From 48feca800f90136f5a2d6169299f4efe5a93822c Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Sun, 16 Mar 2025 23:29:14 +0900
Subject: [PATCH] sandbox: check command function pointer

Setting default CommandContext on initialisation is somewhat of a footgun.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 internal/sandbox/container.go | 15 ++++++++-------
 ldd/exec.go                   |  5 +----
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/internal/sandbox/container.go b/internal/sandbox/container.go
index fff1d9d..2cd64eb 100644
--- a/internal/sandbox/container.go
+++ b/internal/sandbox/container.go
@@ -118,7 +118,7 @@ func (p *Container) Start() error {
 		return errors.New("sandbox: starting an empty container")
 	}
 
-	c, cancel := context.WithCancel(p.ctx)
+	ctx, cancel := context.WithCancel(p.ctx)
 	p.cancel = cancel
 
 	var cloneFlags uintptr = syscall.CLONE_NEWIPC |
@@ -136,7 +136,13 @@ func (p *Container) Start() error {
 		p.Gid = OverflowGid()
 	}
 
-	p.cmd = p.CommandContext(c)
+	if p.CommandContext != nil {
+		p.cmd = p.CommandContext(ctx)
+	} else {
+		p.cmd = exec.CommandContext(ctx, internal.MustExecutable())
+		p.cmd.Args = []string{"init"}
+	}
+
 	p.cmd.Stdin, p.cmd.Stdout, p.cmd.Stderr = p.Stdin, p.Stdout, p.Stderr
 	p.cmd.Cancel, p.cmd.WaitDelay = p.Cancel, p.WaitDelay
 	p.cmd.Dir = "/"
@@ -225,10 +231,5 @@ func (p *Container) String() string {
 func New(ctx context.Context, name string, args ...string) *Container {
 	return &Container{name: name, ctx: ctx,
 		InitParams: InitParams{Args: append([]string{name}, args...), Dir: "/", Ops: new(Ops)},
-		CommandContext: func(ctx context.Context) (cmd *exec.Cmd) {
-			cmd = exec.CommandContext(ctx, internal.MustExecutable())
-			cmd.Args = []string{"init"}
-			return
-		},
 	}
 }
diff --git a/ldd/exec.go b/ldd/exec.go
index 4f77ae3..9475693 100644
--- a/ldd/exec.go
+++ b/ldd/exec.go
@@ -26,16 +26,13 @@ func ExecFilter(ctx context.Context,
 	c, cancel := context.WithTimeout(ctx, lddTimeout)
 	defer cancel()
 	container := sandbox.New(c, "ldd", p)
+	container.CommandContext = commandContext
 	container.Hostname = "fortify-ldd"
 	stdout, stderr := new(bytes.Buffer), new(bytes.Buffer)
 	container.Stdout = stdout
 	container.Stderr = stderr
 	container.Bind("/", "/", 0).Dev("/dev")
 
-	if commandContext != nil {
-		container.CommandContext = commandContext
-	}
-
 	if err := container.Start(); err != nil {
 		return nil, err
 	} else if err = container.Serve(); err != nil {