"direct wayland access, PROCEED WITH CAUTION"}}, nil, nil),
 		}, newI().
 			// state.ensureRuntimeDir
-			Ensure(m(wantRunDirPath), 0700).
-			UpdatePermType(system.User, m(wantRunDirPath), acl.Execute).
 			Ensure(m(wantRuntimePath), 0700).
 			UpdatePermType(system.User, m(wantRuntimePath), acl.Execute).
+			Ensure(m(wantRunDirPath), 0700).
+			UpdatePermType(system.User, m(wantRunDirPath), acl.Execute).
 			// toSystem
 			UpdatePermType(hst.EWayland, m("/proc/nonexistent/wayland"), acl.Read, acl.Write, acl.Execute), nil, nil, insertsOps(afterSpRuntimeOp(nil)), []stub.Call{
 			// this op configures the container state and does not make calls during toContainer

internal/outcome/spx11_test.go

@@ -60,7 +60,7 @@ func TestSpX11Op(t *testing.T) {
 			call("lookupEnv", stub.ExpectArgs{"DISPLAY"}, "unix:/tmp/.X11-unix/X0", nil),
 			call("stat", stub.ExpectArgs{"/tmp/.X11-unix/X0"}, (*stubFi)(nil), os.ErrNotExist),
 		}, newI().
-			ChangeHosts("#1000009"), nil, nil, insertsOps(nil), []stub.Call{
+			ChangeHosts("#10009"), nil, nil, insertsOps(nil), []stub.Call{
 			// this op configures the container state and does not make calls during toContainer
 		}, &container.Params{
 			Ops: new(container.Ops).
@@ -84,7 +84,7 @@ func TestSpX11Op(t *testing.T) {
 			call("stat", stub.ExpectArgs{"/tmp/.X11-unix/X0"}, (*stubFi)(nil), nil),
 		}, newI().
 			UpdatePermType(hst.EX11, m("/tmp/.X11-unix/X0"), acl.Read, acl.Write, acl.Execute).
-			ChangeHosts("#1000009"), nil, nil, insertsOps(nil), []stub.Call{
+			ChangeHosts("#10009"), nil, nil, insertsOps(nil), []stub.Call{
 			// this op configures the container state and does not make calls during toContainer
 		}, &container.Params{
 			Ops: new(container.Ops).
@@ -107,7 +107,7 @@ func TestSpX11Op(t *testing.T) {
 			call("stat", stub.ExpectArgs{"/tmp/.X11-unix/X0"}, (*stubFi)(nil), nil),
 		}, newI().
 			UpdatePermType(hst.EX11, m("/tmp/.X11-unix/X0"), acl.Read, acl.Write, acl.Execute).
-			ChangeHosts("#1000009"), nil, nil, insertsOps(nil), []stub.Call{
+			ChangeHosts("#10009"), nil, nil, insertsOps(nil), []stub.Call{
 			// this op configures the container state and does not make calls during toContainer
 		}, &container.Params{
 			Ops: new(container.Ops).

internal/state/join.go

@@ -1,64 +0,0 @@
-package state
-
-import (
-	"errors"
-	"maps"
-
-	"hakurei.app/hst"
-)
-
-var (
-	ErrDuplicate = errors.New("store contains duplicates")
-)
-
-/*
-Joiner is the interface that wraps the Join method.
-
-The Join function uses Joiner if available.
-*/
-type Joiner interface {
-	Join() (map[hst.ID]*hst.State, error)
-}
-
-// Join returns joined state entries of all active identities.
-func Join(s Store) (map[hst.ID]*hst.State, error) {
-	if j, ok := s.(Joiner); ok {
-		return j.Join()
-	}
-
-	var (
-		aids    []int
-		entries = make(map[hst.ID]*hst.State)
-
-		el      int
-		res     map[hst.ID]*hst.State
-		loadErr error
-	)
-
-	if ln, err := s.List(); err != nil {
-		return nil, err
-	} else {
-		aids = ln
-	}
-
-	for _, aid := range aids {
-		if _, err := s.Do(aid, func(c Cursor) {
-			res, loadErr = c.Load()
-		}); err != nil {
-			return nil, err
-		}
-
-		if loadErr != nil {
-			return nil, loadErr
-		}
-
-		// save expected length
-		el = len(entries) + len(res)
-		maps.Copy(entries, res)
-		if len(entries) != el {
-			return nil, ErrDuplicate
-		}
-	}
-
-	return entries, nil
-}

internal/state/segment.go

@@ -1,161 +0,0 @@
-package state
-
-import (
-	"errors"
-	"fmt"
-	"iter"
-	"os"
-	"strconv"
-	"sync"
-
-	"hakurei.app/container/check"
-	"hakurei.app/hst"
-	"hakurei.app/internal/lockedfile"
-)
-
-// stateEntryHandle is a handle on a state entry retrieved from a storeHandle.
-// Must only be used while its parent storeHandle.fileMu is held.
-type stateEntryHandle struct {
-	// Error returned while decoding pathname.
-	// A non-nil value disables stateEntryHandle.
-	decodeErr error
-
-	// Checked path to entry file.
-	pathname *check.Absolute
-
-	hst.ID
-}
-
-// open opens the underlying state entry file, returning [hst.AppError] for a non-nil error.
-func (eh *stateEntryHandle) open(flag int, perm os.FileMode) (*os.File, error) {
-	if eh.decodeErr != nil {
-		return nil, eh.decodeErr
-	}
-
-	if f, err := os.OpenFile(eh.pathname.String(), flag, perm); err != nil {
-		return nil, &hst.AppError{Step: "open state entry", Err: err}
-	} else {
-		return f, nil
-	}
-}
-
-// destroy removes the underlying state entry file, returning [hst.AppError] for a non-nil error.
-func (eh *stateEntryHandle) destroy() error {
-	// destroy does not go through open
-	if eh.decodeErr != nil {
-		return eh.decodeErr
-	}
-
-	if err := os.Remove(eh.pathname.String()); err != nil {
-		return &hst.AppError{Step: "destroy state entry", Err: err}
-	}
-	return nil
-}
-
-// save encodes [hst.State] and writes it to the underlying file.
-// An error is returned if a file already exists with the same identifier.
-// save does not validate the embedded [hst.Config].
-func (eh *stateEntryHandle) save(state *hst.State) error {
-	f, err := eh.open(os.O_RDWR|os.O_CREATE|os.O_EXCL, 0600)
-	if err != nil {
-		return err
-	}
-
-	err = entryEncode(f, state)
-	if closeErr := f.Close(); closeErr != nil && err == nil {
-		err = &hst.AppError{Step: "close state file", Err: closeErr}
-	}
-	return err
-}
-
-// load loads and validates the state entry header, and returns the [hst.Enablement] byte.
-// for a non-nil v, the full state payload is decoded and stored in the value pointed to by v.
-// load validates the embedded hst.Config value.
-func (eh *stateEntryHandle) load(v *hst.State) (hst.Enablement, error) {
-	f, err := eh.open(os.O_RDONLY, 0)
-	if err != nil {
-		return 0, err
-	}
-
-	var et hst.Enablement
-	if v != nil {
-		et, err = entryDecode(f, v)
-		if err == nil && v.ID != eh.ID {
-			err = &hst.AppError{Step: "validate state identifier", Err: os.ErrInvalid,
-				Msg: fmt.Sprintf("state entry %s has unexpected id %s", eh.ID.String(), v.ID.String())}
-		}
-	} else {
-		et, err = entryDecodeHeader(f)
-	}
-
-	if closeErr := f.Close(); closeErr != nil && err == nil {
-		err = &hst.AppError{Step: "close state file", Err: closeErr}
-	}
-	return et, err
-}
-
-// storeHandle is a handle on a stateStore segment.
-// Initialised by stateStore.identityHandle.
-type storeHandle struct {
-	// Identity of instances tracked by this segment.
-	identity int
-	// Pathname of directory that the segment referred to by storeHandle is rooted in.
-	path *check.Absolute
-	// Inter-process mutex to synchronise operations against resources in this segment.
-	fileMu *lockedfile.Mutex
-
-	// Must be held alongside fileMu.
-	mu sync.Mutex
-}
-
-// entries returns an iterator over all stateEntryHandle held in this segment.
-// Must be called while holding a lock on mu and fileMu.
-// A non-nil error attached to a stateEntryHandle indicates a malformed identifier and is of type [hst.AppError].
-// A non-nil error returned by entries is of type [hst.AppError].
-func (h *storeHandle) entries() (iter.Seq[*stateEntryHandle], int, error) {
-	// for error reporting
-	const step = "read store segment entries"
-
-	// read directory contents, should only contain storeMutexName and identifier
-	var entries []os.DirEntry
-	if pl, err := os.ReadDir(h.path.String()); err != nil {
-		return nil, -1, &hst.AppError{Step: step, Err: err}
-	} else {
-		entries = pl
-	}
-
-	// expects lock file
-	l := len(entries)
-	if l > 0 {
-		l--
-	}
-
-	return func(yield func(*stateEntryHandle) bool) {
-		for _, ent := range entries {
-			var eh = stateEntryHandle{pathname: h.path.Append(ent.Name())}
-
-			// this should never happen
-			if ent.IsDir() {
-				eh.decodeErr = &hst.AppError{Step: step,
-					Err: errors.New("unexpected directory " + strconv.Quote(ent.Name()) + " in store")}
-				goto out
-			}
-
-			// silently skip lock file
-			if ent.Name() == storeMutexName {
-				continue
-			}
-
-			// this either indicates a serious bug or external interference
-			if err := eh.ID.UnmarshalText([]byte(ent.Name())); err != nil {
-				eh.decodeErr = &hst.AppError{Step: "decode store segment entry", Err: err}
-				goto out
-			}
-
-		out:
-			if !yield(&eh) {
-				break
-			}
-		}
-	}, l, nil
-}

internal/state/state.go

@@ -1,131 +0,0 @@
-// Package state provides cross-process state tracking for hakurei container instances.
-package state
-
-import (
-	"strconv"
-
-	"hakurei.app/container/check"
-	"hakurei.app/hst"
-	"hakurei.app/message"
-)
-
-/* this provides an implementation of Store on top of the improved state tracking to ease in the changes */
-
-type Store interface {
-	// Do calls f exactly once and ensures store exclusivity until f returns.
-	// Returns whether f is called and any errors during the locking process.
-	// Cursor provided to f becomes invalid as soon as f returns.
-	Do(identity int, f func(c Cursor)) (ok bool, err error)
-
-	// List queries the store and returns a list of identities known to the store.
-	// Note that some or all returned identities might not have any active apps.
-	List() (identities []int, err error)
-}
-
-func (s *stateStore) Do(identity int, f func(c Cursor)) (bool, error) {
-	if h, err := s.identityHandle(identity); err != nil {
-		return false, err
-	} else {
-		return h.do(f)
-	}
-}
-
-// storeAdapter satisfies [Store] via stateStore.
-type storeAdapter struct {
-	msg message.Msg
-	*stateStore
-}
-
-func (s storeAdapter) List() ([]int, error) {
-	segments, n, err := s.segments()
-	if err != nil {
-		return nil, err
-	}
-
-	identities := make([]int, 0, n)
-	for si := range segments {
-		if si.err != nil {
-			if m, ok := message.GetMessage(err); ok {
-				s.msg.Verbose(m)
-			} else {
-				// unreachable
-				return nil, err
-			}
-			continue
-		}
-		identities = append(identities, si.identity)
-	}
-	return identities, nil
-}
-
-// NewMulti returns an instance of the multi-file store.
-func NewMulti(msg message.Msg, prefix *check.Absolute) Store {
-	return storeAdapter{msg, newStore(prefix.Append("state"))}
-}
-
-// Cursor provides access to the store of an identity.
-type Cursor interface {
-	Save(state *hst.State) error
-	Destroy(id hst.ID) error
-	Load() (map[hst.ID]*hst.State, error)
-	Len() (int, error)
-}
-
-// do implements stateStore.Do on storeHandle.
-func (h *storeHandle) do(f func(c Cursor)) (bool, error) {
-	if unlock, err := h.fileMu.Lock(); err != nil {
-		return false, &hst.AppError{Step: "acquire lock on store segment " + strconv.Itoa(h.identity), Err: err}
-	} else {
-		defer unlock()
-	}
-
-	f(h)
-	return true, nil
-}
-
-/* these compatibility methods must only be called while fileMu is held */
-
-func (h *storeHandle) Save(state *hst.State) error {
-	return (&stateEntryHandle{nil, h.path.Append(state.ID.String()), state.ID}).save(state)
-}
-
-func (h *storeHandle) Destroy(id hst.ID) error {
-	return (&stateEntryHandle{nil, h.path.Append(id.String()), id}).destroy()
-}
-
-func (h *storeHandle) Load() (map[hst.ID]*hst.State, error) {
-	entries, n, err := h.entries()
-	if err != nil {
-		return nil, err
-	}
-
-	r := make(map[hst.ID]*hst.State, n)
-	for eh := range entries {
-		if eh.decodeErr != nil {
-			err = eh.decodeErr
-			break
-		}
-		var s hst.State
-		if _, err = eh.load(&s); err != nil {
-			break
-		}
-		r[eh.ID] = &s
-	}
-	return r, err
-}
-
-func (h *storeHandle) Len() (int, error) {
-	entries, _, err := h.entries()
-	if err != nil {
-		return -1, err
-	}
-
-	var n int
-	for eh := range entries {
-		if eh.decodeErr != nil {
-			err = eh.decodeErr
-		}
-		n++
-	}
-	return n, err
-}

internal/state/state_test.go

@@ -1,120 +0,0 @@
-package state_test
-
-import (
-	"log"
-	"math/rand"
-	"reflect"
-	"slices"
-	"testing"
-	"time"
-
-	"hakurei.app/container/check"
-	"hakurei.app/hst"
-	"hakurei.app/internal/state"
-	"hakurei.app/message"
-)
-
-func TestMulti(t *testing.T) {
-	s := state.NewMulti(message.NewMsg(log.New(log.Writer(), "multi: ", 0)), check.MustAbs(t.TempDir()))
-
-	t.Run("list empty store", func(t *testing.T) {
-		if identities, err := s.List(); err != nil {
-			t.Fatalf("List: error = %v", err)
-		} else if len(identities) != 0 {
-			t.Fatalf("List: identities = %#v", identities)
-		}
-	})
-
-	const (
-		insertEntryChecked = iota
-		insertEntryNoCheck
-		insertEntryOtherApp
-
-		tl
-	)
-
-	var tc [tl]hst.State
-	for i := 0; i < tl; i++ {
-		if err := hst.NewInstanceID(&tc[i].ID); err != nil {
-			t.Fatalf("cannot create dummy state: %v", err)
-		}
-		tc[i].PID = rand.Int()
-		tc[i].Config = hst.Template()
-		tc[i].Time = time.Now()
-	}
-
-	do := func(identity int, f func(c state.Cursor)) {
-		if ok, err := s.Do(identity, f); err != nil {
-			t.Fatalf("Do: ok = %v, error = %v", ok, err)
-		}
-	}
-
-	insert := func(i, identity int) {
-		do(identity, func(c state.Cursor) {
-			if err := c.Save(&tc[i]); err != nil {
-				t.Fatalf("Save: error = %v", err)
-			}
-		})
-	}
-
-	check := func(i, identity int) {
-		do(identity, func(c state.Cursor) {
-			if entries, err := c.Load(); err != nil {
-				t.Fatalf("Load: error = %v", err)
-			} else if got, ok := entries[tc[i].ID]; !ok {
-				t.Fatalf("Load: entry %s missing", &tc[i].ID)
-			} else {
-				got.Time = tc[i].Time
-				if !reflect.DeepEqual(got, &tc[i]) {
-					t.Fatalf("Load: entry %s got %#v, want %#v", &tc[i].ID, got, &tc[i])
-				}
-			}
-		})
-	}
-
-	// insert entry checked
-	insert(insertEntryChecked, 0)
-	check(insertEntryChecked, 0)
-
-	// insert entry unchecked
-	insert(insertEntryNoCheck, 0)
-
-	// insert entry different identity
-	insert(insertEntryOtherApp, 1)
-	check(insertEntryOtherApp, 1)
-
-	// check previous insertion
-	check(insertEntryNoCheck, 0)
-
-	// list identities
-	if identities, err := s.List(); err != nil {
-		t.Fatalf("List: error = %v", err)
-	} else {
-		slices.Sort(identities)
-		want := []int{0, 1}
-		if !slices.Equal(identities, want) {
-			t.Fatalf("List() = %#v, want %#v", identities, want)
-		}
-	}
-
-	// join store
-	if entries, err := state.Join(s); err != nil {
-		t.Fatalf("Join: error = %v", err)
-	} else if len(entries) != 3 {
-		t.Fatalf("Join(s) = %#v", entries)
-	}
-
-	// clear identity 1
-	do(1, func(c state.Cursor) {
-		if err := c.Destroy(tc[insertEntryOtherApp].ID); err != nil {
-			t.Fatalf("Destroy: error = %v", err)
-		}
-	})
-	do(1, func(c state.Cursor) {
-		if l, err := c.Len(); err != nil {
-			t.Fatalf("Len: error = %v", err)
-		} else if l != 0 {
-			t.Fatalf("Len: %d, want 0", l)
-		}
-	})
-}

internal/state/store.go

@@ -1,162 +0,0 @@
-package state
-
-import (
-	"errors"
-	"io/fs"
-	"iter"
-	"os"
-	"strconv"
-	"sync"
-	"syscall"
-
-	"hakurei.app/container/check"
-	"hakurei.app/hst"
-	"hakurei.app/internal/lockedfile"
-)
-
-// storeMutexName is the pathname of the file backing [lockedfile.Mutex] of a stateStore and storeHandle.
-const storeMutexName = "lock"
-
-// A stateStore keeps track of [hst.State] via a well-known filesystem accessible to all hakurei priv-side processes.
-// Access to store data and related resources are synchronised on a per-segment basis via storeHandle.
-type stateStore struct {
-	// Pathname of directory that the store is rooted in.
-	base *check.Absolute
-
-	// All currently known instances of storeHandle, keyed by their identity.
-	handles sync.Map
-
-	// Inter-process mutex to synchronise operations against the entire store.
-	// Held during List and when initialising previously unknown identities during Do.
-	// Must not be accessed directly. Callers should use the bigLock method instead.
-	fileMu *lockedfile.Mutex
-
-	// For creating the base directory.
-	mkdirOnce sync.Once
-	// Stored error value via mkdirOnce.
-	mkdirErr error
-}
-
-// bigLock acquires fileMu on stateStore.
-// A non-nil error returned by bigLock is of type [hst.AppError].
-func (s *stateStore) bigLock() (unlock func(), err error) {
-	s.mkdirOnce.Do(func() { s.mkdirErr = os.MkdirAll(s.base.String(), 0700) })
-	if s.mkdirErr != nil {
-		return nil, &hst.AppError{Step: "create state store directory", Err: s.mkdirErr}
-	}
-
-	if unlock, err = s.fileMu.Lock(); err != nil {
-		return nil, &hst.AppError{Step: "acquire lock on the state store", Err: err}
-	}
-	return
-}
-
-// identityHandle loads or initialises a storeHandle for identity.
-// A non-nil error returned by identityHandle is of type [hst.AppError].
-func (s *stateStore) identityHandle(identity int) (*storeHandle, error) {
-	h := new(storeHandle)
-	h.mu.Lock()
-
-	if v, ok := s.handles.LoadOrStore(identity, h); ok {
-		h = v.(*storeHandle)
-	} else {
-		// acquire big lock to initialise previously unknown segment handle
-		if unlock, err := s.bigLock(); err != nil {
-			return nil, err
-		} else {
-			defer unlock()
-		}
-
-		h.identity = identity
-		h.path = s.base.Append(strconv.Itoa(identity))
-		h.fileMu = lockedfile.MutexAt(h.path.Append(storeMutexName).String())
-
-		err := os.MkdirAll(h.path.String(), 0700)
-		h.mu.Unlock()
-		if err != nil && !errors.Is(err, fs.ErrExist) {
-			// handle methods will likely return ENOENT
-			s.handles.CompareAndDelete(identity, h)
-			return nil, &hst.AppError{Step: "create store segment directory", Err: err}
-		}
-	}
-	return h, nil
-}
-
-// segmentIdentity is produced by the iterator returned by stateStore.segments.
-type segmentIdentity struct {
-	// Identity of the current segment.
-	identity int
-	// Error encountered while processing this segment.
-	err error
-}
-
-// segments returns an iterator over all segmentIdentity known to the store.
-// To obtain a storeHandle on a segment, caller must then call identityHandle.
-// A non-nil error returned by segments is of type [hst.AppError].
-func (s *stateStore) segments() (iter.Seq[segmentIdentity], int, error) {
-	// read directory contents, should only contain storeMutexName and identity
-	var entries []os.DirEntry
-
-	// acquire big lock to read store segment list
-	if unlock, err := s.bigLock(); err != nil {
-		return nil, -1, err
-	} else {
-		entries, err = os.ReadDir(s.base.String())
-		unlock()
-
-		if err != nil && !errors.Is(err, os.ErrNotExist) {
-			return nil, -1, &hst.AppError{Step: "read store segments", Err: err}
-		}
-	}
-
-	// expects lock file
-	l := len(entries)
-	if l > 0 {
-		l--
-	}
-
-	return func(yield func(segmentIdentity) bool) {
-		// for error reporting
-		const step = "process store segment"
-
-		for _, ent := range entries {
-			si := segmentIdentity{identity: -1}
-
-			// should only be the big lock
-			if !ent.IsDir() {
-				if ent.Name() == storeMutexName {
-					continue
-				}
-
-				// this should never happen
-				si.err = &hst.AppError{Step: step, Err: syscall.EISDIR,
-					Msg: "skipped non-directory entry " + strconv.Quote(ent.Name())}
-				goto out
-			}
-
-			// failure paths either indicates a serious bug or external interference
-			if v, err := strconv.Atoi(ent.Name()); err != nil {
-				si.err = &hst.AppError{Step: step, Err: err,
-					Msg: "skipped non-identity entry " + strconv.Quote(ent.Name())}
-				goto out
-			} else if v < hst.IdentityMin || v > hst.IdentityMax {
-				si.err = &hst.AppError{Step: step, Err: syscall.ERANGE,
-					Msg: "skipped out of bounds entry " + strconv.Itoa(v)}
-				goto out
-			} else {
-				si.identity = v
-			}
-
-		out:
-			if !yield(si) {
-				break
-			}
-		}
-	}, l, nil
-}
-
-// newStore returns the address of a new instance of stateStore.
-// Multiple instances of stateStore rooted in the same directory is supported, but discouraged.
-func newStore(base *check.Absolute) *stateStore {
-	return &stateStore{base: base, fileMu: lockedfile.MutexAt(base.Append(storeMutexName).String())}
-}

internal/state/store_test.go

@@ -1,254 +0,0 @@
-package state
-
-import (
-	"cmp"
-	"iter"
-	"os"
-	"reflect"
-	"slices"
-	"strconv"
-	"strings"
-	"syscall"
-	"testing"
-
-	"hakurei.app/container/check"
-	"hakurei.app/hst"
-)
-
-func TestStateStoreBigLock(t *testing.T) {
-	t.Parallel()
-
-	{
-		s := newStore(check.MustAbs(t.TempDir()).Append("state"))
-		for i := 0; i < 2; i++ { // check once behaviour
-			if unlock, err := s.bigLock(); err != nil {
-				t.Fatalf("bigLock: error = %v", err)
-			} else {
-				unlock()
-			}
-		}
-	}
-
-	t.Run("mkdir", func(t *testing.T) {
-		t.Parallel()
-
-		wantErr := &hst.AppError{Step: "create state store directory",
-			Err: &os.PathError{Op: "mkdir", Path: "/proc/nonexistent", Err: syscall.ENOENT}}
-		for i := 0; i < 2; i++ { // check once behaviour
-			if _, err := newStore(check.MustAbs("/proc/nonexistent")).bigLock(); !reflect.DeepEqual(err, wantErr) {
-				t.Errorf("bigLock: error = %#v, want %#v", err, wantErr)
-			}
-		}
-	})
-
-	t.Run("access", func(t *testing.T) {
-		t.Parallel()
-
-		base := check.MustAbs(t.TempDir()).Append("inaccessible")
-		if err := os.MkdirAll(base.String(), 0); err != nil {
-			t.Fatal(err.Error())
-		}
-
-		wantErr := &hst.AppError{Step: "acquire lock on the state store",
-			Err: &os.PathError{Op: "open", Path: base.Append(storeMutexName).String(), Err: syscall.EACCES}}
-		if _, err := newStore(base).bigLock(); !reflect.DeepEqual(err, wantErr) {
-			t.Errorf("bigLock: error = %#v, want %#v", err, wantErr)
-		}
-	})
-}
-
-func TestStateStoreIdentityHandle(t *testing.T) {
-	t.Parallel()
-
-	t.Run("loadstore", func(t *testing.T) {
-		t.Parallel()
-
-		s := newStore(check.MustAbs(t.TempDir()).Append("store"))
-
-		var handleAddr [8]*storeHandle
-		checkHandle := func(identity int, load bool) {
-			if h, err := s.identityHandle(identity); err != nil {
-				t.Fatalf("identityHandle: error = %v", err)
-			} else if load != (handleAddr[identity] != nil) {
-				t.Fatalf("identityHandle: load = %v, want %v", load, handleAddr[identity] != nil)
-			} else if !load {
-				handleAddr[identity] = h
-
-				if h.identity != identity {
-					t.Errorf("identityHandle: identity = %d, want %d", h.identity, identity)
-				}
-			} else if h != handleAddr[identity] {
-				t.Fatalf("identityHandle: %p, want %p", h, handleAddr[identity])
-			}
-		}
-
-		checkHandle(0, false)
-		checkHandle(1, false)
-		checkHandle(2, false)
-		checkHandle(3, false)
-		checkHandle(7, false)
-		checkHandle(7, true)
-		checkHandle(2, true)
-		checkHandle(1, true)
-		checkHandle(2, true)
-		checkHandle(0, true)
-	})
-
-	t.Run("access", func(t *testing.T) {
-		t.Parallel()
-
-		base := check.MustAbs(t.TempDir()).Append("inaccessible")
-		if err := os.MkdirAll(base.String(), 0); err != nil {
-			t.Fatal(err.Error())
-		}
-
-		wantErr := &hst.AppError{Step: "acquire lock on the state store",
-			Err: &os.PathError{Op: "open", Path: base.Append(storeMutexName).String(), Err: syscall.EACCES}}
-		if _, err := newStore(base).identityHandle(0); !reflect.DeepEqual(err, wantErr) {
-			t.Errorf("identityHandle: error = %#v, want %#v", err, wantErr)
-		}
-	})
-
-	t.Run("access segment", func(t *testing.T) {
-		t.Parallel()
-
-		base := check.MustAbs(t.TempDir()).Append("inaccessible")
-		if err := os.MkdirAll(base.String(), 0700); err != nil {
-			t.Fatal(err.Error())
-		}
-		if f, err := os.Create(base.Append(storeMutexName).String()); err != nil {
-			t.Fatal(err.Error())
-		} else if err = f.Close(); err != nil {
-			t.Fatal(err.Error())
-		}
-		if err := os.Chmod(base.String(), 0100); err != nil {
-			t.Fatal(err.Error())
-		}
-		t.Cleanup(func() {
-			if err := os.Chmod(base.String(), 0700); err != nil {
-				t.Fatal(err.Error())
-			}
-		})
-
-		wantErr := &hst.AppError{Step: "create store segment directory",
-			Err: &os.PathError{Op: "mkdir", Path: base.Append("0").String(), Err: syscall.EACCES}}
-		if _, err := newStore(base).identityHandle(0); !reflect.DeepEqual(err, wantErr) {
-			t.Errorf("identityHandle: error = %#v, want %#v", err, wantErr)
-		}
-	})
-}
-
-func TestStateStoreSegments(t *testing.T) {
-	t.Parallel()
-
-	testCases := []struct {
-		name string
-		ents [2][]string
-		want []segmentIdentity
-		ext  func(t *testing.T, segments iter.Seq[segmentIdentity], n int)
-	}{
-		{"errors", [2][]string{{
-			"f0-invalid-file",
-		}, {
-			"f1-invalid-syntax",
-			"9999",
-			"16384",
-		}}, []segmentIdentity{
-			{-1, &hst.AppError{Step: "process store segment", Err: syscall.EISDIR,
-				Msg: `skipped non-directory entry "f0-invalid-file"`}},
-			{-1, &hst.AppError{Step: "process store segment", Err: syscall.ERANGE,
-				Msg: `skipped out of bounds entry 16384`}},
-			{-1, &hst.AppError{Step: "process store segment",
-				Err: &strconv.NumError{Func: "Atoi", Num: "f1-invalid-syntax", Err: strconv.ErrSyntax},
-				Msg: `skipped non-identity entry "f1-invalid-syntax"`}},
-			{9999, nil},
-		}, nil},
-
-		{"success", [2][]string{{
-			"lock",
-		}, {
-			"0",
-			"1",
-			"2",
-			"3",
-			"4",
-			"5",
-			"6",
-			"7",
-			"9",
-			"13",
-			"20",
-			"31",
-			"197",
-		}}, []segmentIdentity{
-			{0, nil},
-			{1, nil},
-			{2, nil},
-			{3, nil},
-			{4, nil},
-			{5, nil},
-			{6, nil},
-			{7, nil},
-			{9, nil},
-			{13, nil},
-			{20, nil},
-			{31, nil},
-			{197, nil},
-		}, func(t *testing.T, segments iter.Seq[segmentIdentity], n int) {
-			if n != 13 {
-				t.Fatalf("segments: n = %d", n)
-			}
-
-			// check partial drain
-			for range segments {
-				break
-			}
-		}},
-	}
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-
-			base := check.MustAbs(t.TempDir()).Append("store")
-			if err := os.Mkdir(base.String(), 0700); err != nil {
-				t.Fatal(err.Error())
-			}
-			createEntries(t, base, tc.ents)
-
-			var got []segmentIdentity
-			if segments, n, err := newStore(base).segments(); err != nil {
-				t.Fatalf("segments: error = %v", err)
-			} else {
-				got = slices.AppendSeq(make([]segmentIdentity, 0, n), segments)
-				if tc.ext != nil {
-					tc.ext(t, segments, n)
-				}
-			}
-
-			slices.SortFunc(got, func(a, b segmentIdentity) int {
-				if a.identity == b.identity {
-					return strings.Compare(a.err.Error(), b.err.Error())
-				}
-				return cmp.Compare(a.identity, b.identity)
-			})
-			if !reflect.DeepEqual(got, tc.want) {
-				t.Errorf("segments: %#v, want %#v", got, tc.want)
-			}
-		})
-	}
-
-	t.Run("access", func(t *testing.T) {
-		t.Parallel()
-
-		base := check.MustAbs(t.TempDir()).Append("inaccessible")
-		if err := os.MkdirAll(base.String(), 0); err != nil {
-			t.Fatal(err.Error())
-		}
-
-		wantErr := &hst.AppError{Step: "acquire lock on the state store",
-			Err: &os.PathError{Op: "open", Path: base.Append(storeMutexName).String(), Err: syscall.EACCES}}
-		if _, _, err := newStore(base).segments(); !reflect.DeepEqual(err, wantErr) {
-			t.Errorf("segments: error = %#v, want %#v", err, wantErr)
-		}
-	})
-}

internal/store/data.go

@@ -1,4 +1,4 @@
-package state
+package store
 
 import (
 	"encoding/gob"

internal/store/data_test.go

@@ -1,4 +1,4 @@
-package state
+package store
 
 import (
 	"bytes"
@@ -127,8 +127,8 @@ func TestEntryData(t *testing.T) {
 func newTemplateState() *hst.State {
 	return &hst.State{
 		ID:      hst.ID(bytes.Repeat([]byte{0xaa}, len(hst.ID{}))),
-		PID:     0xcafebabe,
-		ShimPID: 0xdeadbeef,
+		PID:     0xcafe,
+		ShimPID: 0xdead,
 		Config:  hst.Template(),
 		Time:    time.Unix(0, 0),
 	}

internal/store/header.go

@@ -1,4 +1,4 @@
-package state
+package store
 
 import (
 	"encoding/hex"

internal/store/header_test.go

@@ -1,4 +1,4 @@
-package state
+package store
 
 import (
 	"bytes"