proc/priv/shim: merge shim into main program

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-17 23:43:32 +09:00 · 2025-01-17 23:43:32 +09:00 · ea8f228af3
commit ea8f228af3
parent 16db3dabe2
12 changed files with 29 additions and 36 deletions
--- a/cmd/fpkg/with.go
+++ b/cmd/fpkg/with.go
@ -62,7 +62,7 @@ func withCacheDir(action string, command []string, workDir string, app *bundleIn
 			AppID:    app.AppID,
 			Username: "nixos",
 			Inner:    path.Join("/data/data", app.ID, "cache"),
-			Outer:    pathSet.cacheDir, // this also ensures cacheDir via fshim
+			Outer:    pathSet.cacheDir, // this also ensures cacheDir via shim
 			Sandbox: &fst.SandboxConfig{
 				Hostname:     formatHostname(app.Name) + "-" + action,
 				NoNewSession: dropShell,
--- a/cmd/fsu/main.go
+++ b/cmd/fsu/main.go
@ -24,7 +24,6 @@ const (

 var (
 	Fmain = compPoison
-	Fshim = compPoison
 )

 func main() {
@ -41,17 +40,12 @@ func main() {
 		log.Fatal("this program must not be started by root")
 	}

-	var fmain, fshim string
+	var fmain string
 	if p, ok := checkPath(Fmain); !ok {
 		log.Fatal("invalid fortify path, this copy of fsu is not compiled correctly")
 	} else {
 		fmain = p
 	}
-	if p, ok := checkPath(Fshim); !ok {
-		log.Fatal("invalid fshim path, this copy of fsu is not compiled correctly")
-	} else {
-		fshim = p
-	}

 	pexe := path.Join("/proc", strconv.Itoa(os.Getppid()), "exe")
 	if p, err := os.Readlink(pexe); err != nil {
@ -142,7 +136,7 @@ func main() {
 	if _, _, errno := syscall.AllThreadsSyscall(syscall.SYS_PRCTL, PR_SET_NO_NEW_PRIVS, 1, 0); errno != 0 {
 		log.Fatalf("cannot set no_new_privs flag: %s", errno.Error())
 	}
-	if err := syscall.Exec(fshim, []string{"fshim"}, []string{envShim + "=" + shimSetupFd}); err != nil {
+	if err := syscall.Exec(fmain, []string{"fortify", "shim"}, []string{envShim + "=" + shimSetupFd}); err != nil {
 		log.Fatalf("cannot start shim: %v", err)
 	}

--- a/dist/install.sh
+++ b/dist/install.sh
@ -4,7 +4,6 @@ cd "$(dirname -- "$0")" || exit 1
 install -vDm0755 "bin/fortify" "${FORTIFY_INSTALL_PREFIX}/usr/bin/fortify"
 install -vDm0755 "bin/fpkg" "${FORTIFY_INSTALL_PREFIX}/usr/bin/fpkg"

-install -vDm0755 "bin/fshim" "${FORTIFY_INSTALL_PREFIX}/usr/libexec/fortify/fshim"
 install -vDm0755 "bin/finit" "${FORTIFY_INSTALL_PREFIX}/usr/libexec/fortify/finit"
 install -vDm0755 "bin/fuserdb" "${FORTIFY_INSTALL_PREFIX}/usr/libexec/fortify/fuserdb"

--- a/dist/release.sh
+++ b/dist/release.sh
@ -14,8 +14,7 @@ go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -buildid= -extldflags '-s
  -X git.gensokyo.uk/security/fortify/internal.Fortify=/usr/bin/fortify
  -X git.gensokyo.uk/security/fortify/internal.Fsu=/usr/bin/fsu
  -X git.gensokyo.uk/security/fortify/internal.Finit=/usr/libexec/fortify/finit
-  -X main.Fmain=/usr/bin/fortify
-  -X main.Fshim=/usr/libexec/fortify/fshim" ./...
+  -X main.Fmain=/usr/bin/fortify" ./...

 rm -f "./${out}.tar.gz" && tar -C dist -czf "${out}.tar.gz" "${pname}"
 rm -rf "./${out}"
--- a/internal/app/app.go
+++ b/internal/app/app.go
@ -5,9 +5,9 @@ import (
 	"sync"
 	"sync/atomic"

-	"git.gensokyo.uk/security/fortify/cmd/fshim/ipc/shim"
 	"git.gensokyo.uk/security/fortify/fst"
 	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/proc/priv/shim"
 )

 type App interface {
@ -23,7 +23,7 @@ type App interface {
 type RunState struct {
 	// Start is true if fsu is successfully started.
 	Start bool
-	// ExitCode is the value returned by fshim.
+	// ExitCode is the value returned by shim.
 	ExitCode int
 	// WaitErr is error returned by the underlying wait syscall.
 	WaitErr error
--- a/internal/app/start.go
+++ b/internal/app/start.go
@ -9,10 +9,9 @@ import (
 	"strings"
 	"time"

-	shim0 "git.gensokyo.uk/security/fortify/cmd/fshim/ipc"
-	"git.gensokyo.uk/security/fortify/cmd/fshim/ipc/shim"
 	"git.gensokyo.uk/security/fortify/helper"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/proc/priv/shim"
 	"git.gensokyo.uk/security/fortify/internal/state"
 	"git.gensokyo.uk/security/fortify/internal/system"
 )
@ -51,7 +50,7 @@ func (a *app) Run(ctx context.Context, rs *RunState) error {
 		uint32(a.seal.sys.UID()),
 		a.seal.sys.user.as,
 		a.seal.sys.user.supp,
-		&shim0.Payload{
+		&shim.Payload{
 			Argv:  a.seal.command,
 			Exec:  shimExec,
 			Bwrap: a.seal.sys.bwrap,
--- a/internal/linux/std.go
+++ b/internal/linux/std.go
@ -73,7 +73,7 @@ func (s *Std) Uid(aid int) (int, error) {

 	u.uid = -1
 	if fsu, ok := internal.Check(internal.Fsu); !ok {
-		fmsg.Fatal("invalid fsu path, this copy of fshim is not compiled correctly")
+		fmsg.Fatal("invalid fsu path, this copy of fortify is not compiled correctly")
 		panic("unreachable")
 	} else {
 		cmd := exec.Command(fsu)
--- a/internal/proc/priv/shim/main.go
+++ b/internal/proc/priv/shim/main.go
@ -1,4 +1,4 @@
-package main
+package shim

 import (
 	"errors"
@ -8,7 +8,6 @@ import (
 	"syscall"

 	init0 "git.gensokyo.uk/security/fortify/cmd/finit/ipc"
-	shim "git.gensokyo.uk/security/fortify/cmd/fshim/ipc"
 	"git.gensokyo.uk/security/fortify/fst"
 	"git.gensokyo.uk/security/fortify/helper"
 	"git.gensokyo.uk/security/fortify/internal"
@ -19,7 +18,7 @@ import (
 // everything beyond this point runs as unconstrained target user
 // proceed with caution!

-func main() {
+func Main() {
 	// sharing stdout with fortify
 	// USE WITH CAUTION
 	fmsg.SetPrefix("shim")
@ -31,8 +30,8 @@ func main() {
 	}

 	// re-exec
-	if len(os.Args) > 0 && (os.Args[0] != "fshim" || len(os.Args) != 1) && path.IsAbs(os.Args[0]) {
-		if err := syscall.Exec(os.Args[0], []string{"fshim"}, os.Environ()); err != nil {
+	if len(os.Args) > 0 && (os.Args[0] != "fortify" || os.Args[1] != "shim" || len(os.Args) != 2) && path.IsAbs(os.Args[0]) {
+		if err := syscall.Exec(os.Args[0], []string{"fortify", "shim"}, os.Environ()); err != nil {
 			fmsg.Println("cannot re-exec self:", err)
 			// continue anyway
 		}
@ -41,17 +40,17 @@ func main() {
 	// check path to finit
 	var finitPath string
 	if p, ok := internal.Path(internal.Finit); !ok {
-		fmsg.Fatal("invalid finit path, this copy of fshim is not compiled correctly")
+		fmsg.Fatal("invalid finit path, this copy of fortify is not compiled correctly")
 	} else {
 		finitPath = p
 	}

 	// receive setup payload
 	var (
-		payload    shim.Payload
+		payload    Payload
 		closeSetup func() error
 	)
-	if f, err := proc.Receive(shim.Env, &payload); err != nil {
+	if f, err := proc.Receive(Env, &payload); err != nil {
 		if errors.Is(err, proc.ErrInvalid) {
 			fmsg.Fatal("invalid config descriptor")
 		}
--- a/internal/proc/priv/shim/manager.go
+++ b/internal/proc/priv/shim/manager.go
@ -10,7 +10,6 @@ import (
 	"strings"
 	"time"

-	shim0 "git.gensokyo.uk/security/fortify/cmd/fshim/ipc"
 	"git.gensokyo.uk/security/fortify/internal"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
 	"git.gensokyo.uk/security/fortify/internal/proc"
@ -30,12 +29,12 @@ type Shim struct {
 	// fallback exit notifier with error returned killing the process
 	killFallback chan error
 	// shim setup payload
-	payload *shim0.Payload
+	payload *Payload
 	// monitor to shim encoder
 	encoder *gob.Encoder
 }

-func New(uid uint32, aid string, supp []string, payload *shim0.Payload) *Shim {
+func New(uid uint32, aid string, supp []string, payload *Payload) *Shim {
 	return &Shim{uid: uid, aid: aid, supp: supp, payload: payload}
 }

@ -58,7 +57,7 @@ func (s *Shim) Start() (*time.Time, error) {
 	// prepare user switcher invocation
 	var fsu string
 	if p, ok := internal.Check(internal.Fsu); !ok {
-		fmsg.Fatal("invalid fsu path, this copy of fshim is not compiled correctly")
+		fmsg.Fatal("invalid fsu path, this copy of fortify is not compiled correctly")
 		panic("unreachable")
 	} else {
 		fsu = p
@ -72,7 +71,7 @@ func (s *Shim) Start() (*time.Time, error) {
 	} else {
 		s.encoder = e
 		s.cmd.Env = []string{
-			shim0.Env + "=" + strconv.Itoa(fd),
+			Env + "=" + strconv.Itoa(fd),
 			"FORTIFY_APP_ID=" + s.aid,
 		}
 	}
--- a/internal/proc/priv/shim/payload.go
+++ b/internal/proc/priv/shim/payload.go
@ -1,8 +1,6 @@
-package shim0
+package shim

-import (
-	"git.gensokyo.uk/security/fortify/helper/bwrap"
-)
+import "git.gensokyo.uk/security/fortify/helper/bwrap"

 const Env = "FORTIFY_SHIM"

--- a/main.go
+++ b/main.go
@ -20,6 +20,7 @@ import (
 	"git.gensokyo.uk/security/fortify/internal/app"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
 	"git.gensokyo.uk/security/fortify/internal/linux"
+	"git.gensokyo.uk/security/fortify/internal/proc/priv/shim"
 	"git.gensokyo.uk/security/fortify/internal/system"
 )

@ -283,6 +284,12 @@ func main() {

 		// invoke app
 		runApp(config)
+
+	// internal commands
+	case "shim":
+		shim.Main()
+		fmsg.Exit(0)
+
 	default:
 		fmsg.Fatalf("%q is not a valid command", args[0])
 	}
--- a/package.nix
+++ b/package.nix
@ -33,7 +33,6 @@ buildGoModule rec {
      [
        "-s -w"
        "-X main.Fmain=${placeholder "out"}/libexec/fortify"
-        "-X main.Fshim=${placeholder "out"}/libexec/fshim"
      ]
      {
        Version = "v${version}";