cmd/flaunch: implement app bundle wrapper

This tool creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once. Signed-off-by: Ophestra <cat@gensokyo.uk>
internal: include path to fortify main program
2024-12-26 16:57:49 +09:00 · 2024-12-26 12:48:48 +09:00
1 changed files with 1 additions and 6 deletions
--- a/cmd/fshim/main.go
+++ b/cmd/fshim/main.go
@ -9,7 +9,6 @@ import (

 	init0 "git.gensokyo.uk/security/fortify/cmd/finit/ipc"
 	shim "git.gensokyo.uk/security/fortify/cmd/fshim/ipc"
-	"git.gensokyo.uk/security/fortify/fst"
 	"git.gensokyo.uk/security/fortify/helper"
 	"git.gensokyo.uk/security/fortify/internal"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
@ -118,12 +117,8 @@ func main() {
 		}()
 	}

-	// bind finit inside sandbox
-	finitInnerPath := path.Join(fst.Tmp, "sbin", "init")
-	conf.Bind(finitPath, finitInnerPath)
-
 	helper.BubblewrapName = payload.Exec[0] // resolved bwrap path by parent
-	if b, err := helper.NewBwrap(conf, nil, finitInnerPath,
+	if b, err := helper.NewBwrap(conf, nil, finitPath,
 		func(int, int) []string { return make([]string, 0) }); err != nil {
 		fmsg.Fatalf("malformed sandbox config: %v", err)
 	} else {
Author	SHA1	Message	Date
Ophestra	f5535455d9	cmd/flaunch: implement app bundle wrapper All checks were successful Tests / Go tests (push) Successful in 33s Details Nix / NixOS tests (push) Successful in 3m28s Details This tool creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 16:57:49 +09:00
Ophestra	cdfc23700f	internal: include path to fortify main program Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 12:48:48 +09:00