fortify/internal/system/tmpfiles.go

package system

import (
	"bytes"
	"fmt"
	"io"
	"os"
	"syscall"

	"git.gensokyo.uk/security/fortify/internal/fmsg"
)

// CopyFile registers an Op that copies from src.
// A buffer is initialised with size cap and the Op faults if bytes read exceed n.
func (sys *I) CopyFile(payload *[]byte, src string, cap int, n int64) *I {
	buf := new(bytes.Buffer)
	buf.Grow(cap)

	sys.lock.Lock()
	sys.ops = append(sys.ops, &Tmpfile{payload, src, n, buf})
	sys.lock.Unlock()

	return sys
}

type Tmpfile struct {
	payload *[]byte
	src     string

	n   int64
	buf *bytes.Buffer
}

func (t *Tmpfile) Type() Enablement { return Process }
func (t *Tmpfile) apply(_ *I) error {
	fmsg.Verbose("copying", t)

	if b, err := os.Stat(t.src); err != nil {
		return fmsg.WrapErrorSuffix(err,
			fmt.Sprintf("cannot stat %q:", t.src))
	} else {
		if b.IsDir() {
			return fmsg.WrapErrorSuffix(syscall.EISDIR,
				fmt.Sprintf("%q is a directory", t.src))
		}
		if s := b.Size(); s > t.n {
			return fmsg.WrapErrorSuffix(syscall.ENOMEM,
				fmt.Sprintf("file %q is too long: %d > %d",
					t.src, s, t.n))
		}
	}

	if f, err := os.Open(t.src); err != nil {
		return fmsg.WrapErrorSuffix(err,
			fmt.Sprintf("cannot open %q:", t.src))
	} else if _, err = io.CopyN(t.buf, f, t.n); err != nil {
		return fmsg.WrapErrorSuffix(err,
			fmt.Sprintf("cannot read from %q:", t.src))
	}

	*t.payload = t.buf.Bytes()
	return nil
}
func (t *Tmpfile) revert(*I, *Criteria) error { t.buf.Reset(); return nil }

func (t *Tmpfile) Is(o Op) bool {
	t0, ok := o.(*Tmpfile)
	return ok && t0 != nil &&
		t.src == t0.src && t.n == t0.n
}
func (t *Tmpfile) Path() string   { return t.src }
func (t *Tmpfile) String() string { return fmt.Sprintf("up to %d bytes from %q", t.n, t.src) }
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`package system`

			`import (`
system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`"bytes"`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`"fmt"`
			`"io"`
			`"os"`
system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`"syscall"`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00
migrate to git.gensokyo.uk/security/fortify Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-12-20 00:20:02 +09:00			`"git.gensokyo.uk/security/fortify/internal/fmsg"`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`)`

system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`// CopyFile registers an Op that copies from src.`
			`// A buffer is initialised with size cap and the Op faults if bytes read exceed n.`
			`func (sys I) CopyFile(payload []byte, src string, cap int, n int64) *I {`
			`buf := new(bytes.Buffer)`
			`buf.Grow(cap)`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00
			`sys.lock.Lock()`
system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`sys.ops = append(sys.ops, &Tmpfile{payload, src, n, buf})`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`sys.lock.Unlock()`

system: return sys in queueing methods This enables building an instance in a single statement. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-23 12:34:16 +09:00			`return sys`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`}`

			`type Tmpfile struct {`
system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`payload *[]byte`
			`src string`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00
system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`n int64`
			`buf *bytes.Buffer`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`}`

system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`func (t *Tmpfile) Type() Enablement { return Process }`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`func (t Tmpfile) apply(_ I) error {`
system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`fmsg.Verbose("copying", t)`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00
system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`if b, err := os.Stat(t.src); err != nil {`
			`return fmsg.WrapErrorSuffix(err,`
			`fmt.Sprintf("cannot stat %q:", t.src))`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`} else {`
system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`if b.IsDir() {`
			`return fmsg.WrapErrorSuffix(syscall.EISDIR,`
			`fmt.Sprintf("%q is a directory", t.src))`
			`}`
			`if s := b.Size(); s > t.n {`
			`return fmsg.WrapErrorSuffix(syscall.ENOMEM,`
			`fmt.Sprintf("file %q is too long: %d > %d",`
			`t.src, s, t.n))`
			`}`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`}`

system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`if f, err := os.Open(t.src); err != nil {`
			`return fmsg.WrapErrorSuffix(err,`
			`fmt.Sprintf("cannot open %q:", t.src))`
			`} else if _, err = io.CopyN(t.buf, f, t.n); err != nil {`
			`return fmsg.WrapErrorSuffix(err,`
			`fmt.Sprintf("cannot read from %q:", t.src))`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`}`

system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`*t.payload = t.buf.Bytes()`
			`return nil`
			`}`
			`func (t Tmpfile) revert(I, *Criteria) error { t.buf.Reset(); return nil }`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00
system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`func (t *Tmpfile) Is(o Op) bool {`
			`t0, ok := o.(*Tmpfile)`
			`return ok && t0 != nil &&`
			`t.src == t0.src && t.n == t0.n`
system: isolate app/system into generic implementation This improves maintainability and extensibility of system operations, makes writing tests for them possible, and operations now apply and revert in order, instead of being bunched up into their own categories. Signed-off-by: Ophestra Umiker <cat@ophivana.moe> 2024-10-16 01:31:23 +09:00			`}`
system/tmpfiles: implement private tmpfiles These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-17 00:07:52 +09:00			`func (t *Tmpfile) Path() string { return t.src }`
			`func (t *Tmpfile) String() string { return fmt.Sprintf("up to %d bytes from %q", t.n, t.src) }`