security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 18 Wiki Activity

cmd/fshim: switch to generic setup func
All checks were successful
Tests / Go tests (push) Successful in 38s
Details
Nix / NixOS tests (push) Successful in 5m47s
Details

Browse Source 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra 2024-12-18 17:20:31 +09:00
parent 7f29b37a32
commit 7be53a2438
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/fshim/main.go
View File

@ -13,6 +13,7 @@ import (
"git.ophivana.moe/security/fortify/helper" "git.ophivana.moe/security/fortify/helper"
"git.ophivana.moe/security/fortify/internal" "git.ophivana.moe/security/fortify/internal"
"git.ophivana.moe/security/fortify/internal/fmsg" "git.ophivana.moe/security/fortify/internal/fmsg"
"git.ophivana.moe/security/fortify/internal/proc"
) )
// everything beyond this point runs as unconstrained target user // everything beyond this point runs as unconstrained target user
@ -110,17 +111,14 @@ func main() {
var extraFiles []*os.File var extraFiles []*os.File
// share config pipe // serve setup payload
if r, w, err := os.Pipe(); err != nil { if fd, encoder, err := proc.Setup(&extraFiles); err != nil {
fmsg.Fatalf("cannot pipe: %v", err) fmsg.Fatalf("cannot pipe: %v", err)
} else { } else {
conf.SetEnv[init0.Env] = strconv.Itoa(3 + len(extraFiles)) conf.SetEnv[init0.Env] = strconv.Itoa(fd)
extraFiles = append(extraFiles, r)
fmsg.VPrintln("transmitting config to init")
go func() { go func() {
// stream config to pipe fmsg.VPrintln("transmitting config to init")
if err = gob.NewEncoder(w).Encode(&ic); err != nil { if err = encoder.Encode(&ic); err != nil {
fmsg.Fatalf("cannot transmit init config: %v", err) fmsg.Fatalf("cannot transmit init config: %v", err)
} }
}() }()