fortify/fst/app.go

package fst

import (
	"context"
	"time"
)

type App interface {
	// ID returns a copy of App's unique ID.
	ID() ID
	// Run sets up the system and runs the App.
	Run(ctx context.Context, rs *RunState) error

	Seal(config *Config) error
	String() string
}

// RunState stores the outcome of a call to [App.Run].
type RunState struct {
	// Time is the exact point in time where the process was created.
	// Location must be set to UTC.
	//
	// Time is nil if no process was ever created.
	Time *time.Time
	// ExitCode is the value returned by shim.
	ExitCode int
	// RevertErr is stored by the deferred revert call.
	RevertErr error
	// WaitErr is error returned by the underlying wait syscall.
	WaitErr error
}

// Paths contains environment-dependent paths used by fortify.
type Paths struct {
	// path to shared directory (usually `/tmp/fortify.%d`)
	SharePath string `json:"share_path"`
	// XDG_RUNTIME_DIR value (usually `/run/user/%d`)
	RuntimePath string `json:"runtime_path"`
	// application runtime directory (usually `/run/user/%d/fortify`)
	RunDirPath string `json:"run_dir_path"`
}
fst: move App interface declaration Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-18 22:36:45 +09:00			`package fst`

app: defer system.I revert Just returning an error after a successful call of commit will leave garbage behind with no way for the caller to clean them. This change ensures revert is always called after successful commit with at least per-process state enabled. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-19 21:05:48 +09:00			`import (`
			`"context"`
			`"time"`
			`)`
fst: move App interface declaration Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-18 22:36:45 +09:00
			`type App interface {`
			`// ID returns a copy of App's unique ID.`
			`ID() ID`
			`// Run sets up the system and runs the App.`
			`Run(ctx context.Context, rs *RunState) error`

			`Seal(config *Config) error`
			`String() string`
			`}`

			`// RunState stores the outcome of a call to [App.Run].`
			`type RunState struct {`
app: defer system.I revert Just returning an error after a successful call of commit will leave garbage behind with no way for the caller to clean them. This change ensures revert is always called after successful commit with at least per-process state enabled. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-19 21:05:48 +09:00			`// Time is the exact point in time where the process was created.`
			`// Location must be set to UTC.`
			`//`
			`// Time is nil if no process was ever created.`
			`Time *time.Time`
fst: move App interface declaration Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-18 22:36:45 +09:00			`// ExitCode is the value returned by shim.`
			`ExitCode int`
app: defer system.I revert Just returning an error after a successful call of commit will leave garbage behind with no way for the caller to clean them. This change ensures revert is always called after successful commit with at least per-process state enabled. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-19 21:05:48 +09:00			`// RevertErr is stored by the deferred revert call.`
			`RevertErr error`
fst: move App interface declaration Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-18 22:36:45 +09:00			`// WaitErr is error returned by the underlying wait syscall.`
			`WaitErr error`
			`}`

			`// Paths contains environment-dependent paths used by fortify.`
			`type Paths struct {`
app: remove share method This is yet another implementation detail from before system.I, getting rid of this vastly cuts down on redundant seal state. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-19 13:41:06 +09:00			// path to shared directory (usually `/tmp/fortify.%d`)
fst: move App interface declaration Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-18 22:36:45 +09:00			SharePath string `json:"share_path"`
app: remove share method This is yet another implementation detail from before system.I, getting rid of this vastly cuts down on redundant seal state. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-19 13:41:06 +09:00			// XDG_RUNTIME_DIR value (usually `/run/user/%d`)
fst: move App interface declaration Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-18 22:36:45 +09:00			RuntimePath string `json:"runtime_path"`
app: remove share method This is yet another implementation detail from before system.I, getting rid of this vastly cuts down on redundant seal state. Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-19 13:41:06 +09:00			// application runtime directory (usually `/run/user/%d/fortify`)
fst: move App interface declaration Signed-off-by: Ophestra <cat@gensokyo.uk> 2025-02-18 22:36:45 +09:00			RunDirPath string `json:"run_dir_path"`
			`}`