Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
b3ef53b193
commit
cc816a1aaa
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
@ -16,6 +16,7 @@ import (
|
||||
shim0 "git.ophivana.moe/security/fortify/cmd/fshim/ipc"
|
||||
"git.ophivana.moe/security/fortify/internal"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/security/fortify/internal/proc"
|
||||
)
|
||||
|
||||
const shimSetupTimeout = 5 * time.Second
|
||||
@ -113,9 +114,8 @@ func (s *Shim) Start() (*time.Time, error) {
|
||||
|
||||
// pass sync fd if set
|
||||
if s.payload.Bwrap.Sync() != nil {
|
||||
fd := uintptr(3 + len(s.cmd.ExtraFiles))
|
||||
fd := proc.ExtraFile(s.cmd, s.payload.Bwrap.Sync())
|
||||
s.payload.Sync = &fd
|
||||
s.cmd.ExtraFiles = append(s.cmd.ExtraFiles, s.payload.Bwrap.Sync())
|
||||
}
|
||||
|
||||
fmsg.VPrintln("starting shim via fsu:", s.cmd)
|
||||
|
||||
@ -9,6 +9,7 @@ import (
|
||||
"sync"
|
||||
|
||||
"git.ophivana.moe/security/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/security/fortify/internal/proc"
|
||||
)
|
||||
|
||||
// BubblewrapName is the file name or path to bubblewrap.
|
||||
@ -76,8 +77,7 @@ func (b *bubblewrap) StartNotify(ready chan error) error {
|
||||
}
|
||||
|
||||
if b.sync != nil {
|
||||
b.Cmd.Args = append(b.Cmd.Args, "--sync-fd", strconv.Itoa(3+len(b.Cmd.ExtraFiles)))
|
||||
b.Cmd.ExtraFiles = append(b.Cmd.ExtraFiles, b.sync)
|
||||
b.Cmd.Args = append(b.Cmd.Args, "--sync-fd", strconv.Itoa(int(proc.ExtraFile(b.Cmd, b.sync))))
|
||||
}
|
||||
|
||||
if err := b.Cmd.Start(); err != nil {
|
||||
|
||||
@ -5,6 +5,8 @@ import (
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
|
||||
"git.ophivana.moe/security/fortify/internal/proc"
|
||||
)
|
||||
|
||||
type pipes struct {
|
||||
@ -47,24 +49,21 @@ func (p *pipes) pipe() error {
|
||||
}
|
||||
|
||||
// calls pipe to create pipes and sets them up as ExtraFiles, returning their fd
|
||||
func (p *pipes) prepareCmd(cmd *exec.Cmd) (int, int, error) {
|
||||
if err := p.pipe(); err != nil {
|
||||
return -1, -1, err
|
||||
func (p *pipes) prepareCmd(cmd *exec.Cmd) (argsFd, statFd int, err error) {
|
||||
argsFd, statFd = -1, -1
|
||||
if err = p.pipe(); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// save a reference of cmd for future use
|
||||
p.cmd = cmd
|
||||
|
||||
// ExtraFiles: If non-nil, entry i becomes file descriptor 3+i.
|
||||
argsFd := 3 + len(cmd.ExtraFiles)
|
||||
cmd.ExtraFiles = append(cmd.ExtraFiles, p.argsP[0])
|
||||
|
||||
argsFd = int(proc.ExtraFile(cmd, p.argsP[0]))
|
||||
if p.ready != nil {
|
||||
cmd.ExtraFiles = append(cmd.ExtraFiles, p.statP[1])
|
||||
return argsFd, argsFd + 1, nil
|
||||
} else {
|
||||
return argsFd, -1, nil
|
||||
statFd = int(proc.ExtraFile(cmd, p.statP[1]))
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func (p *pipes) readyWriteArgs() error {
|
||||
|
||||
13
internal/proc/files.go
Normal file
13
internal/proc/files.go
Normal file
@ -0,0 +1,13 @@
|
||||
package proc
|
||||
|
||||
import (
|
||||
"os"
|
||||
"os/exec"
|
||||
)
|
||||
|
||||
func ExtraFile(cmd *exec.Cmd, f *os.File) (fd uintptr) {
|
||||
// ExtraFiles: If non-nil, entry i becomes file descriptor 3+i.
|
||||
fd = uintptr(3 + len(cmd.ExtraFiles))
|
||||
cmd.ExtraFiles = append(cmd.ExtraFiles, f)
|
||||
return
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user