cmd/fshim: ensure data directory

Ensuring home directory in shim causes the directory to be owned by the target user.

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/fshim/ipc/payload.go

@@ -13,6 +13,8 @@ type Payload struct {
 	Exec [2]string
 	// bwrap config
 	Bwrap *bwrap.Config
+	// path to outer home directory
+	Home string
 	// sync fd
 	Sync *uintptr
 

cmd/fshim/main.go

@@ -81,6 +81,21 @@ func main() {
 		// not fatal
 	}
 
+	// ensure home directory as target user
+	if s, err := os.Stat(payload.Home); err != nil {
+		if os.IsNotExist(err) {
+			if err = os.Mkdir(payload.Home, 0700); err != nil {
+				fmsg.Fatalf("cannot create home directory: %v", err)
+			}
+		} else {
+			fmsg.Fatalf("cannot access home directory: %v", err)
+		}
+
+		// home directory is created, proceed
+	} else if !s.IsDir() {
+		fmsg.Fatalf("data path %q is not a directory", payload.Home)
+	}
+
 	var ic init0.Payload
 
 	// resolve argv0

internal/app/start.go

@@ -49,6 +49,7 @@ func (a *app) Start() error {
 			Argv:  a.seal.command,
 			Exec:  shimExec,
 			Bwrap: a.seal.sys.bwrap,
+			Home:  a.seal.sys.user.data,
 
 			Verbose: fmsg.Verbose(),
 		},