system: move sd_booted implementation to os abstraction
All checks were successful
test / test (push) Successful in 21s

This implements lazy loading of the systemd marker (they are not accessed in init and shim) and ensures consistent behaviour when running with a stub.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra 2024-10-27 12:08:17 +09:00
parent 148cb72579
commit d86dc5a993
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
6 changed files with 51 additions and 77 deletions

View File

@ -6,7 +6,6 @@ import (
"fmt" "fmt"
"git.ophivana.moe/security/fortify/dbus" "git.ophivana.moe/security/fortify/dbus"
"git.ophivana.moe/security/fortify/internal"
"git.ophivana.moe/security/fortify/internal/app" "git.ophivana.moe/security/fortify/internal/app"
"git.ophivana.moe/security/fortify/internal/fmsg" "git.ophivana.moe/security/fortify/internal/fmsg"
"git.ophivana.moe/security/fortify/internal/system" "git.ophivana.moe/security/fortify/internal/system"
@ -50,7 +49,7 @@ func init() {
func init() { func init() {
methodHelpString := "Method of launching the child process, can be one of \"sudo\"" methodHelpString := "Method of launching the child process, can be one of \"sudo\""
if internal.SdBootedV { if os.SdBooted() {
methodHelpString += ", \"systemd\"" methodHelpString += ", \"systemd\""
} }

View File

@ -586,3 +586,7 @@ func (s *stubNixOS) Paths() internal.Paths {
RunDirPath: "/run/user/1971/fortify", RunDirPath: "/run/user/1971/fortify",
} }
} }
func (s *stubNixOS) SdBooted() bool {
return true
}

View File

@ -108,7 +108,7 @@ func (a *app) Seal(config *Config) error {
} }
case method[LaunchMethodMachineCtl]: case method[LaunchMethodMachineCtl]:
seal.launchOption = LaunchMethodMachineCtl seal.launchOption = LaunchMethodMachineCtl
if !internal.SdBootedV { if !a.os.SdBooted() {
return fmsg.WrapError(ErrSystemd, return fmsg.WrapError(ErrSystemd,
"system has not been booted with systemd as init system") "system has not been booted with systemd as init system")
} }

View File

@ -1,35 +0,0 @@
package internal
import (
"errors"
"io/fs"
"os"
"git.ophivana.moe/security/fortify/internal/fmsg"
)
const (
systemdCheckPath = "/run/systemd/system"
)
var SdBootedV = func() bool {
if v, err := SdBooted(); err != nil {
fmsg.Println("cannot read systemd marker:", err)
return false
} else {
return v
}
}()
// SdBooted implements https://www.freedesktop.org/software/systemd/man/sd_booted.html
func SdBooted() (bool, error) {
_, err := os.Stat(systemdCheckPath)
if err != nil {
if errors.Is(err, fs.ErrNotExist) {
err = nil
}
return false, err
}
return true, nil
}

View File

@ -1,6 +1,7 @@
package internal package internal
import ( import (
"errors"
"io/fs" "io/fs"
"os" "os"
"os/exec" "os/exec"
@ -37,6 +38,8 @@ type System interface {
// Paths returns a populated [Paths] struct. // Paths returns a populated [Paths] struct.
Paths() Paths Paths() Paths
// SdBooted implements https://www.freedesktop.org/software/systemd/man/sd_booted.html
SdBooted() bool
} }
// Paths contains environment dependent paths used by fortify. // Paths contains environment dependent paths used by fortify.
@ -71,46 +74,21 @@ func CopyPaths(os System, v *Paths) {
type Std struct { type Std struct {
paths Paths paths Paths
pathsOnce sync.Once pathsOnce sync.Once
sdBooted bool
sdBootedOnce sync.Once
} }
func (s *Std) Geteuid() int { func (s *Std) Geteuid() int { return os.Geteuid() }
return os.Geteuid() func (s *Std) LookupEnv(key string) (string, bool) { return os.LookupEnv(key) }
} func (s *Std) TempDir() string { return os.TempDir() }
func (s *Std) LookPath(file string) (string, error) { return exec.LookPath(file) }
func (s *Std) LookupEnv(key string) (string, bool) { func (s *Std) Executable() (string, error) { return os.Executable() }
return os.LookupEnv(key) func (s *Std) Lookup(username string) (*user.User, error) { return user.Lookup(username) }
} func (s *Std) ReadDir(name string) ([]os.DirEntry, error) { return os.ReadDir(name) }
func (s *Std) Stat(name string) (fs.FileInfo, error) { return os.Stat(name) }
func (s *Std) TempDir() string { func (s *Std) Open(name string) (fs.File, error) { return os.Open(name) }
return os.TempDir() func (s *Std) Exit(code int) { fmsg.Exit(code) }
}
func (s *Std) LookPath(file string) (string, error) {
return exec.LookPath(file)
}
func (s *Std) Executable() (string, error) {
return os.Executable()
}
func (s *Std) Lookup(username string) (*user.User, error) {
return user.Lookup(username)
}
func (s *Std) ReadDir(name string) ([]os.DirEntry, error) {
return os.ReadDir(name)
}
func (s *Std) Stat(name string) (fs.FileInfo, error) {
return os.Stat(name)
}
func (s *Std) Open(name string) (fs.File, error) {
return os.Open(name)
}
func (s *Std) Exit(code int) {
fmsg.Exit(code)
}
const xdgRuntimeDir = "XDG_RUNTIME_DIR" const xdgRuntimeDir = "XDG_RUNTIME_DIR"
@ -118,3 +96,31 @@ func (s *Std) Paths() Paths {
s.pathsOnce.Do(func() { CopyPaths(s, &s.paths) }) s.pathsOnce.Do(func() { CopyPaths(s, &s.paths) })
return s.paths return s.paths
} }
func (s *Std) SdBooted() bool {
s.sdBootedOnce.Do(func() { s.sdBooted = copySdBooted() })
return s.sdBooted
}
const systemdCheckPath = "/run/systemd/system"
func copySdBooted() bool {
if v, err := sdBooted(); err != nil {
fmsg.Println("cannot read systemd marker:", err)
return false
} else {
return v
}
}
func sdBooted() (bool, error) {
_, err := os.Stat(systemdCheckPath)
if err != nil {
if errors.Is(err, fs.ErrNotExist) {
err = nil
}
return false, err
}
return true, nil
}

View File

@ -30,7 +30,7 @@ func main() {
flag.Parse() flag.Parse()
fmsg.SetVerbose(flagVerbose) fmsg.SetVerbose(flagVerbose)
if internal.SdBootedV { if os.SdBooted() {
fmsg.VPrintln("system booted with systemd as init system") fmsg.VPrintln("system booted with systemd as init system")
} }