package app import ( "path" "git.gensokyo.uk/security/fortify/acl" "git.gensokyo.uk/security/fortify/dbus" "git.gensokyo.uk/security/fortify/internal/system" ) const ( dbusSessionBusAddress = "DBUS_SESSION_BUS_ADDRESS" dbusSystemBusAddress = "DBUS_SYSTEM_BUS_ADDRESS" ) func (seal *appSeal) shareDBus(config [2]*dbus.Config) error { if !seal.et.Has(system.EDBus) { return nil } // downstream socket paths sessionPath, systemPath := path.Join(seal.share, "bus"), path.Join(seal.share, "system_bus_socket") // configure dbus proxy if f, err := seal.sys.ProxyDBus(config[0], config[1], sessionPath, systemPath); err != nil { return err } else { seal.dbusMsg = f } // share proxy sockets sessionInner := path.Join(seal.sys.runtime, "bus") seal.sys.bwrap.SetEnv[dbusSessionBusAddress] = "unix:path=" + sessionInner seal.sys.bwrap.Bind(sessionPath, sessionInner) seal.sys.UpdatePerm(sessionPath, acl.Read, acl.Write) if config[1] != nil { systemInner := "/run/dbus/system_bus_socket" seal.sys.bwrap.SetEnv[dbusSystemBusAddress] = "unix:path=" + systemInner seal.sys.bwrap.Bind(systemPath, systemInner) seal.sys.UpdatePerm(systemPath, acl.Read, acl.Write) } return nil }