From 65bd7d18dbf35216d0a70c102a732c6356caee85 Mon Sep 17 00:00:00 2001 From: Ophestra Umiker Date: Fri, 18 Oct 2024 01:21:58 +0900 Subject: [PATCH] app/share: fix order to ensure SharePath before any of its subdirectories shareTmpdirChild happened to request an ephemeral dir within SharePath and was called before shareRuntime which ensures that path. This commit moves SharePath initialisation to shareSystem and moves shareTmpdirChild into ShareSystem. Further cleanup and tests are desperately needed for the app package but for now this fix will have to do. Signed-off-by: Ophestra Umiker --- internal/app/share.runtime.go | 9 -------- internal/app/share.system.go | 43 ++++++++++++++++++++--------------- internal/app/system.go | 6 ++--- 3 files changed, 27 insertions(+), 31 deletions(-) diff --git a/internal/app/share.runtime.go b/internal/app/share.runtime.go index 0c7149e..79570e6 100644 --- a/internal/app/share.runtime.go +++ b/internal/app/share.runtime.go @@ -31,15 +31,6 @@ func (seal *appSeal) shareRuntime() { // ensure runtime directory ACL (e.g. `/run/user/%d`) seal.sys.UpdatePermType(system.User, seal.RuntimePath, acl.Execute) - // ensure Share (e.g. `/tmp/fortify.%d`) - // acl is unnecessary as this directory is world executable - seal.sys.Ensure(seal.SharePath, 0701) - - // ensure process-specific share (e.g. `/tmp/fortify.%d/%s`) - // acl is unnecessary as this directory is world executable - seal.share = path.Join(seal.SharePath, seal.id.String()) - seal.sys.Ephemeral(system.Process, seal.share, 0701) - // ensure process-specific share local to XDG_RUNTIME_DIR (e.g. `/run/user/%d/fortify/%s`) seal.shareLocal = path.Join(seal.RunDirPath, seal.id.String()) seal.sys.Ephemeral(system.Process, seal.shareLocal, 0700) diff --git a/internal/app/share.system.go b/internal/app/share.system.go index e4c848b..9b2565a 100644 --- a/internal/app/share.system.go +++ b/internal/app/share.system.go @@ -14,6 +14,31 @@ const ( // shareSystem queues various system-related actions func (seal *appSeal) shareSystem() { + // ensure Share (e.g. `/tmp/fortify.%d`) + // acl is unnecessary as this directory is world executable + seal.sys.Ensure(seal.SharePath, 0701) + + // ensure process-specific share (e.g. `/tmp/fortify.%d/%s`) + // acl is unnecessary as this directory is world executable + seal.share = path.Join(seal.SharePath, seal.id.String()) + seal.sys.Ephemeral(system.Process, seal.share, 0701) + + // ensure child tmpdir parent directory (e.g. `/tmp/fortify.%d/tmpdir`) + targetTmpdirParent := path.Join(seal.SharePath, "tmpdir") + seal.sys.Ensure(targetTmpdirParent, 0700) + seal.sys.UpdatePermType(system.User, targetTmpdirParent, acl.Execute) + + // ensure child tmpdir (e.g. `/tmp/fortify.%d/tmpdir/%d`) + targetTmpdir := path.Join(targetTmpdirParent, seal.sys.user.Uid) + seal.sys.Ensure(targetTmpdir, 01700) + seal.sys.UpdatePermType(system.User, targetTmpdir, acl.Read, acl.Write, acl.Execute) + seal.sys.bwrap.Bind(targetTmpdir, "/tmp", false, true) + + // mount tmpfs on inner shared directory (e.g. `/tmp/fortify.%d`) + seal.sys.bwrap.Tmpfs(seal.SharePath, 1*1024*1024) +} + +func (seal *appSeal) sharePasswd() { // look up shell sh := "/bin/sh" if s, ok := os.LookupEnv(shell); ok { @@ -44,21 +69,3 @@ func (seal *appSeal) shareSystem() { seal.sys.bwrap.Bind(passwdPath, "/etc/passwd") seal.sys.bwrap.Bind(groupPath, "/etc/group") } - -func (seal *appSeal) shareTmpdirChild() string { - // ensure child tmpdir parent directory (e.g. `/tmp/fortify.%d/tmpdir`) - targetTmpdirParent := path.Join(seal.SharePath, "tmpdir") - seal.sys.Ensure(targetTmpdirParent, 0700) - seal.sys.UpdatePermType(system.User, targetTmpdirParent, acl.Execute) - - // ensure child tmpdir (e.g. `/tmp/fortify.%d/tmpdir/%d`) - targetTmpdir := path.Join(targetTmpdirParent, seal.sys.user.Uid) - seal.sys.Ensure(targetTmpdir, 01700) - seal.sys.UpdatePermType(system.User, targetTmpdir, acl.Read, acl.Write, acl.Execute) - seal.sys.bwrap.Bind(targetTmpdir, "/tmp", false, true) - - // mount tmpfs on inner shared directory (e.g. `/tmp/fortify.%d`) - seal.sys.bwrap.Tmpfs(seal.SharePath, 1*1024*1024) - - return targetTmpdir -} diff --git a/internal/app/system.go b/internal/app/system.go index 4aeaec2..240b38b 100644 --- a/internal/app/system.go +++ b/internal/app/system.go @@ -8,7 +8,6 @@ import ( "git.ophivana.moe/cat/fortify/internal" "git.ophivana.moe/cat/fortify/internal/state" "git.ophivana.moe/cat/fortify/internal/system" - "git.ophivana.moe/cat/fortify/internal/verbose" ) // appSeal seals the application with child-related information @@ -76,10 +75,9 @@ func (seal *appSeal) shareAll(bus [2]*dbus.Config) error { } seal.shared = true - targetTmpdir := seal.shareTmpdirChild() - verbose.Printf("child tmpdir %q configured\n", targetTmpdir) - seal.shareRuntime() seal.shareSystem() + seal.shareRuntime() + seal.sharePasswd() if err := seal.shareDisplay(); err != nil { return err }