internal/sys: wrap getuid/getgid

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 17:10:03 +09:00 · 2025-03-17 17:10:03 +09:00 · 7c063833e0
commit 7c063833e0
parent af3619d440
4 changed files with 11 additions and 7 deletions
--- a/fst/sandbox.go
+++ b/fst/sandbox.go
@ -47,7 +47,7 @@ type SandboxConfig struct {

 // SandboxSys encapsulates system functions used during the creation of [bwrap.Config].
 type SandboxSys interface {
-	Geteuid() int
+	Getuid() int
 	Paths() Paths
 	ReadDir(name string) ([]fs.DirEntry, error)
 	EvalSymlinks(path string) (string, error)
@ -73,7 +73,7 @@ func (s *SandboxConfig) Bwrap(sys SandboxSys, uid *int) (*bwrap.Config, error) {
 	} else {
 		// some programs fail to connect to dbus session running as a different uid, so a separate workaround
 		// is introduced to map priv-side caller uid in namespace
-		*uid = sys.Geteuid()
+		*uid = sys.Getuid()
 	}

 	conf := (&bwrap.Config{
--- a/internal/app/app_stub_test.go
+++ b/internal/app/app_stub_test.go
@ -17,7 +17,8 @@ type stubNixOS struct {
 	usernameErr map[string]error
 }

-func (s *stubNixOS) Geteuid() int                             { return 1971 }
+func (s *stubNixOS) Getuid() int                              { return 1971 }
+func (s *stubNixOS) Getgid() int                              { return 100 }
 func (s *stubNixOS) TempDir() string                          { return "/tmp" }
 func (s *stubNixOS) MustExecutable() string                   { return "/run/wrappers/bin/fortify" }
 func (s *stubNixOS) Exit(code int)                            { panic("called exit on stub with code " + strconv.Itoa(code)) }
--- a/internal/sys/interface.go
+++ b/internal/sys/interface.go
@ -12,8 +12,10 @@ import (

 // State provides safe interaction with operating system state.
 type State interface {
-	// Geteuid provides [os.Geteuid].
-	Geteuid() int
+	// Getuid provides [os.Getuid].
+	Getuid() int
+	// Getgid provides [os.Getgid].
+	Getgid() int
 	// LookupEnv provides [os.LookupEnv].
 	LookupEnv(key string) (string, bool)
 	// TempDir provides [os.TempDir].
@ -47,7 +49,7 @@ type State interface {

 // CopyPaths is a generic implementation of [System.Paths].
 func CopyPaths(os State, v *fst.Paths) {
-	v.SharePath = path.Join(os.TempDir(), "fortify."+strconv.Itoa(os.Geteuid()))
+	v.SharePath = path.Join(os.TempDir(), "fortify."+strconv.Itoa(os.Getuid()))

 	fmsg.Verbosef("process share directory at %q", v.SharePath)

--- a/internal/sys/std.go
+++ b/internal/sys/std.go
@ -31,7 +31,8 @@ type Std struct {
 	uidMu sync.RWMutex
 }

-func (s *Std) Geteuid() int                                 { return os.Geteuid() }
+func (s *Std) Getuid() int                                  { return os.Getuid() }
+func (s *Std) Getgid() int                                  { return os.Getgid() }
 func (s *Std) LookupEnv(key string) (string, bool)          { return os.LookupEnv(key) }
 func (s *Std) TempDir() string                              { return os.TempDir() }
 func (s *Std) LookPath(file string) (string, error)         { return exec.LookPath(file) }