system: move enablements from state package
This removes the unnecessary import of the state package. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
084cd84f36
commit
c21168a741
16
config.go
16
config.go
@ -9,7 +9,7 @@ import (
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/internal"
|
||||
"git.ophivana.moe/cat/fortify/internal/app"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -24,7 +24,7 @@ var (
|
||||
dbusVerbose bool
|
||||
|
||||
userName string
|
||||
enablements [state.EnableLength]bool
|
||||
enablements [system.ELen]bool
|
||||
|
||||
launchMethodText string
|
||||
)
|
||||
@ -42,10 +42,10 @@ func init() {
|
||||
flag.BoolVar(&dbusVerbose, "dbus-log", false, "Force logging in the D-Bus proxy")
|
||||
|
||||
flag.StringVar(&userName, "u", "chronos", "Passwd name of user to run as")
|
||||
flag.BoolVar(&enablements[state.EnableWayland], "wayland", false, "Share Wayland socket")
|
||||
flag.BoolVar(&enablements[state.EnableX], "X", false, "Share X11 socket and allow connection")
|
||||
flag.BoolVar(&enablements[state.EnableDBus], "dbus", false, "Proxy D-Bus connection")
|
||||
flag.BoolVar(&enablements[state.EnablePulse], "pulse", false, "Share PulseAudio socket and cookie")
|
||||
flag.BoolVar(&enablements[system.EWayland], "wayland", false, "Share Wayland socket")
|
||||
flag.BoolVar(&enablements[system.EX11], "X", false, "Share X11 socket and allow connection")
|
||||
flag.BoolVar(&enablements[system.EDBus], "dbus", false, "Proxy D-Bus connection")
|
||||
flag.BoolVar(&enablements[system.EPulse], "pulse", false, "Share PulseAudio socket and cookie")
|
||||
}
|
||||
|
||||
func init() {
|
||||
@ -98,14 +98,14 @@ func configFromFlags() (config *app.Config) {
|
||||
}
|
||||
|
||||
// enablements from flags
|
||||
for i := state.Enablement(0); i < state.EnableLength; i++ {
|
||||
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
|
||||
if enablements[i] {
|
||||
config.Confinement.Enablements.Set(i)
|
||||
}
|
||||
}
|
||||
|
||||
// parse D-Bus config file from flags if applicable
|
||||
if enablements[state.EnableDBus] {
|
||||
if enablements[system.EDBus] {
|
||||
if dbusConfigSession == "builtin" {
|
||||
config.Confinement.SessionBus = dbus.NewConfig(dbusID, true, mpris)
|
||||
} else {
|
||||
|
@ -6,7 +6,7 @@ import (
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
)
|
||||
|
||||
func init() {
|
||||
@ -41,7 +41,7 @@ type ConfinementConfig struct {
|
||||
SessionBus *dbus.Config `json:"session_bus,omitempty"`
|
||||
|
||||
// child capability enablements
|
||||
Enablements state.Enablements `json:"enablements"`
|
||||
Enablements system.Enablements `json:"enablements"`
|
||||
}
|
||||
|
||||
// SandboxConfig describes resources made available to the sandbox.
|
||||
@ -171,7 +171,7 @@ func Template() *Config {
|
||||
Log: false,
|
||||
Filter: true,
|
||||
},
|
||||
Enablements: state.EnableWayland.Mask() | state.EnableDBus.Mask() | state.EnablePulse.Mask(),
|
||||
Enablements: system.EWayland.Mask() | system.EDBus.Mask() | system.EPulse.Mask(),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
@ -167,7 +167,7 @@ func (a *app) Seal(config *Config) error {
|
||||
conf.Override = append(conf.Override, nscd)
|
||||
}
|
||||
// bind GPU stuff
|
||||
if config.Confinement.Enablements.Has(state.EnableX) || config.Confinement.Enablements.Has(state.EnableWayland) {
|
||||
if config.Confinement.Enablements.Has(system.EX11) || config.Confinement.Enablements.Has(system.EWayland) {
|
||||
conf.Filesystem = append(conf.Filesystem, &FilesystemConfig{Src: "/dev/dri", Device: true})
|
||||
}
|
||||
config.Confinement.Sandbox = conf
|
||||
|
@ -5,7 +5,7 @@ import (
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -14,7 +14,7 @@ const (
|
||||
)
|
||||
|
||||
func (seal *appSeal) shareDBus(config [2]*dbus.Config) error {
|
||||
if !seal.et.Has(state.EnableDBus) {
|
||||
if !seal.et.Has(system.EDBus) {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -7,7 +7,7 @@ import (
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -30,7 +30,7 @@ func (seal *appSeal) shareDisplay() error {
|
||||
}
|
||||
|
||||
// set up wayland
|
||||
if seal.et.Has(state.EnableWayland) {
|
||||
if seal.et.Has(system.EWayland) {
|
||||
if wd, ok := os.LookupEnv(waylandDisplay); !ok {
|
||||
return fmsg.WrapError(ErrWayland,
|
||||
"WAYLAND_DISPLAY is not set")
|
||||
@ -44,7 +44,7 @@ func (seal *appSeal) shareDisplay() error {
|
||||
seal.sys.bwrap.Bind(wpi, w)
|
||||
|
||||
// ensure Wayland socket ACL (e.g. `/run/user/%d/wayland-%d`)
|
||||
seal.sys.UpdatePermType(state.EnableWayland, wp, acl.Read, acl.Write, acl.Execute)
|
||||
seal.sys.UpdatePermType(system.EWayland, wp, acl.Read, acl.Write, acl.Execute)
|
||||
} else {
|
||||
// set wayland socket path (e.g. `/run/user/%d/wayland-%d`)
|
||||
seal.wl = path.Join(seal.RuntimePath, wd)
|
||||
@ -52,7 +52,7 @@ func (seal *appSeal) shareDisplay() error {
|
||||
}
|
||||
|
||||
// set up X11
|
||||
if seal.et.Has(state.EnableX) {
|
||||
if seal.et.Has(system.EX11) {
|
||||
// discover X11 and grant user permission via the `ChangeHosts` command
|
||||
if d, ok := os.LookupEnv(display); !ok {
|
||||
return fmsg.WrapError(ErrXDisplay,
|
||||
|
@ -8,7 +8,7 @@ import (
|
||||
"path"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -26,7 +26,7 @@ var (
|
||||
)
|
||||
|
||||
func (seal *appSeal) sharePulse() error {
|
||||
if !seal.et.Has(state.EnablePulse) {
|
||||
if !seal.et.Has(system.EPulse) {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -202,8 +202,8 @@ func (a *app) Wait() (int, error) {
|
||||
}
|
||||
|
||||
// enablements of remaining launchers
|
||||
rt, ec := new(state.Enablements), new(system.Criteria)
|
||||
ec.Enablements = new(state.Enablements)
|
||||
rt, ec := new(system.Enablements), new(system.Criteria)
|
||||
ec.Enablements = new(system.Enablements)
|
||||
ec.Set(system.Process)
|
||||
if states, err := b.Load(); err != nil {
|
||||
return err
|
||||
@ -222,14 +222,14 @@ func (a *app) Wait() (int, error) {
|
||||
}
|
||||
}
|
||||
// invert accumulated enablements for cleanup
|
||||
for i := state.Enablement(0); i < state.EnableLength; i++ {
|
||||
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
|
||||
if !rt.Has(i) {
|
||||
ec.Set(i)
|
||||
}
|
||||
}
|
||||
if verbose.Get() {
|
||||
labels := make([]string, 0, state.EnableLength+1)
|
||||
for i := state.Enablement(0); i < state.EnableLength+2; i++ {
|
||||
labels := make([]string, 0, system.ELen+1)
|
||||
for i := system.Enablement(0); i < system.Enablement(system.ELen+2); i++ {
|
||||
if ec.Has(i) {
|
||||
labels = append(labels, system.TypeString(i))
|
||||
}
|
||||
|
@ -38,7 +38,7 @@ type appSeal struct {
|
||||
// path to launcher program
|
||||
toolPath string
|
||||
// pass-through enablement tracking from config
|
||||
et state.Enablements
|
||||
et system.Enablements
|
||||
|
||||
// prevents sharing from happening twice
|
||||
shared bool
|
||||
|
@ -10,6 +10,7 @@ import (
|
||||
"text/tabwriter"
|
||||
"time"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
@ -85,7 +86,7 @@ func (s *simpleStore) mustPrintLauncherState(w **tabwriter.Writer, now time.Time
|
||||
// build enablements string
|
||||
ets := strings.Builder{}
|
||||
// append enablement strings in order
|
||||
for i := Enablement(0); i < EnableLength; i++ {
|
||||
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
|
||||
if state.Capability.Has(i) {
|
||||
ets.WriteString(", " + i.String())
|
||||
}
|
||||
|
@ -2,6 +2,8 @@ package state
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
)
|
||||
|
||||
type Store interface {
|
||||
@ -29,7 +31,7 @@ type State struct {
|
||||
// command used to seal the app
|
||||
Command []string
|
||||
// capability enablements applied to child
|
||||
Capability Enablements
|
||||
Capability system.Enablements
|
||||
|
||||
// resolved launcher path
|
||||
Launcher string
|
||||
|
@ -6,7 +6,6 @@ import (
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
@ -16,7 +15,7 @@ func (sys *I) UpdatePerm(path string, perms ...acl.Perm) {
|
||||
}
|
||||
|
||||
// UpdatePermType appends an acl update Op.
|
||||
func (sys *I) UpdatePermType(et state.Enablement, path string, perms ...acl.Perm) {
|
||||
func (sys *I) UpdatePermType(et Enablement, path string, perms ...acl.Perm) {
|
||||
sys.lock.Lock()
|
||||
defer sys.lock.Unlock()
|
||||
|
||||
@ -24,12 +23,12 @@ func (sys *I) UpdatePermType(et state.Enablement, path string, perms ...acl.Perm
|
||||
}
|
||||
|
||||
type ACL struct {
|
||||
et state.Enablement
|
||||
et Enablement
|
||||
path string
|
||||
perms []acl.Perm
|
||||
}
|
||||
|
||||
func (a *ACL) Type() state.Enablement {
|
||||
func (a *ACL) Type() Enablement {
|
||||
return a.et
|
||||
}
|
||||
|
||||
|
@ -7,7 +7,6 @@ import (
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
@ -69,7 +68,7 @@ type DBus struct {
|
||||
done chan struct{}
|
||||
}
|
||||
|
||||
func (d *DBus) Type() state.Enablement {
|
||||
func (d *DBus) Type() Enablement {
|
||||
return Process
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
package state
|
||||
package system
|
||||
|
||||
type (
|
||||
// Enablement represents an optional system resource
|
||||
@ -8,21 +8,21 @@ type (
|
||||
)
|
||||
|
||||
const (
|
||||
EnableWayland Enablement = iota
|
||||
EnableX
|
||||
EnableDBus
|
||||
EnablePulse
|
||||
|
||||
EnableLength
|
||||
EWayland Enablement = iota
|
||||
EX11
|
||||
EDBus
|
||||
EPulse
|
||||
)
|
||||
|
||||
var enablementString = [EnableLength]string{
|
||||
"Wayland",
|
||||
"X11",
|
||||
"D-Bus",
|
||||
"PulseAudio",
|
||||
var enablementString = [...]string{
|
||||
EWayland: "Wayland",
|
||||
EX11: "X11",
|
||||
EDBus: "D-Bus",
|
||||
EPulse: "PulseAudio",
|
||||
}
|
||||
|
||||
const ELen = len(enablementString)
|
||||
|
||||
func (e Enablement) String() string {
|
||||
return enablementString[e]
|
||||
}
|
@ -6,7 +6,6 @@ import (
|
||||
"os"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
@ -19,7 +18,7 @@ func (sys *I) Ensure(name string, perm os.FileMode) {
|
||||
}
|
||||
|
||||
// Ephemeral ensures the temporary existence and mode of a directory through the life of et.
|
||||
func (sys *I) Ephemeral(et state.Enablement, name string, perm os.FileMode) {
|
||||
func (sys *I) Ephemeral(et Enablement, name string, perm os.FileMode) {
|
||||
sys.lock.Lock()
|
||||
defer sys.lock.Unlock()
|
||||
|
||||
@ -27,13 +26,13 @@ func (sys *I) Ephemeral(et state.Enablement, name string, perm os.FileMode) {
|
||||
}
|
||||
|
||||
type Mkdir struct {
|
||||
et state.Enablement
|
||||
et Enablement
|
||||
path string
|
||||
perm os.FileMode
|
||||
ephemeral bool
|
||||
}
|
||||
|
||||
func (m *Mkdir) Type() state.Enablement {
|
||||
func (m *Mkdir) Type() Enablement {
|
||||
return m.et
|
||||
}
|
||||
|
||||
|
@ -4,19 +4,17 @@ import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"sync"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
)
|
||||
|
||||
const (
|
||||
// Process type is unconditionally reverted on exit.
|
||||
Process = state.EnableLength + 1
|
||||
// User type is reverted at final launcher exit.
|
||||
User = state.EnableLength
|
||||
User = Enablement(ELen)
|
||||
// Process type is unconditionally reverted on exit.
|
||||
Process = Enablement(ELen + 1)
|
||||
)
|
||||
|
||||
type Criteria struct {
|
||||
*state.Enablements
|
||||
*Enablements
|
||||
}
|
||||
|
||||
func (ec *Criteria) hasType(o Op) bool {
|
||||
@ -31,7 +29,7 @@ func (ec *Criteria) hasType(o Op) bool {
|
||||
// Op is a reversible system operation.
|
||||
type Op interface {
|
||||
// Type returns Op's enablement type.
|
||||
Type() state.Enablement
|
||||
Type() Enablement
|
||||
|
||||
// apply the Op
|
||||
apply(sys *I) error
|
||||
@ -43,7 +41,7 @@ type Op interface {
|
||||
String() string
|
||||
}
|
||||
|
||||
func TypeString(e state.Enablement) string {
|
||||
func TypeString(e Enablement) string {
|
||||
switch e {
|
||||
case User:
|
||||
return "User"
|
||||
|
@ -9,7 +9,6 @@ import (
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
)
|
||||
|
||||
@ -19,7 +18,7 @@ func (sys *I) CopyFile(dst, src string) {
|
||||
}
|
||||
|
||||
// CopyFileType registers a file copying Op labelled with type et.
|
||||
func (sys *I) CopyFileType(et state.Enablement, dst, src string) {
|
||||
func (sys *I) CopyFileType(et Enablement, dst, src string) {
|
||||
sys.lock.Lock()
|
||||
sys.ops = append(sys.ops, &Tmpfile{et, tmpfileCopy, dst, src})
|
||||
sys.lock.Unlock()
|
||||
@ -33,7 +32,7 @@ func (sys *I) Link(oldname, newname string) {
|
||||
}
|
||||
|
||||
// LinkFileType registers a file linking Op labelled with type et.
|
||||
func (sys *I) LinkFileType(et state.Enablement, oldname, newname string) {
|
||||
func (sys *I) LinkFileType(et Enablement, oldname, newname string) {
|
||||
sys.lock.Lock()
|
||||
defer sys.lock.Unlock()
|
||||
|
||||
@ -46,7 +45,7 @@ func (sys *I) Write(dst, src string) {
|
||||
}
|
||||
|
||||
// WriteType registers a file writing Op labelled with type et.
|
||||
func (sys *I) WriteType(et state.Enablement, dst, src string) {
|
||||
func (sys *I) WriteType(et Enablement, dst, src string) {
|
||||
sys.lock.Lock()
|
||||
sys.ops = append(sys.ops, &Tmpfile{et, tmpfileWrite, dst, src})
|
||||
sys.lock.Unlock()
|
||||
@ -61,12 +60,12 @@ const (
|
||||
)
|
||||
|
||||
type Tmpfile struct {
|
||||
et state.Enablement
|
||||
et Enablement
|
||||
method uint8
|
||||
dst, src string
|
||||
}
|
||||
|
||||
func (t *Tmpfile) Type() state.Enablement {
|
||||
func (t *Tmpfile) Type() Enablement {
|
||||
return t.et
|
||||
}
|
||||
|
||||
|
@ -4,7 +4,6 @@ import (
|
||||
"fmt"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/verbose"
|
||||
"git.ophivana.moe/cat/fortify/xcb"
|
||||
)
|
||||
@ -19,8 +18,8 @@ func (sys *I) ChangeHosts(username string) {
|
||||
|
||||
type XHost string
|
||||
|
||||
func (x XHost) Type() state.Enablement {
|
||||
return state.EnableX
|
||||
func (x XHost) Type() Enablement {
|
||||
return EX11
|
||||
}
|
||||
|
||||
func (x XHost) apply(_ *I) error {
|
||||
|
Loading…
Reference in New Issue
Block a user