From 24618ab9a1524e8b8986a9bf67667288e642fcf1 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Mon, 17 Mar 2025 02:55:36 +0900 Subject: [PATCH] sandbox: move out of internal Signed-off-by: Ophestra --- cmd/fpkg/main.go | 2 +- dbus/dbus_test.go | 2 +- dbus/proc.go | 4 ++-- helper/bwrap/config_test.go | 2 +- helper/bwrap/seccomp.go | 2 +- helper/container.go | 2 +- helper/container_test.go | 2 +- internal/app/init0/main.go | 2 +- internal/app/shim/main.go | 2 +- internal/app/shim/manager.go | 2 +- internal/output.go | 4 ++-- internal/sys/std.go | 2 +- ldd/exec.go | 2 +- main.go | 2 +- {internal/sandbox => sandbox}/const.go | 0 {internal/sandbox => sandbox}/container.go | 2 +- {internal/sandbox => sandbox}/container_test.go | 4 ++-- {internal/sandbox => sandbox}/executable.go | 0 {internal/sandbox => sandbox}/executable_test.go | 2 +- {internal/sandbox => sandbox}/init.go | 2 +- {internal/sandbox => sandbox}/mount.go | 0 {internal/sandbox => sandbox}/msg.go | 0 {internal/sandbox => sandbox}/output.go | 0 {internal/sandbox => sandbox}/overflow.go | 0 {internal/sandbox => sandbox}/params.go | 0 {internal/sandbox => sandbox}/path.go | 0 {seccomp => sandbox/seccomp}/api.go | 0 {seccomp => sandbox/seccomp}/export.go | 0 {seccomp => sandbox/seccomp}/export_test.go | 2 +- {seccomp => sandbox/seccomp}/output.go | 0 {seccomp => sandbox/seccomp}/seccomp-build.c | 0 {seccomp => sandbox/seccomp}/seccomp-build.h | 0 {seccomp => sandbox/seccomp}/seccomp.go | 0 {seccomp => sandbox/seccomp}/seccomp_test.go | 2 +- {internal/sandbox => sandbox}/sequential.go | 0 {internal/sandbox => sandbox}/syscall.go | 0 system/output.go | 2 +- 37 files changed, 24 insertions(+), 24 deletions(-) rename {internal/sandbox => sandbox}/const.go (100%) rename {internal/sandbox => sandbox}/container.go (98%) rename {internal/sandbox => sandbox}/container_test.go (98%) rename {internal/sandbox => sandbox}/executable.go (100%) rename {internal/sandbox => sandbox}/executable_test.go (82%) rename {internal/sandbox => sandbox}/init.go (99%) rename {internal/sandbox => sandbox}/mount.go (100%) rename {internal/sandbox => sandbox}/msg.go (100%) rename {internal/sandbox => sandbox}/output.go (100%) rename {internal/sandbox => sandbox}/overflow.go (100%) rename {internal/sandbox => sandbox}/params.go (100%) rename {internal/sandbox => sandbox}/path.go (100%) rename {seccomp => sandbox/seccomp}/api.go (100%) rename {seccomp => sandbox/seccomp}/export.go (100%) rename {seccomp => sandbox/seccomp}/export_test.go (98%) rename {seccomp => sandbox/seccomp}/output.go (100%) rename {seccomp => sandbox/seccomp}/seccomp-build.c (100%) rename {seccomp => sandbox/seccomp}/seccomp-build.h (100%) rename {seccomp => sandbox/seccomp}/seccomp.go (100%) rename {seccomp => sandbox/seccomp}/seccomp_test.go (96%) rename {internal/sandbox => sandbox}/sequential.go (100%) rename {internal/sandbox => sandbox}/syscall.go (100%) diff --git a/cmd/fpkg/main.go b/cmd/fpkg/main.go index 63a3f77..e23ce50 100644 --- a/cmd/fpkg/main.go +++ b/cmd/fpkg/main.go @@ -17,8 +17,8 @@ import ( "git.gensokyo.uk/security/fortify/internal/app/init0" "git.gensokyo.uk/security/fortify/internal/app/shim" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/internal/sys" + "git.gensokyo.uk/security/fortify/sandbox" ) const shellPath = "/run/current-system/sw/bin/bash" diff --git a/dbus/dbus_test.go b/dbus/dbus_test.go index bba06f6..740ab52 100644 --- a/dbus/dbus_test.go +++ b/dbus/dbus_test.go @@ -15,7 +15,7 @@ import ( "git.gensokyo.uk/security/fortify/helper" "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) func TestNew(t *testing.T) { diff --git a/dbus/proc.go b/dbus/proc.go index 446ca90..07e8b78 100644 --- a/dbus/proc.go +++ b/dbus/proc.go @@ -14,9 +14,9 @@ import ( "syscall" "git.gensokyo.uk/security/fortify/helper" - "git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/ldd" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) // Start launches the D-Bus proxy. diff --git a/helper/bwrap/config_test.go b/helper/bwrap/config_test.go index 7e78c8f..720ef40 100644 --- a/helper/bwrap/config_test.go +++ b/helper/bwrap/config_test.go @@ -7,7 +7,7 @@ import ( "git.gensokyo.uk/security/fortify/helper/bwrap" "git.gensokyo.uk/security/fortify/helper/proc" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) func TestConfig_Args(t *testing.T) { diff --git a/helper/bwrap/seccomp.go b/helper/bwrap/seccomp.go index f5132be..2253203 100644 --- a/helper/bwrap/seccomp.go +++ b/helper/bwrap/seccomp.go @@ -5,7 +5,7 @@ import ( "strconv" "git.gensokyo.uk/security/fortify/helper/proc" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) type SyscallPolicy struct { diff --git a/helper/container.go b/helper/container.go index 4eb57c3..33ab1e3 100644 --- a/helper/container.go +++ b/helper/container.go @@ -9,7 +9,7 @@ import ( "sync" "git.gensokyo.uk/security/fortify/helper/proc" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) // New initialises a Helper instance with wt as the null-terminated argument writer. diff --git a/helper/container_test.go b/helper/container_test.go index cb145bf..886cbf4 100644 --- a/helper/container_test.go +++ b/helper/container_test.go @@ -10,7 +10,7 @@ import ( "git.gensokyo.uk/security/fortify/helper" "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) func TestContainer(t *testing.T) { diff --git a/internal/app/init0/main.go b/internal/app/init0/main.go index 46ce449..7b8d27c 100644 --- a/internal/app/init0/main.go +++ b/internal/app/init0/main.go @@ -11,7 +11,7 @@ import ( "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) const ( diff --git a/internal/app/shim/main.go b/internal/app/shim/main.go index 9450149..5634be4 100644 --- a/internal/app/shim/main.go +++ b/internal/app/shim/main.go @@ -16,7 +16,7 @@ import ( "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/app/init0" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) // everything beyond this point runs as unconstrained target user diff --git a/internal/app/shim/manager.go b/internal/app/shim/manager.go index 4b5432b..4ed75e5 100644 --- a/internal/app/shim/manager.go +++ b/internal/app/shim/manager.go @@ -13,7 +13,7 @@ import ( "git.gensokyo.uk/security/fortify/helper/proc" "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) // used by the parent process diff --git a/internal/output.go b/internal/output.go index c85f1b5..7b1de30 100644 --- a/internal/output.go +++ b/internal/output.go @@ -2,8 +2,8 @@ package internal import ( "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" "git.gensokyo.uk/security/fortify/system" ) diff --git a/internal/sys/std.go b/internal/sys/std.go index 0145eb2..132f4c1 100644 --- a/internal/sys/std.go +++ b/internal/sys/std.go @@ -15,7 +15,7 @@ import ( "git.gensokyo.uk/security/fortify/fst" "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) // Std implements System using the standard library. diff --git a/ldd/exec.go b/ldd/exec.go index 55d16cf..cb1ecec 100644 --- a/ldd/exec.go +++ b/ldd/exec.go @@ -8,7 +8,7 @@ import ( "os/exec" "time" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) const lddTimeout = 2 * time.Second diff --git a/main.go b/main.go index 7a650d6..0505e59 100644 --- a/main.go +++ b/main.go @@ -23,9 +23,9 @@ import ( "git.gensokyo.uk/security/fortify/internal/app/init0" "git.gensokyo.uk/security/fortify/internal/app/shim" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/internal/state" "git.gensokyo.uk/security/fortify/internal/sys" + "git.gensokyo.uk/security/fortify/sandbox" "git.gensokyo.uk/security/fortify/system" ) diff --git a/internal/sandbox/const.go b/sandbox/const.go similarity index 100% rename from internal/sandbox/const.go rename to sandbox/const.go diff --git a/internal/sandbox/container.go b/sandbox/container.go similarity index 98% rename from internal/sandbox/container.go rename to sandbox/container.go index afbcc4f..3c8063c 100644 --- a/internal/sandbox/container.go +++ b/sandbox/container.go @@ -13,7 +13,7 @@ import ( "syscall" "time" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) type HardeningFlags uintptr diff --git a/internal/sandbox/container_test.go b/sandbox/container_test.go similarity index 98% rename from internal/sandbox/container_test.go rename to sandbox/container_test.go index 55df60b..0cca3ea 100644 --- a/internal/sandbox/container_test.go +++ b/sandbox/container_test.go @@ -14,9 +14,9 @@ import ( "git.gensokyo.uk/security/fortify/fst" "git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/ldd" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" check "git.gensokyo.uk/security/fortify/test/sandbox" ) diff --git a/internal/sandbox/executable.go b/sandbox/executable.go similarity index 100% rename from internal/sandbox/executable.go rename to sandbox/executable.go diff --git a/internal/sandbox/executable_test.go b/sandbox/executable_test.go similarity index 82% rename from internal/sandbox/executable_test.go rename to sandbox/executable_test.go index b11908c..3f8e028 100644 --- a/internal/sandbox/executable_test.go +++ b/sandbox/executable_test.go @@ -4,7 +4,7 @@ import ( "os" "testing" - "git.gensokyo.uk/security/fortify/internal/sandbox" + "git.gensokyo.uk/security/fortify/sandbox" ) func TestExecutable(t *testing.T) { diff --git a/internal/sandbox/init.go b/sandbox/init.go similarity index 99% rename from internal/sandbox/init.go rename to sandbox/init.go index a6fac1a..4fbb173 100644 --- a/internal/sandbox/init.go +++ b/sandbox/init.go @@ -13,7 +13,7 @@ import ( "syscall" "time" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) const ( diff --git a/internal/sandbox/mount.go b/sandbox/mount.go similarity index 100% rename from internal/sandbox/mount.go rename to sandbox/mount.go diff --git a/internal/sandbox/msg.go b/sandbox/msg.go similarity index 100% rename from internal/sandbox/msg.go rename to sandbox/msg.go diff --git a/internal/sandbox/output.go b/sandbox/output.go similarity index 100% rename from internal/sandbox/output.go rename to sandbox/output.go diff --git a/internal/sandbox/overflow.go b/sandbox/overflow.go similarity index 100% rename from internal/sandbox/overflow.go rename to sandbox/overflow.go diff --git a/internal/sandbox/params.go b/sandbox/params.go similarity index 100% rename from internal/sandbox/params.go rename to sandbox/params.go diff --git a/internal/sandbox/path.go b/sandbox/path.go similarity index 100% rename from internal/sandbox/path.go rename to sandbox/path.go diff --git a/seccomp/api.go b/sandbox/seccomp/api.go similarity index 100% rename from seccomp/api.go rename to sandbox/seccomp/api.go diff --git a/seccomp/export.go b/sandbox/seccomp/export.go similarity index 100% rename from seccomp/export.go rename to sandbox/seccomp/export.go diff --git a/seccomp/export_test.go b/sandbox/seccomp/export_test.go similarity index 98% rename from seccomp/export_test.go rename to sandbox/seccomp/export_test.go index 34bb306..8dc88cb 100644 --- a/seccomp/export_test.go +++ b/sandbox/seccomp/export_test.go @@ -8,7 +8,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) func TestExport(t *testing.T) { diff --git a/seccomp/output.go b/sandbox/seccomp/output.go similarity index 100% rename from seccomp/output.go rename to sandbox/seccomp/output.go diff --git a/seccomp/seccomp-build.c b/sandbox/seccomp/seccomp-build.c similarity index 100% rename from seccomp/seccomp-build.c rename to sandbox/seccomp/seccomp-build.c diff --git a/seccomp/seccomp-build.h b/sandbox/seccomp/seccomp-build.h similarity index 100% rename from seccomp/seccomp-build.h rename to sandbox/seccomp/seccomp-build.h diff --git a/seccomp/seccomp.go b/sandbox/seccomp/seccomp.go similarity index 100% rename from seccomp/seccomp.go rename to sandbox/seccomp/seccomp.go diff --git a/seccomp/seccomp_test.go b/sandbox/seccomp/seccomp_test.go similarity index 96% rename from seccomp/seccomp_test.go rename to sandbox/seccomp/seccomp_test.go index f2949ef..3c7f533 100644 --- a/seccomp/seccomp_test.go +++ b/sandbox/seccomp/seccomp_test.go @@ -6,7 +6,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/fortify/seccomp" + "git.gensokyo.uk/security/fortify/sandbox/seccomp" ) func TestLibraryError(t *testing.T) { diff --git a/internal/sandbox/sequential.go b/sandbox/sequential.go similarity index 100% rename from internal/sandbox/sequential.go rename to sandbox/sequential.go diff --git a/internal/sandbox/syscall.go b/sandbox/syscall.go similarity index 100% rename from internal/sandbox/syscall.go rename to sandbox/syscall.go diff --git a/system/output.go b/system/output.go index daf4386..8dab60f 100644 --- a/system/output.go +++ b/system/output.go @@ -1,6 +1,6 @@ package system -import "git.gensokyo.uk/security/fortify/internal/sandbox" +import "git.gensokyo.uk/security/fortify/sandbox" var msg sandbox.Msg = new(sandbox.DefaultMsg)