sys: rename from linux
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
2c9c7fee5b
commit
e0f321b2c4
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
@ -9,7 +9,7 @@ import (
|
||||
"git.gensokyo.uk/security/fortify/dbus"
|
||||
"git.gensokyo.uk/security/fortify/helper/bwrap"
|
||||
"git.gensokyo.uk/security/fortify/internal/fmsg"
|
||||
"git.gensokyo.uk/security/fortify/internal/linux"
|
||||
"git.gensokyo.uk/security/fortify/internal/sys"
|
||||
)
|
||||
|
||||
// SandboxConfig describes resources made available to the sandbox.
|
||||
@ -47,7 +47,7 @@ type SandboxConfig struct {
|
||||
|
||||
// Bwrap returns the address of the corresponding bwrap.Config to s.
|
||||
// Note that remaining tmpfs entries must be queued by the caller prior to launch.
|
||||
func (s *SandboxConfig) Bwrap(os linux.System) (*bwrap.Config, error) {
|
||||
func (s *SandboxConfig) Bwrap(os sys.State) (*bwrap.Config, error) {
|
||||
if s == nil {
|
||||
return nil, errors.New("nil sandbox config")
|
||||
}
|
||||
@ -216,7 +216,7 @@ func (s *SandboxConfig) Bwrap(os linux.System) (*bwrap.Config, error) {
|
||||
return conf, nil
|
||||
}
|
||||
|
||||
func evalSymlinks(os linux.System, v *string) error {
|
||||
func evalSymlinks(os sys.State, v *string) error {
|
||||
if p, err := os.EvalSymlinks(*v); err != nil {
|
||||
if !errors.Is(err, fs.ErrNotExist) {
|
||||
return err
|
||||
|
||||
@ -6,7 +6,7 @@ import (
|
||||
|
||||
"git.gensokyo.uk/security/fortify/fst"
|
||||
"git.gensokyo.uk/security/fortify/internal/app/shim"
|
||||
"git.gensokyo.uk/security/fortify/internal/linux"
|
||||
"git.gensokyo.uk/security/fortify/internal/sys"
|
||||
)
|
||||
|
||||
type App interface {
|
||||
@ -32,7 +32,7 @@ type app struct {
|
||||
// application unique identifier
|
||||
id *fst.ID
|
||||
// operating system interface
|
||||
os linux.System
|
||||
os sys.State
|
||||
// shim process manager
|
||||
shim *shim.Shim
|
||||
// child process related information
|
||||
@ -64,7 +64,7 @@ func (a *app) String() string {
|
||||
return "(unsealed fortified app)"
|
||||
}
|
||||
|
||||
func New(os linux.System) (App, error) {
|
||||
func New(os sys.State) (App, error) {
|
||||
a := new(app)
|
||||
a.id = new(fst.ID)
|
||||
a.os = os
|
||||
|
||||
@ -6,7 +6,7 @@ import (
|
||||
"os/user"
|
||||
"strconv"
|
||||
|
||||
"git.gensokyo.uk/security/fortify/internal/linux"
|
||||
"git.gensokyo.uk/security/fortify/internal/sys"
|
||||
)
|
||||
|
||||
// fs methods are not implemented using a real FS
|
||||
@ -122,8 +122,8 @@ func (s *stubNixOS) Open(name string) (fs.File, error) {
|
||||
}
|
||||
}
|
||||
|
||||
func (s *stubNixOS) Paths() linux.Paths {
|
||||
return linux.Paths{
|
||||
func (s *stubNixOS) Paths() sys.Paths {
|
||||
return sys.Paths{
|
||||
SharePath: "/tmp/fortify.1971",
|
||||
RuntimePath: "/run/user/1971",
|
||||
RunDirPath: "/run/user/1971/fortify",
|
||||
|
||||
@ -10,13 +10,13 @@ import (
|
||||
"git.gensokyo.uk/security/fortify/fst"
|
||||
"git.gensokyo.uk/security/fortify/helper/bwrap"
|
||||
"git.gensokyo.uk/security/fortify/internal/app"
|
||||
"git.gensokyo.uk/security/fortify/internal/linux"
|
||||
"git.gensokyo.uk/security/fortify/internal/sys"
|
||||
"git.gensokyo.uk/security/fortify/system"
|
||||
)
|
||||
|
||||
type sealTestCase struct {
|
||||
name string
|
||||
os linux.System
|
||||
os sys.State
|
||||
config *fst.Config
|
||||
id fst.ID
|
||||
wantSys *system.I
|
||||
|
||||
@ -3,11 +3,11 @@ package app
|
||||
import (
|
||||
"git.gensokyo.uk/security/fortify/fst"
|
||||
"git.gensokyo.uk/security/fortify/helper/bwrap"
|
||||
"git.gensokyo.uk/security/fortify/internal/linux"
|
||||
"git.gensokyo.uk/security/fortify/internal/sys"
|
||||
"git.gensokyo.uk/security/fortify/system"
|
||||
)
|
||||
|
||||
func NewWithID(id fst.ID, os linux.System) App {
|
||||
func NewWithID(id fst.ID, os sys.State) App {
|
||||
a := new(app)
|
||||
a.id = &id
|
||||
a.os = os
|
||||
|
||||
@ -17,8 +17,8 @@ import (
|
||||
"git.gensokyo.uk/security/fortify/helper/bwrap"
|
||||
"git.gensokyo.uk/security/fortify/internal"
|
||||
"git.gensokyo.uk/security/fortify/internal/fmsg"
|
||||
"git.gensokyo.uk/security/fortify/internal/linux"
|
||||
"git.gensokyo.uk/security/fortify/internal/state"
|
||||
"git.gensokyo.uk/security/fortify/internal/sys"
|
||||
"git.gensokyo.uk/security/fortify/system"
|
||||
)
|
||||
|
||||
@ -64,7 +64,7 @@ type appSeal struct {
|
||||
// seal system-level component
|
||||
sys *appSealSys
|
||||
|
||||
linux.Paths
|
||||
sys.Paths
|
||||
|
||||
// protected by upstream mutex
|
||||
}
|
||||
|
||||
@ -11,7 +11,7 @@ import (
|
||||
"git.gensokyo.uk/security/fortify/dbus"
|
||||
"git.gensokyo.uk/security/fortify/fst"
|
||||
"git.gensokyo.uk/security/fortify/internal/fmsg"
|
||||
"git.gensokyo.uk/security/fortify/internal/linux"
|
||||
"git.gensokyo.uk/security/fortify/internal/sys"
|
||||
"git.gensokyo.uk/security/fortify/system"
|
||||
"git.gensokyo.uk/security/fortify/wl"
|
||||
)
|
||||
@ -43,7 +43,7 @@ var (
|
||||
ErrPulseMode = errors.New("unexpected pulse socket mode")
|
||||
)
|
||||
|
||||
func (seal *appSeal) setupShares(bus [2]*dbus.Config, os linux.System) error {
|
||||
func (seal *appSeal) setupShares(bus [2]*dbus.Config, os sys.State) error {
|
||||
if seal.shared {
|
||||
panic("seal shared twice")
|
||||
}
|
||||
@ -300,7 +300,7 @@ func (seal *appSeal) setupShares(bus [2]*dbus.Config, os linux.System) error {
|
||||
}
|
||||
|
||||
// discoverPulseCookie attempts various standard methods to discover the current user's PulseAudio authentication cookie
|
||||
func discoverPulseCookie(os linux.System) (string, error) {
|
||||
func discoverPulseCookie(os sys.State) (string, error) {
|
||||
if p, ok := os.LookupEnv(pulseCookie); ok {
|
||||
return p, nil
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
package linux
|
||||
package sys
|
||||
|
||||
import (
|
||||
"io/fs"
|
||||
@ -9,8 +9,8 @@ import (
|
||||
"git.gensokyo.uk/security/fortify/internal/fmsg"
|
||||
)
|
||||
|
||||
// System provides safe access to operating system resources.
|
||||
type System interface {
|
||||
// State provides safe interaction with operating system state.
|
||||
type State interface {
|
||||
// Geteuid provides [os.Geteuid].
|
||||
Geteuid() int
|
||||
// LookupEnv provides [os.LookupEnv].
|
||||
@ -52,7 +52,7 @@ type Paths struct {
|
||||
}
|
||||
|
||||
// CopyPaths is a generic implementation of [System.Paths].
|
||||
func CopyPaths(os System, v *Paths) {
|
||||
func CopyPaths(os State, v *Paths) {
|
||||
v.SharePath = path.Join(os.TempDir(), "fortify."+strconv.Itoa(os.Geteuid()))
|
||||
|
||||
fmsg.Verbosef("process share directory at %q", v.SharePath)
|
||||
@ -1,4 +1,4 @@
|
||||
package linux
|
||||
package sys
|
||||
|
||||
import (
|
||||
"errors"
|
||||
10
main.go
10
main.go
@ -24,8 +24,8 @@ import (
|
||||
init0 "git.gensokyo.uk/security/fortify/internal/app/init"
|
||||
"git.gensokyo.uk/security/fortify/internal/app/shim"
|
||||
"git.gensokyo.uk/security/fortify/internal/fmsg"
|
||||
"git.gensokyo.uk/security/fortify/internal/linux"
|
||||
"git.gensokyo.uk/security/fortify/internal/state"
|
||||
"git.gensokyo.uk/security/fortify/internal/sys"
|
||||
"git.gensokyo.uk/security/fortify/system"
|
||||
)
|
||||
|
||||
@ -44,7 +44,7 @@ func init() {
|
||||
flag.BoolVar(&flagJSON, "json", false, "Format output in JSON when applicable")
|
||||
}
|
||||
|
||||
var sys linux.System = new(linux.Std)
|
||||
var std sys.State = new(sys.Std)
|
||||
|
||||
type gl []string
|
||||
|
||||
@ -135,7 +135,7 @@ func main() {
|
||||
// Ignore errors; set is set for ExitOnError.
|
||||
_ = set.Parse(args[1:])
|
||||
|
||||
printPs(os.Stdout, time.Now().UTC(), state.NewMulti(sys.Paths().RunDirPath), short)
|
||||
printPs(os.Stdout, time.Now().UTC(), state.NewMulti(std.Paths().RunDirPath), short)
|
||||
internal.Exit(0)
|
||||
|
||||
case "show": // pretty-print app info
|
||||
@ -227,7 +227,7 @@ func main() {
|
||||
passwdOnce sync.Once
|
||||
passwdFunc = func() {
|
||||
var us string
|
||||
if uid, err := sys.Uid(aid); err != nil {
|
||||
if uid, err := std.Uid(aid); err != nil {
|
||||
fmsg.PrintBaseError(err, "cannot obtain uid from fsu:")
|
||||
os.Exit(1)
|
||||
} else {
|
||||
@ -328,7 +328,7 @@ func runApp(config *fst.Config) {
|
||||
seccomp.CPrintln = log.Println
|
||||
}
|
||||
|
||||
if a, err := app.New(sys); err != nil {
|
||||
if a, err := app.New(std); err != nil {
|
||||
log.Fatalf("cannot create app: %s", err)
|
||||
} else if err = a.Seal(config); err != nil {
|
||||
fmsg.PrintBaseError(err, "cannot seal app:")
|
||||
|
||||
2
parse.go
2
parse.go
@ -84,7 +84,7 @@ func tryShort(name string) (config *fst.Config, instance *state.State) {
|
||||
if likePrefix && len(name) >= 8 {
|
||||
fmsg.Verbose("argument looks like prefix")
|
||||
|
||||
s := state.NewMulti(sys.Paths().RunDirPath)
|
||||
s := state.NewMulti(std.Paths().RunDirPath)
|
||||
if entries, err := state.Join(s); err != nil {
|
||||
log.Printf("cannot join store: %v", err)
|
||||
// drop to fetch from file
|
||||
|
||||
2
print.go
2
print.go
@ -25,7 +25,7 @@ func printShowSystem(output io.Writer, short bool) {
|
||||
info := new(fst.Info)
|
||||
|
||||
// get fid by querying uid of aid 0
|
||||
if uid, err := sys.Uid(0); err != nil {
|
||||
if uid, err := std.Uid(0); err != nil {
|
||||
fmsg.PrintBaseError(err, "cannot obtain uid from fsu:")
|
||||
os.Exit(1)
|
||||
} else {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user