security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 35 Wiki Activity

helper/proc: pass extra files and start
All checks were successful
Test / Create distribution (push) Successful in 28s
Details
Test / Fortify (push) Successful in 2m41s
Details
Test / Fpkg (push) Successful in 3m38s
Details
Test / Data race detector (push) Successful in 3m53s
Details
Test / Flake checks (push) Successful in 59s
Details

Browse Source 
For integration with native container tooling.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-03-14 23:23:57 +09:00
parent 2647a71be1
commit 9e18d1de77
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
4 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
helper/bwrap.go
View File

@ -45,7 +45,7 @@ func (b *bubblewrap) Start(stat bool) error {
b.Cmd.Args = slices.Grow(b.Cmd.Args, 4+len(args)) b.Cmd.Args = slices.Grow(b.Cmd.Args, 4+len(args))
b.Cmd.Args = append(b.Cmd.Args, "--args", strconv.Itoa(int(b.argsFd)), "--", b.name) b.Cmd.Args = append(b.Cmd.Args, "--args", strconv.Itoa(int(b.argsFd)), "--", b.name)
b.Cmd.Args = append(b.Cmd.Args, args...) b.Cmd.Args = append(b.Cmd.Args, args...)
return proc.Fulfill(b.ctx, b.Cmd, b.files, b.extraFiles) return proc.Fulfill(b.ctx, &b.ExtraFiles, b.Cmd.Start, b.files, b.extraFiles)
} }
// MustNewBwrap initialises a new Bwrap instance with wt as the null-terminated argument writer. // MustNewBwrap initialises a new Bwrap instance with wt as the null-terminated argument writer.

5
helper/direct.go
View File

@ -9,8 +9,7 @@ import (
"git.gensokyo.uk/security/fortify/helper/proc" "git.gensokyo.uk/security/fortify/helper/proc"
) )
// direct wraps *exec.Cmd and manages status and args fd. // direct starts the helper directly and manages status and args fd.
// Args is always 3 and status if set is always 4.
type direct struct { type direct struct {
lock sync.RWMutex lock sync.RWMutex
*helperCmd *helperCmd
@ -28,7 +27,7 @@ func (h *direct) Start(stat bool) error {
args := h.finalise(stat) args := h.finalise(stat)
h.Cmd.Args = append(h.Cmd.Args, args...) h.Cmd.Args = append(h.Cmd.Args, args...)
return proc.Fulfill(h.ctx, h.Cmd, h.files, h.extraFiles) return proc.Fulfill(h.ctx, &h.ExtraFiles, h.Cmd.Start, h.files, h.extraFiles)
} }
// New initialises a new direct Helper instance with wt as the null-terminated argument writer. // New initialises a new direct Helper instance with wt as the null-terminated argument writer.

9
helper/proc/files.go
View File

@ -60,7 +60,10 @@ func (f *ExtraFilesPre) copy(e []*os.File) []*os.File {
} }
// Fulfill calls the [File.Fulfill] method on all files, starts cmd and blocks until all fulfillment completes. // Fulfill calls the [File.Fulfill] method on all files, starts cmd and blocks until all fulfillment completes.
func Fulfill(ctx context.Context, cmd *exec.Cmd, files []File, extraFiles *ExtraFilesPre) (err error) { func Fulfill(ctx context.Context,
v *[]*os.File, start func() error,
files []File, extraFiles *ExtraFilesPre,
) (err error) {
var ecs int var ecs int
for _, o := range files { for _, o := range files {
ecs += o.ErrCount() ecs += o.ErrCount()
@ -77,8 +80,8 @@ func Fulfill(ctx context.Context, cmd *exec.Cmd, files []File, extraFiles *Extra
} }
} }
cmd.ExtraFiles = extraFiles.Files() *v = extraFiles.Files()
if err = cmd.Start(); err != nil { if err = start(); err != nil {
return return
} }

17
internal/executable_test.go Normal file
View File

@ -0,0 +1,17 @@
package internal_test
import (
"os"
"testing"
"git.gensokyo.uk/security/fortify/internal"
)
func TestExecutable(t *testing.T) {
for i := 0; i < 16; i++ {
if got := internal.MustExecutable(); got != os.Args[0] {
t.Errorf("MustExecutable: %q, want %q",
got, os.Args[0])
}
}
}