Ophestra
c33a6a5b7e
All checks were successful
Test / Create distribution (push) Successful in 1m31s
Test / Sandbox (push) Successful in 3m35s
Test / Hakurei (push) Successful in 4m43s
Test / ShareFS (push) Successful in 4m49s
Test / Sandbox (race detector) (push) Successful in 5m59s
Test / Hakurei (race detector) (push) Successful in 7m13s
Test / Flake checks (push) Successful in 1m30s
This prevents inadvertent use of insecure compatibility features. Closes #30. Signed-off-by: Ophestra <cat@gensokyo.uk>
89 lines
2.1 KiB
Go
89 lines
2.1 KiB
Go
package outcome
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"os"
|
|
"os/user"
|
|
|
|
"hakurei.app/hst"
|
|
"hakurei.app/internal/system"
|
|
"hakurei.app/message"
|
|
)
|
|
|
|
func newWithMessage(msg string) error { return newWithMessageError(msg, os.ErrInvalid) }
|
|
func newWithMessageError(msg string, err error) error {
|
|
return &hst.AppError{Step: "finalise", Err: err, Msg: msg}
|
|
}
|
|
|
|
// An outcome is the runnable state of a hakurei container via [hst.Config].
|
|
type outcome struct {
|
|
// Supplementary group ids. Populated during finalise.
|
|
supp []string
|
|
// Resolved priv side operating system interactions. Populated during finalise.
|
|
sys *system.I
|
|
// Transmitted to shim. Populated during finalise.
|
|
state *outcomeState
|
|
// Retained for registering current instance.
|
|
config *hst.Config
|
|
|
|
ctx context.Context
|
|
syscallDispatcher
|
|
}
|
|
|
|
// finalise prepares an outcome for main.
|
|
func (k *outcome) finalise(
|
|
ctx context.Context,
|
|
msg message.Msg,
|
|
id *hst.ID,
|
|
config *hst.Config,
|
|
flags int,
|
|
) error {
|
|
if ctx == nil || id == nil {
|
|
// unreachable
|
|
panic("invalid call to finalise")
|
|
}
|
|
if k.ctx != nil || k.sys != nil || k.state != nil {
|
|
// unreachable
|
|
panic("attempting to finalise twice")
|
|
}
|
|
k.ctx = ctx
|
|
|
|
if err := config.Validate(flags); err != nil {
|
|
return err
|
|
}
|
|
|
|
// hsu expects numerical group ids
|
|
supp := make([]string, len(config.Groups))
|
|
for i, name := range config.Groups {
|
|
if gid, err := k.lookupGroupId(name); err != nil {
|
|
var unknownGroupError user.UnknownGroupError
|
|
if errors.As(err, &unknownGroupError) {
|
|
return newWithMessageError(fmt.Sprintf("unknown group %q", name), unknownGroupError)
|
|
} else {
|
|
return &hst.AppError{Step: "look up group by name", Err: err, Msg: err.Error()}
|
|
}
|
|
} else {
|
|
supp[i] = gid
|
|
}
|
|
}
|
|
|
|
// early validation complete at this point
|
|
s := newOutcomeState(k.syscallDispatcher, msg, id, config, &Hsu{k: k})
|
|
if err := s.populateLocal(k.syscallDispatcher, msg); err != nil {
|
|
return err
|
|
}
|
|
|
|
sys := system.New(k.ctx, msg, s.uid.unwrap())
|
|
if err := s.newSys(config, sys).toSystem(); err != nil {
|
|
return err
|
|
}
|
|
|
|
k.sys = sys
|
|
k.supp = supp
|
|
k.state = s
|
|
k.config = config
|
|
return nil
|
|
}
|