security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 35 Wiki Activity

proc: cleaner extra files
All checks were successful
test / test (push) Successful in 37s
Details

Browse Source 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra 2024-12-06 16:05:04 +09:00
parent b3ef53b193
commit cc816a1aaa
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
4 changed files with 27 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/fshim/ipc/shim/shim.go
View File

@ -16,6 +16,7 @@ import (
shim0 "git.ophivana.moe/security/fortify/cmd/fshim/ipc" shim0 "git.ophivana.moe/security/fortify/cmd/fshim/ipc"
"git.ophivana.moe/security/fortify/internal" "git.ophivana.moe/security/fortify/internal"
"git.ophivana.moe/security/fortify/internal/fmsg" "git.ophivana.moe/security/fortify/internal/fmsg"
"git.ophivana.moe/security/fortify/internal/proc"
) )
const shimSetupTimeout = 5 * time.Second const shimSetupTimeout = 5 * time.Second
@ -113,9 +114,8 @@ func (s *Shim) Start() (*time.Time, error) {
// pass sync fd if set // pass sync fd if set
if s.payload.Bwrap.Sync() != nil { if s.payload.Bwrap.Sync() != nil {
fd := uintptr(3 + len(s.cmd.ExtraFiles)) fd := proc.ExtraFile(s.cmd, s.payload.Bwrap.Sync())
s.payload.Sync = &fd s.payload.Sync = &fd
s.cmd.ExtraFiles = append(s.cmd.ExtraFiles, s.payload.Bwrap.Sync())
} }
fmsg.VPrintln("starting shim via fsu:", s.cmd) fmsg.VPrintln("starting shim via fsu:", s.cmd)

4
helper/bwrap.go
View File

@ -9,6 +9,7 @@ import (
"sync" "sync"
"git.ophivana.moe/security/fortify/helper/bwrap" "git.ophivana.moe/security/fortify/helper/bwrap"
"git.ophivana.moe/security/fortify/internal/proc"
) )
// BubblewrapName is the file name or path to bubblewrap. // BubblewrapName is the file name or path to bubblewrap.
@ -76,8 +77,7 @@ func (b *bubblewrap) StartNotify(ready chan error) error {
} }
if b.sync != nil { if b.sync != nil {
b.Cmd.Args = append(b.Cmd.Args, "--sync-fd", strconv.Itoa(3+len(b.Cmd.ExtraFiles))) b.Cmd.Args = append(b.Cmd.Args, "--sync-fd", strconv.Itoa(int(proc.ExtraFile(b.Cmd, b.sync))))
b.Cmd.ExtraFiles = append(b.Cmd.ExtraFiles, b.sync)
} }
if err := b.Cmd.Start(); err != nil { if err := b.Cmd.Start(); err != nil {

21
helper/pipe.go
View File

@ -5,6 +5,8 @@ import (
"io" "io"
"os" "os"
"os/exec" "os/exec"
"git.ophivana.moe/security/fortify/internal/proc"
) )
type pipes struct { type pipes struct {
@ -47,24 +49,21 @@ func (p *pipes) pipe() error {
} }
// calls pipe to create pipes and sets them up as ExtraFiles, returning their fd // calls pipe to create pipes and sets them up as ExtraFiles, returning their fd
func (p *pipes) prepareCmd(cmd *exec.Cmd) (int, int, error) { func (p *pipes) prepareCmd(cmd *exec.Cmd) (argsFd, statFd int, err error) {
if err := p.pipe(); err != nil { argsFd, statFd = -1, -1
return -1, -1, err if err = p.pipe(); err != nil {
return
} }
// save a reference of cmd for future use // save a reference of cmd for future use
p.cmd = cmd p.cmd = cmd
// ExtraFiles: If non-nil, entry i becomes file descriptor 3+i. argsFd = int(proc.ExtraFile(cmd, p.argsP[0]))
argsFd := 3 + len(cmd.ExtraFiles)
cmd.ExtraFiles = append(cmd.ExtraFiles, p.argsP[0])
if p.ready != nil { if p.ready != nil {
cmd.ExtraFiles = append(cmd.ExtraFiles, p.statP[1]) statFd = int(proc.ExtraFile(cmd, p.statP[1]))
return argsFd, argsFd + 1, nil
} else {
return argsFd, -1, nil
} }
return
} }
func (p *pipes) readyWriteArgs() error { func (p *pipes) readyWriteArgs() error {

13
internal/proc/files.go Normal file
View File

@ -0,0 +1,13 @@
package proc
import (
"os"
"os/exec"
)
func ExtraFile(cmd *exec.Cmd, f *os.File) (fd uintptr) {
// ExtraFiles: If non-nil, entry i becomes file descriptor 3+i.
fd = uintptr(3 + len(cmd.ExtraFiles))
cmd.ExtraFiles = append(cmd.ExtraFiles, f)
return
}