system: move sd_booted implementation to os abstraction
All checks were successful
test / test (push) Successful in 21s
All checks were successful
test / test (push) Successful in 21s
This implements lazy loading of the systemd marker (they are not accessed in init and shim) and ensures consistent behaviour when running with a stub. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
parent
148cb72579
commit
d86dc5a993
@ -6,7 +6,6 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"git.ophivana.moe/security/fortify/dbus"
|
"git.ophivana.moe/security/fortify/dbus"
|
||||||
"git.ophivana.moe/security/fortify/internal"
|
|
||||||
"git.ophivana.moe/security/fortify/internal/app"
|
"git.ophivana.moe/security/fortify/internal/app"
|
||||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||||
"git.ophivana.moe/security/fortify/internal/system"
|
"git.ophivana.moe/security/fortify/internal/system"
|
||||||
@ -50,7 +49,7 @@ func init() {
|
|||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
methodHelpString := "Method of launching the child process, can be one of \"sudo\""
|
methodHelpString := "Method of launching the child process, can be one of \"sudo\""
|
||||||
if internal.SdBootedV {
|
if os.SdBooted() {
|
||||||
methodHelpString += ", \"systemd\""
|
methodHelpString += ", \"systemd\""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -586,3 +586,7 @@ func (s *stubNixOS) Paths() internal.Paths {
|
|||||||
RunDirPath: "/run/user/1971/fortify",
|
RunDirPath: "/run/user/1971/fortify",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *stubNixOS) SdBooted() bool {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
@ -108,7 +108,7 @@ func (a *app) Seal(config *Config) error {
|
|||||||
}
|
}
|
||||||
case method[LaunchMethodMachineCtl]:
|
case method[LaunchMethodMachineCtl]:
|
||||||
seal.launchOption = LaunchMethodMachineCtl
|
seal.launchOption = LaunchMethodMachineCtl
|
||||||
if !internal.SdBootedV {
|
if !a.os.SdBooted() {
|
||||||
return fmsg.WrapError(ErrSystemd,
|
return fmsg.WrapError(ErrSystemd,
|
||||||
"system has not been booted with systemd as init system")
|
"system has not been booted with systemd as init system")
|
||||||
}
|
}
|
||||||
|
@ -1,35 +0,0 @@
|
|||||||
package internal
|
|
||||||
|
|
||||||
import (
|
|
||||||
"errors"
|
|
||||||
"io/fs"
|
|
||||||
"os"
|
|
||||||
|
|
||||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
systemdCheckPath = "/run/systemd/system"
|
|
||||||
)
|
|
||||||
|
|
||||||
var SdBootedV = func() bool {
|
|
||||||
if v, err := SdBooted(); err != nil {
|
|
||||||
fmsg.Println("cannot read systemd marker:", err)
|
|
||||||
return false
|
|
||||||
} else {
|
|
||||||
return v
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
// SdBooted implements https://www.freedesktop.org/software/systemd/man/sd_booted.html
|
|
||||||
func SdBooted() (bool, error) {
|
|
||||||
_, err := os.Stat(systemdCheckPath)
|
|
||||||
if err != nil {
|
|
||||||
if errors.Is(err, fs.ErrNotExist) {
|
|
||||||
err = nil
|
|
||||||
}
|
|
||||||
return false, err
|
|
||||||
}
|
|
||||||
|
|
||||||
return true, nil
|
|
||||||
}
|
|
@ -1,6 +1,7 @@
|
|||||||
package internal
|
package internal
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"io/fs"
|
"io/fs"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
@ -37,6 +38,8 @@ type System interface {
|
|||||||
|
|
||||||
// Paths returns a populated [Paths] struct.
|
// Paths returns a populated [Paths] struct.
|
||||||
Paths() Paths
|
Paths() Paths
|
||||||
|
// SdBooted implements https://www.freedesktop.org/software/systemd/man/sd_booted.html
|
||||||
|
SdBooted() bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// Paths contains environment dependent paths used by fortify.
|
// Paths contains environment dependent paths used by fortify.
|
||||||
@ -71,46 +74,21 @@ func CopyPaths(os System, v *Paths) {
|
|||||||
type Std struct {
|
type Std struct {
|
||||||
paths Paths
|
paths Paths
|
||||||
pathsOnce sync.Once
|
pathsOnce sync.Once
|
||||||
|
|
||||||
|
sdBooted bool
|
||||||
|
sdBootedOnce sync.Once
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *Std) Geteuid() int {
|
func (s *Std) Geteuid() int { return os.Geteuid() }
|
||||||
return os.Geteuid()
|
func (s *Std) LookupEnv(key string) (string, bool) { return os.LookupEnv(key) }
|
||||||
}
|
func (s *Std) TempDir() string { return os.TempDir() }
|
||||||
|
func (s *Std) LookPath(file string) (string, error) { return exec.LookPath(file) }
|
||||||
func (s *Std) LookupEnv(key string) (string, bool) {
|
func (s *Std) Executable() (string, error) { return os.Executable() }
|
||||||
return os.LookupEnv(key)
|
func (s *Std) Lookup(username string) (*user.User, error) { return user.Lookup(username) }
|
||||||
}
|
func (s *Std) ReadDir(name string) ([]os.DirEntry, error) { return os.ReadDir(name) }
|
||||||
|
func (s *Std) Stat(name string) (fs.FileInfo, error) { return os.Stat(name) }
|
||||||
func (s *Std) TempDir() string {
|
func (s *Std) Open(name string) (fs.File, error) { return os.Open(name) }
|
||||||
return os.TempDir()
|
func (s *Std) Exit(code int) { fmsg.Exit(code) }
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Std) LookPath(file string) (string, error) {
|
|
||||||
return exec.LookPath(file)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Std) Executable() (string, error) {
|
|
||||||
return os.Executable()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Std) Lookup(username string) (*user.User, error) {
|
|
||||||
return user.Lookup(username)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Std) ReadDir(name string) ([]os.DirEntry, error) {
|
|
||||||
return os.ReadDir(name)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Std) Stat(name string) (fs.FileInfo, error) {
|
|
||||||
return os.Stat(name)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Std) Open(name string) (fs.File, error) {
|
|
||||||
return os.Open(name)
|
|
||||||
}
|
|
||||||
func (s *Std) Exit(code int) {
|
|
||||||
fmsg.Exit(code)
|
|
||||||
}
|
|
||||||
|
|
||||||
const xdgRuntimeDir = "XDG_RUNTIME_DIR"
|
const xdgRuntimeDir = "XDG_RUNTIME_DIR"
|
||||||
|
|
||||||
@ -118,3 +96,31 @@ func (s *Std) Paths() Paths {
|
|||||||
s.pathsOnce.Do(func() { CopyPaths(s, &s.paths) })
|
s.pathsOnce.Do(func() { CopyPaths(s, &s.paths) })
|
||||||
return s.paths
|
return s.paths
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *Std) SdBooted() bool {
|
||||||
|
s.sdBootedOnce.Do(func() { s.sdBooted = copySdBooted() })
|
||||||
|
return s.sdBooted
|
||||||
|
}
|
||||||
|
|
||||||
|
const systemdCheckPath = "/run/systemd/system"
|
||||||
|
|
||||||
|
func copySdBooted() bool {
|
||||||
|
if v, err := sdBooted(); err != nil {
|
||||||
|
fmsg.Println("cannot read systemd marker:", err)
|
||||||
|
return false
|
||||||
|
} else {
|
||||||
|
return v
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func sdBooted() (bool, error) {
|
||||||
|
_, err := os.Stat(systemdCheckPath)
|
||||||
|
if err != nil {
|
||||||
|
if errors.Is(err, fs.ErrNotExist) {
|
||||||
|
err = nil
|
||||||
|
}
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return true, nil
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user