rosa/hakurei
6
4
Fork 2
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 19 Wiki Activity

Compare commits

base: rosa/hakurei:faea1f4bd607263c59af8f228c97e9406ba482a7
Branches Tags
rosa/hakurei:master rosa/hakurei:staging rosa/hakurei:develop
rosa/hakurei:v0.4.3 rosa/hakurei:v0.4.2 rosa/hakurei:v0.4.1 rosa/hakurei:v0.4.0 rosa/hakurei:v0.3.7 rosa/hakurei:v0.3.6 rosa/hakurei:v0.3.5 rosa/hakurei:v0.3.4 rosa/hakurei:v0.3.3 rosa/hakurei:v0.3.2 rosa/hakurei:v0.3.1 rosa/hakurei:v0.3.0 rosa/hakurei:v0.2.2 rosa/hakurei:v0.2.1 rosa/hakurei:v0.2.0 rosa/hakurei:v0.1.3 rosa/hakurei:v0.1.2 rosa/hakurei:v0.1.1 rosa/hakurei:v0.1.0
...
compare: rosa/hakurei:6cdb6a652b63b3a481c602ee603ab9a9d849c7c1
Branches Tags
rosa/hakurei:staging rosa/hakurei:develop rosa/hakurei:master
rosa/hakurei:v0.4.3 rosa/hakurei:v0.4.2 rosa/hakurei:v0.4.1 rosa/hakurei:v0.4.0 rosa/hakurei:v0.3.7 rosa/hakurei:v0.3.6 rosa/hakurei:v0.3.5 rosa/hakurei:v0.3.4 rosa/hakurei:v0.3.3 rosa/hakurei:v0.3.2 rosa/hakurei:v0.3.1 rosa/hakurei:v0.3.0 rosa/hakurei:v0.2.2 rosa/hakurei:v0.2.1 rosa/hakurei:v0.2.0 rosa/hakurei:v0.1.3 rosa/hakurei:v0.1.2 rosa/hakurei:v0.1.1 rosa/hakurei:v0.1.0

12 Commits
faea1f4bd6 ... 6cdb6a652b

Author SHA1 Message Date
cat 6cdb6a652b internal/rosa/gtk: glib 2.87.5 to 2.88.0
Test / Create distribution (push) Successful in 36s
Details
Test / ShareFS (push) Successful in 41s
Details
Test / Sandbox (push) Successful in 48s
Details
Test / Sandbox (race detector) (push) Successful in 47s
Details
Test / Hakurei (push) Successful in 52s
Details
Test / Hakurei (race detector) (push) Successful in 2m0s
Details
Test / Flake checks (push) Successful in 1m21s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 20:58:39 +09:00
cat 7c932cbceb internal/rosa: strace artifact
Test / Create distribution (push) Successful in 1m2s
Details
Test / Sandbox (push) Successful in 3m1s
Details
Test / ShareFS (push) Successful in 4m49s
Details
Test / Hakurei (push) Successful in 5m37s
Details
Test / Sandbox (race detector) (push) Successful in 5m35s
Details
Test / Hakurei (race detector) (push) Successful in 8m36s
Details
Test / Flake checks (push) Successful in 1m21s
Details 
This is not part of the system, but a useful development tool. The test suite is quite broken but that is considered acceptable for now.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 20:40:17 +09:00
cat 20ebddd9bf internal/rosa: export source kind
Test / Create distribution (push) Successful in 1m2s
Details
Test / Sandbox (push) Successful in 3m3s
Details
Test / ShareFS (push) Successful in 4m53s
Details
Test / Hakurei (push) Successful in 5m30s
Details
Test / Sandbox (race detector) (push) Successful in 5m28s
Details
Test / Hakurei (race detector) (push) Successful in 7m57s
Details
Test / Flake checks (push) Successful in 1m22s
Details 
This is set for an exported field, so export the constants as well.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 20:09:44 +09:00
cat 420c721c7d all: raise timeout defaults
Test / Create distribution (push) Successful in 1m47s
Details
Test / Sandbox (push) Successful in 12m48s
Details
Test / Sandbox (race detector) (push) Successful in 14m31s
Details
Test / Hakurei (push) Successful in 15m26s
Details
Test / Hakurei (race detector) (push) Successful in 16m51s
Details
Test / ShareFS (push) Successful in 38s
Details
Test / Flake checks (push) Successful in 1m21s
Details 
This avoids timing out on systems running very slowly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 17:04:06 +09:00
cat bac583f89e internal/stub: move from container
Test / Create distribution (push) Successful in 1m2s
Details
Test / Sandbox (push) Successful in 2m40s
Details
Test / Hakurei (push) Successful in 3m39s
Details
Test / ShareFS (push) Successful in 3m39s
Details
Test / Sandbox (race detector) (push) Successful in 5m4s
Details
Test / Hakurei (race detector) (push) Successful in 6m8s
Details
Test / Flake checks (push) Successful in 1m19s
Details 
This package solves a very specific stubbing use case, in a less than elegant manner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 16:09:14 +09:00
cat 722989c682 fhs: move from container
Test / Create distribution (push) Successful in 1m2s
Details
Test / Sandbox (push) Successful in 2m41s
Details
Test / Hakurei (push) Successful in 3m40s
Details
Test / ShareFS (push) Successful in 3m42s
Details
Test / Sandbox (race detector) (push) Successful in 5m10s
Details
Test / Hakurei (race detector) (push) Successful in 6m10s
Details
Test / Flake checks (push) Successful in 1m23s
Details 
This package is not container-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:56:36 +09:00
cat b852402f67 ext: move syscall wrappers from container
Test / Create distribution (push) Successful in 1m2s
Details
Test / Sandbox (push) Successful in 2m36s
Details
Test / Hakurei (push) Successful in 3m42s
Details
Test / ShareFS (push) Successful in 3m43s
Details
Test / Sandbox (race detector) (push) Successful in 5m3s
Details
Test / Hakurei (race detector) (push) Successful in 6m11s
Details
Test / Flake checks (push) Successful in 1m30s
Details 
These are generally useful, and none of them are container-specific. Syscalls subtle to use and requiring container-specific setup remains in container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:48:40 +09:00
cat 6d015a949e check: move from container
Test / Create distribution (push) Successful in 1m1s
Details
Test / Sandbox (push) Successful in 2m45s
Details
Test / Hakurei (push) Successful in 3m41s
Details
Test / ShareFS (push) Successful in 3m43s
Details
Test / Sandbox (race detector) (push) Successful in 5m5s
Details
Test / Hakurei (race detector) (push) Successful in 6m11s
Details
Test / Flake checks (push) Successful in 1m22s
Details 
This package is not container specific, and widely used across the project.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:39:03 +09:00
cat e9a72490db vfs: move from container
Test / Create distribution (push) Successful in 1m2s
Details
Test / Sandbox (push) Successful in 2m39s
Details
Test / Hakurei (push) Successful in 3m43s
Details
Test / ShareFS (push) Successful in 3m44s
Details
Test / Sandbox (race detector) (push) Successful in 5m3s
Details
Test / Hakurei (race detector) (push) Successful in 6m7s
Details
Test / Flake checks (push) Successful in 1m21s
Details 
This package is not container-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:30:30 +09:00
cat 0a12d456ce container: set CLOEXEC via close_range
Test / Create distribution (push) Successful in 1m2s
Details
Test / Sandbox (push) Successful in 2m44s
Details
Test / Hakurei (push) Successful in 3m42s
Details
Test / ShareFS (push) Successful in 3m46s
Details
Test / Sandbox (race detector) (push) Successful in 5m1s
Details
Test / Hakurei (race detector) (push) Successful in 6m7s
Details
Test / Flake checks (push) Successful in 1m23s
Details 
This is guarded behind the close_range build tag for now.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 14:19:00 +09:00
cat d1fc1a3db7 ext: wrap close_range syscall
Test / Create distribution (push) Successful in 1m3s
Details
Test / Sandbox (push) Successful in 2m48s
Details
Test / Hakurei (push) Successful in 3m38s
Details
Test / ShareFS (push) Successful in 3m41s
Details
Test / Sandbox (race detector) (push) Successful in 5m6s
Details
Test / Hakurei (race detector) (push) Successful in 6m10s
Details
Test / Flake checks (push) Successful in 1m17s
Details 
This is useful for container when called with CLOSE_RANGE_CLOEXEC.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 14:15:16 +09:00
cat 1c2d5f6b57 ext: integer limit values
Test / Create distribution (push) Successful in 1m1s
Details
Test / Sandbox (push) Successful in 2m37s
Details
Test / Hakurei (push) Successful in 3m36s
Details
Test / ShareFS (push) Successful in 3m44s
Details
Test / Sandbox (race detector) (push) Successful in 4m58s
Details
Test / Hakurei (race detector) (push) Successful in 54s
Details
Test / Flake checks (push) Successful in 1m23s
Details 
For portably using C integers without cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 14:09:38 +09:00
179 changed files with 491 additions and 346 deletions
Expand all files Collapse all files
container/check/absolute.go → check/absolute.go
View File
container/check/absolute_test.go → check/absolute_test.go
+2 -2
View File
@@ -11,12 +11,12 @@ import (
"testing" "testing"
_ "unsafe" // for go:linkname _ "unsafe" // for go:linkname
. "hakurei.app/container/check" . "hakurei.app/check"
) )
// unsafeAbs returns check.Absolute on any string value. // unsafeAbs returns check.Absolute on any string value.
// //
//go:linkname unsafeAbs hakurei.app/container/check.unsafeAbs //go:linkname unsafeAbs hakurei.app/check.unsafeAbs
func unsafeAbs(pathname string) *Absolute func unsafeAbs(pathname string) *Absolute
func TestAbsoluteError(t *testing.T) { func TestAbsoluteError(t *testing.T) {
container/check/overlay.go → check/overlay.go
View File
container/check/overlay_test.go → check/overlay_test.go
+1 -1
View File
@@ -3,7 +3,7 @@ package check_test
import ( import (
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
) )
func TestEscapeOverlayDataSegment(t *testing.T) { func TestEscapeOverlayDataSegment(t *testing.T) {
cmd/hakurei/command.go
+2 -2
View File
@@ -13,10 +13,10 @@ import (
"time" "time"
_ "unsafe" // for go:linkname _ "unsafe" // for go:linkname
"hakurei.app/check"
"hakurei.app/command" "hakurei.app/command"
"hakurei.app/container/check"
"hakurei.app/container/fhs"
"hakurei.app/ext" "hakurei.app/ext"
"hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/dbus" "hakurei.app/internal/dbus"
"hakurei.app/internal/env" "hakurei.app/internal/env"
cmd/hakurei/json_test.go
+1 -1
View File
@@ -5,7 +5,7 @@ import (
"strings" "strings"
"testing" "testing"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestDecodeJSON(t *testing.T) { func TestDecodeJSON(t *testing.T) {
cmd/hakurei/main.go
+3 -2
View File
@@ -13,6 +13,7 @@ import (
"syscall" "syscall"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/ext"
"hakurei.app/message" "hakurei.app/message"
) )
@@ -35,8 +36,8 @@ func main() {
msg := message.New(log.Default()) msg := message.New(log.Default())
early := earlyHardeningErrs{ early := earlyHardeningErrs{
yamaLSM: container.SetPtracer(0), yamaLSM: ext.SetPtracer(0),
dumpable: container.SetDumpable(container.SUID_DUMP_DISABLE), dumpable: ext.SetDumpable(ext.SUID_DUMP_DISABLE),
} }
if os.Geteuid() == 0 { if os.Geteuid() == 0 {
cmd/hakurei/parse_test.go
+1 -1
View File
@@ -6,7 +6,7 @@ import (
"testing" "testing"
"time" "time"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/store" "hakurei.app/internal/store"
"hakurei.app/message" "hakurei.app/message"
cmd/hakurei/print_test.go
+1 -1
View File
@@ -7,7 +7,7 @@ import (
"testing" "testing"
"time" "time"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/store" "hakurei.app/internal/store"
"hakurei.app/message" "hakurei.app/message"
cmd/mbf/main.go
+4 -3
View File
@@ -18,12 +18,13 @@ import (
"time" "time"
"unique" "unique"
"hakurei.app/check"
"hakurei.app/command" "hakurei.app/command"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/ext"
"hakurei.app/fhs"
"hakurei.app/internal/pkg" "hakurei.app/internal/pkg"
"hakurei.app/internal/rosa" "hakurei.app/internal/rosa"
"hakurei.app/message" "hakurei.app/message"
@@ -271,7 +272,7 @@ func main() {
return errors.New("report requires 1 argument") return errors.New("report requires 1 argument")
} }
if container.Isatty(int(w.Fd())) { if ext.Isatty(int(w.Fd())) {
return errors.New("output appears to be a terminal") return errors.New("output appears to be a terminal")
} }
return rosa.WriteReport(msg, w, cache) return rosa.WriteReport(msg, w, cache)
cmd/sharefs/fuse.go
+2 -2
View File
@@ -31,10 +31,10 @@ import (
"syscall" "syscall"
"unsafe" "unsafe"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/fhs"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/helper/proc" "hakurei.app/internal/helper/proc"
"hakurei.app/internal/info" "hakurei.app/internal/info"
cmd/sharefs/fuse_test.go
+1 -1
View File
@@ -6,7 +6,7 @@ import (
"reflect" "reflect"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
) )
func TestParseOpts(t *testing.T) { func TestParseOpts(t *testing.T) {
container/autoetc.go
+2 -2
View File
@@ -4,8 +4,8 @@ import (
"encoding/gob" "encoding/gob"
"fmt" "fmt"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/fhs" "hakurei.app/fhs"
) )
func init() { gob.Register(new(AutoEtcOp)) } func init() { gob.Register(new(AutoEtcOp)) }
container/autoetc_test.go
+2 -2
View File
@@ -5,8 +5,8 @@ import (
"os" "os"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestAutoEtcOp(t *testing.T) { func TestAutoEtcOp(t *testing.T) {
container/autoroot.go
+2 -2
View File
@@ -4,8 +4,8 @@ import (
"encoding/gob" "encoding/gob"
"fmt" "fmt"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/fhs" "hakurei.app/fhs"
"hakurei.app/message" "hakurei.app/message"
) )
container/autoroot_test.go
+2 -2
View File
@@ -5,9 +5,9 @@ import (
"os" "os"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
"hakurei.app/message" "hakurei.app/message"
) )
container/capability.go
+5 -3
View File
@@ -3,6 +3,8 @@ package container
import ( import (
"syscall" "syscall"
"unsafe" "unsafe"
"hakurei.app/ext"
) )
const ( const (
@@ -51,15 +53,15 @@ func capset(hdrp *capHeader, datap *[2]capData) error {
// capBoundingSetDrop drops a capability from the calling thread's capability bounding set. // capBoundingSetDrop drops a capability from the calling thread's capability bounding set.
func capBoundingSetDrop(cap uintptr) error { func capBoundingSetDrop(cap uintptr) error {
return Prctl(syscall.PR_CAPBSET_DROP, cap, 0) return ext.Prctl(syscall.PR_CAPBSET_DROP, cap, 0)
} }
// capAmbientClearAll clears the ambient capability set of the calling thread. // capAmbientClearAll clears the ambient capability set of the calling thread.
func capAmbientClearAll() error { func capAmbientClearAll() error {
return Prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0) return ext.Prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0)
} }
// capAmbientRaise adds to the ambient capability set of the calling thread. // capAmbientRaise adds to the ambient capability set of the calling thread.
func capAmbientRaise(cap uintptr) error { func capAmbientRaise(cap uintptr) error {
return Prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap) return ext.Prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap)
} }
container/container.go
+15 -22
View File
@@ -16,11 +16,11 @@ import (
. "syscall" . "syscall"
"time" "time"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/ext" "hakurei.app/ext"
"hakurei.app/fhs"
"hakurei.app/message" "hakurei.app/message"
) )
@@ -186,31 +186,24 @@ var (
closeOnExecErr error closeOnExecErr error
) )
// ensureCloseOnExec ensures all currently open file descriptors have the syscall.FD_CLOEXEC flag set. // ensureCloseOnExec ensures all currently open file descriptors have the
// This is only ran once as it is intended to handle files left open by the parent, and any file opened // syscall.FD_CLOEXEC flag set.
// on this side should already have syscall.FD_CLOEXEC set. //
// This is only ran once as it is intended to handle files left open by the
// parent, and any file opened on this side should already have
// syscall.FD_CLOEXEC set.
func ensureCloseOnExec() error { func ensureCloseOnExec() error {
closeOnExecOnce.Do(func() { closeOnExecOnce.Do(func() { closeOnExecErr = doCloseOnExec() })
const fdPrefixPath = "/proc/self/fd/"
var entries []os.DirEntry
if entries, closeOnExecErr = os.ReadDir(fdPrefixPath); closeOnExecErr != nil {
return
}
var fd int
for _, ent := range entries {
if fd, closeOnExecErr = strconv.Atoi(ent.Name()); closeOnExecErr != nil {
break // not reached
}
CloseOnExec(fd)
}
})
if closeOnExecErr == nil { if closeOnExecErr == nil {
return nil return nil
} }
return &StartError{Fatal: true, Step: "set FD_CLOEXEC on all open files", Err: closeOnExecErr, Passthrough: true} return &StartError{
Fatal: true,
Step: "set FD_CLOEXEC on all open files",
Err: closeOnExecErr,
Passthrough: true,
}
} }
// Start starts the container init. The init process blocks until Serve is called. // Start starts the container init. The init process blocks until Serve is called.
container/container_test.go
+3 -3
View File
@@ -18,17 +18,17 @@ import (
"testing" "testing"
"time" "time"
"hakurei.app/check"
"hakurei.app/command" "hakurei.app/command"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/container/vfs"
"hakurei.app/ext" "hakurei.app/ext"
"hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/ldd" "hakurei.app/ldd"
"hakurei.app/message" "hakurei.app/message"
"hakurei.app/vfs"
) )
// Note: this package requires cgo, which is unavailable in the Go playground. // Note: this package requires cgo, which is unavailable in the Go playground.
container/dispatcher.go
+4 -3
View File
@@ -13,6 +13,7 @@ import (
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/ext"
"hakurei.app/internal/netlink" "hakurei.app/internal/netlink"
"hakurei.app/message" "hakurei.app/message"
) )
@@ -143,8 +144,8 @@ func (k direct) new(f func(k syscallDispatcher)) { go f(k) }
func (direct) lockOSThread() { runtime.LockOSThread() } func (direct) lockOSThread() { runtime.LockOSThread() }
func (direct) setPtracer(pid uintptr) error { return SetPtracer(pid) } func (direct) setPtracer(pid uintptr) error { return ext.SetPtracer(pid) }
func (direct) setDumpable(dumpable uintptr) error { return SetDumpable(dumpable) } func (direct) setDumpable(dumpable uintptr) error { return ext.SetDumpable(dumpable) }
func (direct) setNoNewPrivs() error { return SetNoNewPrivs() } func (direct) setNoNewPrivs() error { return SetNoNewPrivs() }
func (direct) lastcap(msg message.Msg) uintptr { return LastCap(msg) } func (direct) lastcap(msg message.Msg) uintptr { return LastCap(msg) }
@@ -152,7 +153,7 @@ func (direct) capset(hdrp *capHeader, datap *[2]capData) error { return capset(h
func (direct) capBoundingSetDrop(cap uintptr) error { return capBoundingSetDrop(cap) } func (direct) capBoundingSetDrop(cap uintptr) error { return capBoundingSetDrop(cap) }
func (direct) capAmbientClearAll() error { return capAmbientClearAll() } func (direct) capAmbientClearAll() error { return capAmbientClearAll() }
func (direct) capAmbientRaise(cap uintptr) error { return capAmbientRaise(cap) } func (direct) capAmbientRaise(cap uintptr) error { return capAmbientRaise(cap) }
func (direct) isatty(fd int) bool { return Isatty(fd) } func (direct) isatty(fd int) bool { return ext.Isatty(fd) }
func (direct) receive(key string, e any, fdp *uintptr) (func() error, error) { func (direct) receive(key string, e any, fdp *uintptr) (func() error, error) {
return Receive(key, e, fdp) return Receive(key, e, fdp)
} }
container/dispatcher_test.go
+1 -1
View File
@@ -18,7 +18,7 @@ import (
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
"hakurei.app/message" "hakurei.app/message"
) )
container/errors.go
+2 -2
View File
@@ -5,9 +5,9 @@ import (
"os" "os"
"syscall" "syscall"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/vfs"
"hakurei.app/message" "hakurei.app/message"
"hakurei.app/vfs"
) )
// messageFromError returns a printable error message for a supported concrete type. // messageFromError returns a printable error message for a supported concrete type.
container/errors_test.go
+3 -3
View File
@@ -8,9 +8,9 @@ import (
"syscall" "syscall"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
"hakurei.app/container/vfs" "hakurei.app/vfs"
) )
func TestMessageFromError(t *testing.T) { func TestMessageFromError(t *testing.T) {
container/init.go
+5 -4
View File
@@ -15,8 +15,9 @@ import (
. "syscall" . "syscall"
"time" "time"
"hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/ext"
"hakurei.app/fhs"
"hakurei.app/message" "hakurei.app/message"
) )
@@ -178,7 +179,7 @@ func initEntrypoint(k syscallDispatcher, msg message.Msg) {
} }
// write uid/gid map here so parent does not need to set dumpable // write uid/gid map here so parent does not need to set dumpable
if err := k.setDumpable(SUID_DUMP_USER); err != nil { if err := k.setDumpable(ext.SUID_DUMP_USER); err != nil {
k.fatalf(msg, "cannot set SUID_DUMP_USER: %v", err) k.fatalf(msg, "cannot set SUID_DUMP_USER: %v", err)
} }
if err := k.writeFile(fhs.Proc+"self/uid_map", if err := k.writeFile(fhs.Proc+"self/uid_map",
@@ -196,7 +197,7 @@ func initEntrypoint(k syscallDispatcher, msg message.Msg) {
0); err != nil { 0); err != nil {
k.fatalf(msg, "%v", err) k.fatalf(msg, "%v", err)
} }
if err := k.setDumpable(SUID_DUMP_DISABLE); err != nil { if err := k.setDumpable(ext.SUID_DUMP_DISABLE); err != nil {
k.fatalf(msg, "cannot set SUID_DUMP_DISABLE: %v", err) k.fatalf(msg, "cannot set SUID_DUMP_DISABLE: %v", err)
} }
@@ -290,7 +291,7 @@ func initEntrypoint(k syscallDispatcher, msg message.Msg) {
{ {
var fd int var fd int
if err := IgnoringEINTR(func() (err error) { if err := ext.IgnoringEINTR(func() (err error) {
fd, err = k.open(fhs.Root, O_DIRECTORY|O_RDONLY, 0) fd, err = k.open(fhs.Root, O_DIRECTORY|O_RDONLY, 0)
return return
}); err != nil { }); err != nil {
container/init_test.go
+2 -2
View File
@@ -7,10 +7,10 @@ import (
"testing" "testing"
"time" "time"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestInitEntrypoint(t *testing.T) { func TestInitEntrypoint(t *testing.T) {
container/initbind.go
+1 -1
View File
@@ -6,7 +6,7 @@ import (
"os" "os"
"syscall" "syscall"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/std" "hakurei.app/container/std"
) )
container/initbind_test.go
+2 -2
View File
@@ -6,9 +6,9 @@ import (
"syscall" "syscall"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestBindMountOp(t *testing.T) { func TestBindMountOp(t *testing.T) {
container/initdaemon.go
+2 -2
View File
@@ -12,8 +12,8 @@ import (
"syscall" "syscall"
"time" "time"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/fhs" "hakurei.app/fhs"
) )
func init() { gob.Register(new(DaemonOp)) } func init() { gob.Register(new(DaemonOp)) }
container/initdaemon_test.go
+2 -2
View File
@@ -4,8 +4,8 @@ import (
"os" "os"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
"hakurei.app/message" "hakurei.app/message"
) )
container/initdev.go
+2 -2
View File
@@ -6,8 +6,8 @@ import (
"path" "path"
. "syscall" . "syscall"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/fhs" "hakurei.app/fhs"
) )
func init() { gob.Register(new(MountDevOp)) } func init() { gob.Register(new(MountDevOp)) }
container/initdev_test.go
+2 -2
View File
@@ -4,8 +4,8 @@ import (
"os" "os"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestMountDevOp(t *testing.T) { func TestMountDevOp(t *testing.T) {
container/initmkdir.go
+1 -1
View File
@@ -5,7 +5,7 @@ import (
"fmt" "fmt"
"os" "os"
"hakurei.app/container/check" "hakurei.app/check"
) )
func init() { gob.Register(new(MkdirOp)) } func init() { gob.Register(new(MkdirOp)) }
container/initmkdir_test.go
+2 -2
View File
@@ -4,8 +4,8 @@ import (
"os" "os"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestMkdirOp(t *testing.T) { func TestMkdirOp(t *testing.T) {
container/initoverlay.go
+2 -2
View File
@@ -6,8 +6,8 @@ import (
"slices" "slices"
"strings" "strings"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/fhs" "hakurei.app/fhs"
) )
const ( const (
container/initoverlay_test.go
+2 -2
View File
@@ -5,8 +5,8 @@ import (
"os" "os"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestMountOverlayOp(t *testing.T) { func TestMountOverlayOp(t *testing.T) {
container/initplace.go
+2 -2
View File
@@ -5,8 +5,8 @@ import (
"fmt" "fmt"
"syscall" "syscall"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/fhs" "hakurei.app/fhs"
) )
const ( const (
container/initplace_test.go
+2 -2
View File
@@ -4,8 +4,8 @@ import (
"os" "os"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestTmpfileOp(t *testing.T) { func TestTmpfileOp(t *testing.T) {
container/initproc.go
+1 -1
View File
@@ -5,7 +5,7 @@ import (
"fmt" "fmt"
. "syscall" . "syscall"
"hakurei.app/container/check" "hakurei.app/check"
) )
func init() { gob.Register(new(MountProcOp)) } func init() { gob.Register(new(MountProcOp)) }
container/initproc_test.go
+2 -2
View File
@@ -4,8 +4,8 @@ import (
"os" "os"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestMountProcOp(t *testing.T) { func TestMountProcOp(t *testing.T) {
container/initremount.go
+1 -1
View File
@@ -4,7 +4,7 @@ import (
"encoding/gob" "encoding/gob"
"fmt" "fmt"
"hakurei.app/container/check" "hakurei.app/check"
) )
func init() { gob.Register(new(RemountOp)) } func init() { gob.Register(new(RemountOp)) }
container/initremount_test.go
+2 -2
View File
@@ -4,8 +4,8 @@ import (
"syscall" "syscall"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestRemountOp(t *testing.T) { func TestRemountOp(t *testing.T) {
container/initsymlink.go
+1 -1
View File
@@ -5,7 +5,7 @@ import (
"fmt" "fmt"
"path" "path"
"hakurei.app/container/check" "hakurei.app/check"
) )
func init() { gob.Register(new(SymlinkOp)) } func init() { gob.Register(new(SymlinkOp)) }
container/initsymlink_test.go
+2 -2
View File
@@ -4,8 +4,8 @@ import (
"os" "os"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestSymlinkOp(t *testing.T) { func TestSymlinkOp(t *testing.T) {
container/inittmpfs.go
+1 -1
View File
@@ -8,7 +8,7 @@ import (
"strconv" "strconv"
. "syscall" . "syscall"
"hakurei.app/container/check" "hakurei.app/check"
) )
func init() { gob.Register(new(MountTmpfsOp)) } func init() { gob.Register(new(MountTmpfsOp)) }
container/inittmpfs_test.go
+2 -2
View File
@@ -5,8 +5,8 @@ import (
"syscall" "syscall"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
) )
func TestMountTmpfsOp(t *testing.T) { func TestMountTmpfsOp(t *testing.T) {
container/mount.go
+3 -2
View File
@@ -6,8 +6,9 @@ import (
"os" "os"
. "syscall" . "syscall"
"hakurei.app/container/vfs" "hakurei.app/ext"
"hakurei.app/message" "hakurei.app/message"
"hakurei.app/vfs"
) )
/* /*
@@ -115,7 +116,7 @@ func (p *procPaths) remount(msg message.Msg, target string, flags uintptr) error
var targetKFinal string var targetKFinal string
{ {
var destFd int var destFd int
if err := IgnoringEINTR(func() (err error) { if err := ext.IgnoringEINTR(func() (err error) {
destFd, err = p.k.open(targetFinal, O_PATH|O_CLOEXEC, 0) destFd, err = p.k.open(targetFinal, O_PATH|O_CLOEXEC, 0)
return return
}); err != nil { }); err != nil {
container/mount_test.go
+2 -2
View File
@@ -5,8 +5,8 @@ import (
"syscall" "syscall"
"testing" "testing"
"hakurei.app/container/stub" "hakurei.app/internal/stub"
"hakurei.app/container/vfs" "hakurei.app/vfs"
) )
func TestBindMount(t *testing.T) { func TestBindMount(t *testing.T) {
container/path.go
+2 -2
View File
@@ -9,8 +9,8 @@ import (
"strings" "strings"
"syscall" "syscall"
"hakurei.app/container/fhs" "hakurei.app/fhs"
"hakurei.app/container/vfs" "hakurei.app/vfs"
) )
const ( const (
container/path_test.go
+2 -2
View File
@@ -10,8 +10,8 @@ import (
"testing" "testing"
"unsafe" "unsafe"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/vfs" "hakurei.app/vfs"
) )
func TestToSysroot(t *testing.T) { func TestToSysroot(t *testing.T) {
container/seccomp/std_test.go
+13
View File
@@ -26,7 +26,9 @@ func TestSyscallResolveName(t *testing.T) {
func TestRuleType(t *testing.T) { func TestRuleType(t *testing.T) {
assertKind[ext.Uint, scmpUint](t) assertKind[ext.Uint, scmpUint](t)
assertOverflow(t, ext.Uint(ext.MaxUint))
assertKind[ext.Int, scmpInt](t) assertKind[ext.Int, scmpInt](t)
assertOverflow(t, ext.Int(ext.MaxInt))
assertSize[std.NativeRule, syscallRule](t) assertSize[std.NativeRule, syscallRule](t)
assertKind[std.ScmpDatum, scmpDatum](t) assertKind[std.ScmpDatum, scmpDatum](t)
@@ -62,3 +64,14 @@ func assertKind[native, equivalent any](t *testing.T) {
t.Fatalf("%s: %s, want %s", nativeType.Name(), nativeType.Kind(), equivalentType.Kind()) t.Fatalf("%s: %s, want %s", nativeType.Name(), nativeType.Kind(), equivalentType.Kind())
} }
} }
// assertOverflow asserts that incrementing m overflows.
func assertOverflow[T ~int32 | ~uint32](t *testing.T, m T) {
t.Helper()
old := m
m++
if m > old {
t.Fatalf("unexpected value %#x", m)
}
}
container/syscall.go
+2 -49
View File
@@ -7,40 +7,9 @@ import (
"hakurei.app/ext" "hakurei.app/ext"
) )
// Prctl manipulates various aspects of the behavior of the calling thread or process.
func Prctl(op, arg2, arg3 uintptr) error {
r, _, errno := Syscall(SYS_PRCTL, op, arg2, arg3)
if r < 0 {
return errno
}
return nil
}
// SetPtracer allows processes to ptrace(2) the calling process.
func SetPtracer(pid uintptr) error { return Prctl(PR_SET_PTRACER, pid, 0) }
// linux/sched/coredump.h
const (
SUID_DUMP_DISABLE = iota
SUID_DUMP_USER
)
// SetDumpable sets the "dumpable" attribute of the calling process.
func SetDumpable(dumpable uintptr) error { return Prctl(PR_SET_DUMPABLE, dumpable, 0) }
// SetNoNewPrivs sets the calling thread's no_new_privs attribute. // SetNoNewPrivs sets the calling thread's no_new_privs attribute.
func SetNoNewPrivs() error { return Prctl(PR_SET_NO_NEW_PRIVS, 1, 0) } func SetNoNewPrivs() error {
return ext.Prctl(PR_SET_NO_NEW_PRIVS, 1, 0)
// Isatty tests whether a file descriptor refers to a terminal.
func Isatty(fd int) bool {
var buf [8]byte
r, _, _ := Syscall(
SYS_IOCTL,
uintptr(fd),
TIOCGWINSZ,
uintptr(unsafe.Pointer(&buf[0])),
)
return r == 0
} }
// schedParam is equivalent to struct sched_param from include/linux/sched.h. // schedParam is equivalent to struct sched_param from include/linux/sched.h.
@@ -73,19 +42,3 @@ func schedSetscheduler(tid int, policy ext.SchedPolicy, param *schedParam) error
} }
return nil return nil
} }
// IgnoringEINTR makes a function call and repeats it if it returns an
// EINTR error. This appears to be required even though we install all
// signal handlers with SA_RESTART: see #22838, #38033, #38836, #40846.
// Also #20400 and #36644 are issues in which a signal handler is
// installed without setting SA_RESTART. None of these are the common case,
// but there are enough of them that it seems that we can't avoid
// an EINTR loop.
func IgnoringEINTR(fn func() error) error {
for {
err := fn()
if err != EINTR {
return err
}
}
}
container/syscall_close_range.go
+11
View File
@@ -0,0 +1,11 @@
//go:build close_range
package container
import "hakurei.app/ext"
// doCloseOnExec implements ensureCloseOnExec by calling CloseRange with
// CLOSE_RANGE_CLOEXEC.
func doCloseOnExec() error {
return ext.CloseRange(0, ext.MaxUint, ext.CLOSE_RANGE_CLOEXEC)
}
container/syscall_range_proc.go
+28
View File
@@ -0,0 +1,28 @@
//go:build !close_range
package container
import (
"os"
"strconv"
"syscall"
"hakurei.app/fhs"
)
// doCloseOnExec implements ensureCloseOnExec by ranging over proc_pid_fd(5).
func doCloseOnExec() error {
entries, err := os.ReadDir(fhs.ProcSelf + "fd/")
if err != nil {
return err
}
var fd int
for _, ent := range entries {
if fd, err = strconv.Atoi(ent.Name()); err != nil {
return err // not reached
}
syscall.CloseOnExec(fd)
}
return nil
}
container/sysctl.go
+1 -1
View File
@@ -6,7 +6,7 @@ import (
"strconv" "strconv"
"sync" "sync"
"hakurei.app/container/fhs" "hakurei.app/fhs"
"hakurei.app/message" "hakurei.app/message"
) )
ext/ext.go
+7
View File
@@ -4,6 +4,7 @@ package ext
import ( import (
"encoding/json" "encoding/json"
"iter" "iter"
"math"
"strconv" "strconv"
) )
@@ -15,6 +16,12 @@ type (
Int = int32 Int = int32
) )
// Integer limit values.
const (
MaxUint = math.MaxUint32
MaxInt = math.MaxInt32
)
// SyscallNum represents an architecture-specific, Linux syscall number. // SyscallNum represents an architecture-specific, Linux syscall number.
type SyscallNum Int type SyscallNum Int
ext/syscall.go
+74
View File
@@ -5,8 +5,82 @@ import (
"strconv" "strconv"
"sync" "sync"
"syscall" "syscall"
"unsafe"
) )
// Prctl manipulates various aspects of the behavior of the calling thread or process.
func Prctl(op, arg2, arg3 uintptr) error {
r, _, errno := syscall.Syscall(syscall.SYS_PRCTL, op, arg2, arg3)
if r < 0 {
return errno
}
return nil
}
// SetPtracer allows processes to ptrace(2) the calling process.
func SetPtracer(pid uintptr) error {
return Prctl(syscall.PR_SET_PTRACER, pid, 0)
}
// linux/sched/coredump.h
const (
SUID_DUMP_DISABLE = iota
SUID_DUMP_USER
)
// SetDumpable sets the "dumpable" attribute of the calling process.
func SetDumpable(dumpable uintptr) error {
return Prctl(syscall.PR_SET_DUMPABLE, dumpable, 0)
}
// Isatty tests whether a file descriptor refers to a terminal.
func Isatty(fd int) bool {
var buf [8]byte
r, _, _ := syscall.Syscall(
syscall.SYS_IOCTL,
uintptr(fd),
syscall.TIOCGWINSZ,
uintptr(unsafe.Pointer(&buf[0])),
)
return r == 0
}
// IgnoringEINTR makes a function call and repeats it if it returns an
// EINTR error. This appears to be required even though we install all
// signal handlers with SA_RESTART: see #22838, #38033, #38836, #40846.
// Also #20400 and #36644 are issues in which a signal handler is
// installed without setting SA_RESTART. None of these are the common case,
// but there are enough of them that it seems that we can't avoid
// an EINTR loop.
func IgnoringEINTR(fn func() error) error {
for {
err := fn()
if err != syscall.EINTR {
return err
}
}
}
// include/uapi/linux/close_range.h
const (
CLOSE_RANGE_UNSHARE = 1 << (iota + 1)
CLOSE_RANGE_CLOEXEC
)
// CloseRange close all file descriptors in a given range.
func CloseRange(first, last Uint, flags Int) error {
_, _, errno := syscall.Syscall(
SYS_CLOSE_RANGE,
uintptr(first),
uintptr(last),
uintptr(flags),
)
if errno != 0 {
return errno
}
return nil
}
// SchedPolicy denotes a scheduling policy defined in include/uapi/linux/sched.h. // SchedPolicy denotes a scheduling policy defined in include/uapi/linux/sched.h.
type SchedPolicy int type SchedPolicy int
container/fhs/abs.go → fhs/abs.go
+2 -2
View File
@@ -3,14 +3,14 @@ package fhs
import ( import (
_ "unsafe" // for go:linkname _ "unsafe" // for go:linkname
"hakurei.app/container/check" "hakurei.app/check"
) )
/* constants in this file bypass abs check, be extremely careful when changing them! */ /* constants in this file bypass abs check, be extremely careful when changing them! */
// unsafeAbs returns check.Absolute on any string value. // unsafeAbs returns check.Absolute on any string value.
// //
//go:linkname unsafeAbs hakurei.app/container/check.unsafeAbs //go:linkname unsafeAbs hakurei.app/check.unsafeAbs
func unsafeAbs(pathname string) *check.Absolute func unsafeAbs(pathname string) *check.Absolute
var ( var (
container/fhs/fhs.go → fhs/fhs.go
View File
hst/config.go
+1 -1
View File
@@ -5,7 +5,7 @@ import (
"strconv" "strconv"
"strings" "strings"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/ext" "hakurei.app/ext"
) )
hst/config_test.go
+1 -1
View File
@@ -4,7 +4,7 @@ import (
"reflect" "reflect"
"testing" "testing"
"hakurei.app/container/fhs" "hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
) )
hst/container.go
+1 -1
View File
@@ -6,7 +6,7 @@ import (
"syscall" "syscall"
"time" "time"
"hakurei.app/container/check" "hakurei.app/check"
) )
// PrivateTmp is a private writable path in a hakurei container. // PrivateTmp is a private writable path in a hakurei container.
hst/fs.go
+1 -1
View File
@@ -7,7 +7,7 @@ import (
"os" "os"
"reflect" "reflect"
"hakurei.app/container/check" "hakurei.app/check"
) )
// FilesystemConfig is an abstract representation of a mount point. // FilesystemConfig is an abstract representation of a mount point.
hst/fs_test.go
+1 -1
View File
@@ -9,8 +9,8 @@ import (
"syscall" "syscall"
"testing" "testing"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/hst" "hakurei.app/hst"
) )
hst/fsbind.go
+2 -2
View File
@@ -4,9 +4,9 @@ import (
"encoding/gob" "encoding/gob"
"strings" "strings"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/fhs"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/fhs"
) )
func init() { gob.Register(new(FSBind)) } func init() { gob.Register(new(FSBind)) }
hst/fsdaemon.go
+1 -1
View File
@@ -3,7 +3,7 @@ package hst
import ( import (
"encoding/gob" "encoding/gob"
"hakurei.app/container/check" "hakurei.app/check"
) )
func init() { gob.Register(new(FSDaemon)) } func init() { gob.Register(new(FSDaemon)) }
hst/fsephemeral.go
+1 -1
View File
@@ -5,7 +5,7 @@ import (
"os" "os"
"strings" "strings"
"hakurei.app/container/check" "hakurei.app/check"
) )
func init() { gob.Register(new(FSEphemeral)) } func init() { gob.Register(new(FSEphemeral)) }
hst/fslink.go
+1 -1
View File
@@ -4,7 +4,7 @@ import (
"encoding/gob" "encoding/gob"
"path" "path"
"hakurei.app/container/check" "hakurei.app/check"
) )
func init() { gob.Register(new(FSLink)) } func init() { gob.Register(new(FSLink)) }
hst/fsoverlay.go
+1 -1
View File
@@ -4,7 +4,7 @@ import (
"encoding/gob" "encoding/gob"
"strings" "strings"
"hakurei.app/container/check" "hakurei.app/check"
) )
func init() { gob.Register(new(FSOverlay)) } func init() { gob.Register(new(FSOverlay)) }
hst/fsoverlay_test.go
+1 -1
View File
@@ -3,8 +3,8 @@ package hst_test
import ( import (
"testing" "testing"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/hst" "hakurei.app/hst"
) )
hst/hst.go
+2 -2
View File
@@ -7,8 +7,8 @@ import (
"net" "net"
"os" "os"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/container/fhs" "hakurei.app/fhs"
) )
// An AppError is returned while starting an app according to [hst.Config]. // An AppError is returned while starting an app according to [hst.Config].
hst/hst_test.go
+1 -1
View File
@@ -9,8 +9,8 @@ import (
"syscall" "syscall"
"testing" "testing"
"hakurei.app/container/stub"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/stub"
"hakurei.app/message" "hakurei.app/message"
) )
internal/dbus/dbus_test.go
+2 -2
View File
@@ -65,13 +65,13 @@ func TestProxyStartWaitCloseString(t *testing.T) {
} }
const ( const (
stubProxyTimeout = 5 * time.Second stubProxyTimeout = 15 * time.Second
) )
func testProxyFinaliseStartWaitCloseString(t *testing.T, useSandbox bool) { func testProxyFinaliseStartWaitCloseString(t *testing.T, useSandbox bool) {
{ {
oldWaitDelay := helper.WaitDelay oldWaitDelay := helper.WaitDelay
helper.WaitDelay = 16 * time.Second helper.WaitDelay = 30 * time.Second
t.Cleanup(func() { helper.WaitDelay = oldWaitDelay }) t.Cleanup(func() { helper.WaitDelay = oldWaitDelay })
} }
internal/dbus/proc.go
+1 -1
View File
@@ -8,8 +8,8 @@ import (
"strconv" "strconv"
"syscall" "syscall"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/internal/helper" "hakurei.app/internal/helper"
internal/env/env.go
Vendored
+1 -1
View File
@@ -6,7 +6,7 @@ import (
"os" "os"
"strconv" "strconv"
"hakurei.app/container/check" "hakurei.app/check"
"hakurei.app/hst" "hakurei.app/hst"
) )
internal/env/env_test.go
Vendored
+3 -3
View File
@@ -5,12 +5,12 @@ import (
"reflect" "reflect"
"testing" "testing"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check" "hakurei.app/fhs"
"hakurei.app/container/fhs"
"hakurei.app/container/stub"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/env" "hakurei.app/internal/env"
"hakurei.app/internal/stub"
) )
func TestPaths(t *testing.T) { func TestPaths(t *testing.T) {
internal/helper/container.go
+1 -1
View File
@@ -9,8 +9,8 @@ import (
"slices" "slices"
"sync" "sync"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/internal/helper/proc" "hakurei.app/internal/helper/proc"
"hakurei.app/message" "hakurei.app/message"
) )
internal/helper/container_test.go
+2 -2
View File
@@ -6,9 +6,9 @@ import (
"os" "os"
"testing" "testing"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check" "hakurei.app/fhs"
"hakurei.app/container/fhs"
"hakurei.app/internal/helper" "hakurei.app/internal/helper"
) )
internal/helper/helper.go
+1 -1
View File
@@ -11,7 +11,7 @@ import (
"hakurei.app/internal/helper/proc" "hakurei.app/internal/helper/proc"
) )
var WaitDelay = 2 * time.Second var WaitDelay = 5 * time.Second
const ( const (
// HakureiHelper is set to 1 when args fd is enabled and 0 otherwise. // HakureiHelper is set to 1 when args fd is enabled and 0 otherwise.
internal/helper/helper_test.go
+1 -1
View File
@@ -56,7 +56,7 @@ const (
// this function tests an implementation of the helper.Helper interface // this function tests an implementation of the helper.Helper interface
func testHelper(t *testing.T, createHelper func(ctx context.Context, setOutput func(stdoutP, stderrP *io.Writer), stat bool) helper.Helper) { func testHelper(t *testing.T, createHelper func(ctx context.Context, setOutput func(stdoutP, stderrP *io.Writer), stat bool) helper.Helper) {
oldWaitDelay := helper.WaitDelay oldWaitDelay := helper.WaitDelay
helper.WaitDelay = 16 * time.Second helper.WaitDelay = 30 * time.Second
t.Cleanup(func() { helper.WaitDelay = oldWaitDelay }) t.Cleanup(func() { helper.WaitDelay = oldWaitDelay })
t.Run("start helper with status channel and wait", func(t *testing.T) { t.Run("start helper with status channel and wait", func(t *testing.T) {
internal/helper/proc/files.go
+1 -1
View File
@@ -10,7 +10,7 @@ import (
"time" "time"
) )
var FulfillmentTimeout = 2 * time.Second var FulfillmentTimeout = 15 * time.Second
func init() { func init() {
if testing.Testing() { if testing.Testing() {
internal/info/path.go
+1 -1
View File
@@ -3,7 +3,7 @@ package info
import ( import (
"log" "log"
"hakurei.app/container/check" "hakurei.app/check"
) )
// Absolute paths to the Hakurei installation. // Absolute paths to the Hakurei installation.
internal/info/path_test.go
+1 -1
View File
@@ -4,7 +4,7 @@ import (
"reflect" "reflect"
"testing" "testing"
"hakurei.app/container/check" "hakurei.app/check"
) )
func TestMustCheckPath(t *testing.T) { func TestMustCheckPath(t *testing.T) {
internal/info/version.go
+1
View File
@@ -1,3 +1,4 @@
// Package info holds metadata populated at link time.
package info package info
// FallbackVersion is returned when a version string was not set by the linker. // FallbackVersion is returned when a version string was not set by the linker.
internal/lockedfile/internal/filelock/filelock_test.go
+1 -1
View File
@@ -14,7 +14,7 @@ import (
"testing" "testing"
"time" "time"
"hakurei.app/container/fhs" "hakurei.app/fhs"
"hakurei.app/internal/lockedfile/internal/filelock" "hakurei.app/internal/lockedfile/internal/filelock"
"hakurei.app/internal/lockedfile/internal/testexec" "hakurei.app/internal/lockedfile/internal/testexec"
) )
internal/lockedfile/lockedfile_test.go
+1 -1
View File
@@ -15,7 +15,7 @@ import (
"testing" "testing"
"time" "time"
"hakurei.app/container/fhs" "hakurei.app/fhs"
"hakurei.app/internal/lockedfile" "hakurei.app/internal/lockedfile"
"hakurei.app/internal/lockedfile/internal/testexec" "hakurei.app/internal/lockedfile/internal/testexec"
) )
internal/outcome/dispatcher.go
+4 -3
View File
@@ -10,10 +10,11 @@ import (
"os/user" "os/user"
"path/filepath" "path/filepath"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/ext"
"hakurei.app/internal/dbus" "hakurei.app/internal/dbus"
"hakurei.app/internal/info" "hakurei.app/internal/info"
"hakurei.app/message" "hakurei.app/message"
@@ -149,10 +150,10 @@ func (direct) notifyContext(parent context.Context, signals ...os.Signal) (ctx c
return signal.NotifyContext(parent, signals...) return signal.NotifyContext(parent, signals...)
} }
func (direct) prctl(op, arg2, arg3 uintptr) error { return container.Prctl(op, arg2, arg3) } func (direct) prctl(op, arg2, arg3 uintptr) error { return ext.Prctl(op, arg2, arg3) }
func (direct) overflowUid(msg message.Msg) int { return container.OverflowUid(msg) } func (direct) overflowUid(msg message.Msg) int { return container.OverflowUid(msg) }
func (direct) overflowGid(msg message.Msg) int { return container.OverflowGid(msg) } func (direct) overflowGid(msg message.Msg) int { return container.OverflowGid(msg) }
func (direct) setDumpable(dumpable uintptr) error { return container.SetDumpable(dumpable) } func (direct) setDumpable(dumpable uintptr) error { return ext.SetDumpable(dumpable) }
func (direct) receive(key string, e any, fdp *uintptr) (func() error, error) { func (direct) receive(key string, e any, fdp *uintptr) (func() error, error) {
return container.Receive(key, e, fdp) return container.Receive(key, e, fdp)
} }
internal/outcome/dispatcher_test.go
+2 -2
View File
@@ -18,12 +18,12 @@ import (
"time" "time"
"unsafe" "unsafe"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/container/stub"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/stub"
"hakurei.app/internal/system" "hakurei.app/internal/system"
"hakurei.app/message" "hakurei.app/message"
) )
internal/outcome/hsu.go
+1 -1
View File
@@ -9,7 +9,7 @@ import (
"strconv" "strconv"
"sync" "sync"
"hakurei.app/container/fhs" "hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/message" "hakurei.app/message"
) )
internal/outcome/hsu_test.go
+1 -1
View File
@@ -9,8 +9,8 @@ import (
"testing" "testing"
"unsafe" "unsafe"
"hakurei.app/container/stub"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/stub"
) )
func TestHsu(t *testing.T) { func TestHsu(t *testing.T) {
internal/outcome/outcome.go
+1 -1
View File
@@ -7,8 +7,8 @@ import (
"maps" "maps"
"strconv" "strconv"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/acl" "hakurei.app/internal/acl"
"hakurei.app/internal/env" "hakurei.app/internal/env"
internal/outcome/process.go
+2 -2
View File
@@ -12,9 +12,9 @@ import (
"syscall" "syscall"
"time" "time"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check" "hakurei.app/fhs"
"hakurei.app/container/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/info" "hakurei.app/internal/info"
"hakurei.app/internal/store" "hakurei.app/internal/store"
internal/outcome/run_test.go
+2 -2
View File
@@ -15,11 +15,11 @@ import (
"testing" "testing"
"time" "time"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/acl" "hakurei.app/internal/acl"
"hakurei.app/internal/dbus" "hakurei.app/internal/dbus"
internal/outcome/shim.go
+4 -4
View File
@@ -13,12 +13,12 @@ import (
"syscall" "syscall"
"time" "time"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/ext" "hakurei.app/ext"
"hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/pipewire" "hakurei.app/internal/pipewire"
"hakurei.app/message" "hakurei.app/message"
@@ -147,7 +147,7 @@ func (sp *shimPrivate) destroy() {
const ( const (
// shimPipeWireTimeout is the duration pipewire-pulse is allowed to run // shimPipeWireTimeout is the duration pipewire-pulse is allowed to run
// before its socket becomes available. // before its socket becomes available.
shimPipeWireTimeout = 5 * time.Second shimPipeWireTimeout = 15 * time.Second
) )
func shimEntrypoint(k syscallDispatcher) { func shimEntrypoint(k syscallDispatcher) {
@@ -159,7 +159,7 @@ func shimEntrypoint(k syscallDispatcher) {
logger.SetFlags(0) logger.SetFlags(0)
} }
if err := k.setDumpable(container.SUID_DUMP_DISABLE); err != nil { if err := k.setDumpable(ext.SUID_DUMP_DISABLE); err != nil {
k.fatalf("cannot set SUID_DUMP_DISABLE: %v", err) k.fatalf("cannot set SUID_DUMP_DISABLE: %v", err)
} }
internal/outcome/shim_test.go
+25 -24
View File
@@ -10,12 +10,13 @@ import (
"testing" "testing"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/container/stub" "hakurei.app/ext"
"hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/env" "hakurei.app/internal/env"
"hakurei.app/internal/stub"
) )
func TestShimEntrypoint(t *testing.T) { func TestShimEntrypoint(t *testing.T) {
@@ -135,14 +136,14 @@ func TestShimEntrypoint(t *testing.T) {
{"dumpable", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"dumpable", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, new(log.Logger), nil), call("getLogger", stub.ExpectArgs{}, new(log.Logger), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, stub.UniqueError(11)), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, stub.UniqueError(11)),
call("fatalf", stub.ExpectArgs{"cannot set SUID_DUMP_DISABLE: %v", []any{stub.UniqueError(11)}}, nil, nil), call("fatalf", stub.ExpectArgs{"cannot set SUID_DUMP_DISABLE: %v", []any{stub.UniqueError(11)}}, nil, nil),
}}, nil}, }}, nil},
{"receive exit request", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"receive exit request", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, io.EOF), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, io.EOF),
@@ -155,7 +156,7 @@ func TestShimEntrypoint(t *testing.T) {
{"receive fd", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"receive fd", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, syscall.EBADF), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, syscall.EBADF),
@@ -168,7 +169,7 @@ func TestShimEntrypoint(t *testing.T) {
{"receive env", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"receive env", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, container.ErrReceiveEnv), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, container.ErrReceiveEnv),
@@ -181,7 +182,7 @@ func TestShimEntrypoint(t *testing.T) {
{"receive strange", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"receive strange", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, stub.UniqueError(10)), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", outcomeState{}, nil}, nil, stub.UniqueError(10)),
@@ -194,7 +195,7 @@ func TestShimEntrypoint(t *testing.T) {
{"reparent", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"reparent", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState { call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState {
@@ -214,7 +215,7 @@ func TestShimEntrypoint(t *testing.T) {
{"invalid state", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"invalid state", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState { call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState {
@@ -233,7 +234,7 @@ func TestShimEntrypoint(t *testing.T) {
{"sigaction pipe", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"sigaction pipe", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, &os.SyscallError{Syscall: "pipe2", Err: stub.UniqueError(9)}), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, &os.SyscallError{Syscall: "pipe2", Err: stub.UniqueError(9)}),
call("fatal", stub.ExpectArgs{[]any{"pipe2: unique error 9 injected by the test suite"}}, nil, nil), call("fatal", stub.ExpectArgs{[]any{"pipe2: unique error 9 injected by the test suite"}}, nil, nil),
@@ -242,7 +243,7 @@ func TestShimEntrypoint(t *testing.T) {
{"sigaction cgo", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"sigaction cgo", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, syscall.ENOTRECOVERABLE), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, syscall.ENOTRECOVERABLE),
call("fatalf", stub.ExpectArgs{"cannot install SIGCONT handler: %v", []any{syscall.ENOTRECOVERABLE}}, nil, nil), call("fatalf", stub.ExpectArgs{"cannot install SIGCONT handler: %v", []any{syscall.ENOTRECOVERABLE}}, nil, nil),
@@ -251,7 +252,7 @@ func TestShimEntrypoint(t *testing.T) {
{"sigaction strange", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"sigaction strange", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, stub.UniqueError(8)), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, stub.UniqueError(8)),
call("fatalf", stub.ExpectArgs{"cannot set up exit request: %v", []any{stub.UniqueError(8)}}, nil, nil), call("fatalf", stub.ExpectArgs{"cannot set up exit request: %v", []any{stub.UniqueError(8)}}, nil, nil),
@@ -260,7 +261,7 @@ func TestShimEntrypoint(t *testing.T) {
{"prctl", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"prctl", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
@@ -276,7 +277,7 @@ func TestShimEntrypoint(t *testing.T) {
{"toContainer", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"toContainer", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState { call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState {
@@ -297,7 +298,7 @@ func TestShimEntrypoint(t *testing.T) {
{"bad ops", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"bad ops", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState { call("receive", stub.ExpectArgs{"HAKUREI_SHIM", func() outcomeState {
@@ -318,7 +319,7 @@ func TestShimEntrypoint(t *testing.T) {
{"start", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"start", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
@@ -342,7 +343,7 @@ func TestShimEntrypoint(t *testing.T) {
{"start logger signalread", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"start logger signalread", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
@@ -366,7 +367,7 @@ func TestShimEntrypoint(t *testing.T) {
{"serve", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"serve", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
@@ -389,7 +390,7 @@ func TestShimEntrypoint(t *testing.T) {
{"seccomp", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"seccomp", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
@@ -413,7 +414,7 @@ func TestShimEntrypoint(t *testing.T) {
{"exited closesetup earlyrequested", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"exited closesetup earlyrequested", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
@@ -440,7 +441,7 @@ func TestShimEntrypoint(t *testing.T) {
{"exited requested", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"exited requested", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
@@ -467,7 +468,7 @@ func TestShimEntrypoint(t *testing.T) {
{"canceled orphaned", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"canceled orphaned", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
@@ -493,7 +494,7 @@ func TestShimEntrypoint(t *testing.T) {
{"strangewait invalidmsg", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"strangewait invalidmsg", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
@@ -520,7 +521,7 @@ func TestShimEntrypoint(t *testing.T) {
{"success", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{ {"success", func(k *kstub) error { shimEntrypoint(k); return nil }, stub.Expect{Calls: []stub.Call{
call("getMsg", stub.ExpectArgs{}, nil, nil), call("getMsg", stub.ExpectArgs{}, nil, nil),
call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil), call("getLogger", stub.ExpectArgs{}, (*log.Logger)(nil), nil),
call("setDumpable", stub.ExpectArgs{uintptr(container.SUID_DUMP_DISABLE)}, nil, nil), call("setDumpable", stub.ExpectArgs{uintptr(ext.SUID_DUMP_DISABLE)}, nil, nil),
call("getppid", stub.ExpectArgs{}, 0xbad, nil), call("getppid", stub.ExpectArgs{}, 0xbad, nil),
call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil), call("setupContSignal", stub.ExpectArgs{0xbad}, 0, nil),
call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil), call("receive", stub.ExpectArgs{"HAKUREI_SHIM", templateState, nil}, nil, nil),
internal/outcome/spaccount.go
+1 -1
View File
@@ -5,7 +5,7 @@ import (
"fmt" "fmt"
"syscall" "syscall"
"hakurei.app/container/fhs" "hakurei.app/fhs"
"hakurei.app/internal/validate" "hakurei.app/internal/validate"
) )
internal/outcome/spaccount_test.go
+1 -1
View File
@@ -6,8 +6,8 @@ import (
"testing" "testing"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/stub"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/stub"
) )
func TestSpAccountOp(t *testing.T) { func TestSpAccountOp(t *testing.T) {
internal/outcome/spcontainer.go
+2 -2
View File
@@ -10,11 +10,11 @@ import (
"strconv" "strconv"
"syscall" "syscall"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/acl" "hakurei.app/internal/acl"
"hakurei.app/internal/dbus" "hakurei.app/internal/dbus"
internal/outcome/spcontainer_test.go
+3 -3
View File
@@ -7,15 +7,15 @@ import (
"syscall" "syscall"
"testing" "testing"
"hakurei.app/check"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/check"
"hakurei.app/container/fhs"
"hakurei.app/container/seccomp" "hakurei.app/container/seccomp"
"hakurei.app/container/std" "hakurei.app/container/std"
"hakurei.app/container/stub" "hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/acl" "hakurei.app/internal/acl"
"hakurei.app/internal/dbus" "hakurei.app/internal/dbus"
"hakurei.app/internal/stub"
"hakurei.app/internal/system" "hakurei.app/internal/system"
) )
internal/outcome/spdbus.go
+1 -1
View File
@@ -3,7 +3,7 @@ package outcome
import ( import (
"encoding/gob" "encoding/gob"
"hakurei.app/container/fhs" "hakurei.app/fhs"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/acl" "hakurei.app/internal/acl"
"hakurei.app/internal/dbus" "hakurei.app/internal/dbus"
internal/outcome/spdbus_test.go
+1 -1
View File
@@ -5,11 +5,11 @@ import (
"testing" "testing"
"hakurei.app/container" "hakurei.app/container"
"hakurei.app/container/stub"
"hakurei.app/hst" "hakurei.app/hst"
"hakurei.app/internal/acl" "hakurei.app/internal/acl"
"hakurei.app/internal/dbus" "hakurei.app/internal/dbus"
"hakurei.app/internal/helper" "hakurei.app/internal/helper"
"hakurei.app/internal/stub"
"hakurei.app/internal/system" "hakurei.app/internal/system"
"hakurei.app/message" "hakurei.app/message"
) )

Some files were not shown because too many files have changed in this diff Show More