From e64e7608ca47d25e81fb43d66838d9aa0ffd2e9a Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Sat, 15 Mar 2025 03:04:27 +0900
Subject: [PATCH] sandbox: expose cancel behaviour

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 internal/sandbox/container.go      | 10 ++++++++++
 internal/sandbox/container_test.go | 11 +++++++++++
 2 files changed, 21 insertions(+)

diff --git a/internal/sandbox/container.go b/internal/sandbox/container.go
index 97dd0ee..5ee5a5b 100644
--- a/internal/sandbox/container.go
+++ b/internal/sandbox/container.go
@@ -10,6 +10,7 @@ import (
 	"path"
 	"strconv"
 	"syscall"
+	"time"
 
 	"git.gensokyo.uk/security/fortify/helper/proc"
 	"git.gensokyo.uk/security/fortify/internal"
@@ -68,6 +69,9 @@ type (
 		Stdout io.Writer
 		Stderr io.Writer
 
+		Cancel    func() error
+		WaitDelay time.Duration
+
 		cmd *exec.Cmd
 		ctx context.Context
 	}
@@ -130,6 +134,7 @@ func (p *Container) Start() error {
 
 	p.cmd = p.CommandContext(c)
 	p.cmd.Stdin, p.cmd.Stdout, p.cmd.Stderr = p.Stdin, p.Stdout, p.Stderr
+	p.cmd.Cancel, p.cmd.WaitDelay = p.Cancel, p.WaitDelay
 	p.cmd.Dir = "/"
 	p.cmd.SysProcAttr = &syscall.SysProcAttr{
 		Setsid:    p.Flags&FAllowTTY == 0,
@@ -208,6 +213,11 @@ func (p *Container) Serve() error {
 
 func (p *Container) Wait() error { defer p.cancel(); return p.cmd.Wait() }
 
+func (p *Container) String() string {
+	return fmt.Sprintf("argv: %q, flags: %#x, seccomp: %#x",
+		p.Args, p.Flags, int(p.Flags.seccomp(p.Seccomp)))
+}
+
 func New(ctx context.Context, name string, args ...string) *Container {
 	return &Container{name: name, ctx: ctx,
 		InitParams: InitParams{Args: append([]string{name}, args...), Dir: "/", Ops: new(Ops)},
diff --git a/internal/sandbox/container_test.go b/internal/sandbox/container_test.go
index 6ef8cec..566de75 100644
--- a/internal/sandbox/container_test.go
+++ b/internal/sandbox/container_test.go
@@ -18,6 +18,7 @@ import (
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
 	"git.gensokyo.uk/security/fortify/internal/sandbox"
 	"git.gensokyo.uk/security/fortify/ldd"
+	"git.gensokyo.uk/security/fortify/seccomp"
 	check "git.gensokyo.uk/security/fortify/test/sandbox"
 )
 
@@ -146,6 +147,16 @@ func TestContainer(t *testing.T) {
 	}
 }
 
+func TestContainerString(t *testing.T) {
+	container := sandbox.New(context.TODO(), "ldd", "/usr/bin/env")
+	container.Flags |= sandbox.FAllowDevel
+	container.Seccomp |= seccomp.FlagMultiarch
+	want := `argv: ["ldd" "/usr/bin/env"], flags: 0x2, seccomp: 0x2e`
+	if got := container.String(); got != want {
+		t.Errorf("String: %s, want %s", got, want)
+	}
+}
+
 func TestHelperInit(t *testing.T) {
 	if len(os.Args) != 5 || os.Args[4] != "init" {
 		return