Ophestra Umiker
62cb8a91b6
There was an earlier attempt of cleaning up the app package however it ended up creating even more of a mess and the code structure largely still looked like Ego with state setup scattered everywhere and a bunch of ugly hacks had to be implemented to keep track of all of them. In this commit the entire app package is rewritten to track everything that has to do with an app in one thread safe value. In anticipation of the client/server split also made changes: - Console messages are cleaned up to be consistent - State tracking is fully rewritten to be cleaner and usable for multiple process and client/server - Encapsulate errors to easier identify type of action causing the error as well as additional info - System-level setup operations is grouped in a way that can be collectively committed/reverted and gracefully handles errors returned by each operation - Resource sharing is made more fine-grained with PID-scoped resources whenever possible, a few remnants (X11, Wayland, PulseAudio) will be addressed when a generic proxy is available - Application setup takes a JSON-friendly config struct and deterministically generates system setup operations Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
51 lines
1.6 KiB
Go
51 lines
1.6 KiB
Go
package app
|
|
|
|
import (
|
|
"path"
|
|
|
|
"git.ophivana.moe/cat/fortify/acl"
|
|
)
|
|
|
|
const (
|
|
xdgRuntimeDir = "XDG_RUNTIME_DIR"
|
|
xdgSessionClass = "XDG_SESSION_CLASS"
|
|
xdgSessionType = "XDG_SESSION_TYPE"
|
|
)
|
|
|
|
// shareRuntime queues actions for sharing/ensuring the runtime and share directories
|
|
func (seal *appSeal) shareRuntime() {
|
|
// ensure RunDir (e.g. `/run/user/%d/fortify`)
|
|
seal.sys.ensure(seal.RunDirPath, 0700)
|
|
|
|
// ensure runtime directory ACL (e.g. `/run/user/%d`)
|
|
seal.sys.updatePerm(seal.RuntimePath, acl.Execute)
|
|
|
|
// ensure Share (e.g. `/tmp/fortify.%d`)
|
|
// acl is unnecessary as this directory is world executable
|
|
seal.sys.ensure(seal.SharePath, 0701)
|
|
|
|
// ensure process-specific share (e.g. `/tmp/fortify.%d/%s`)
|
|
// acl is unnecessary as this directory is world executable
|
|
seal.share = path.Join(seal.SharePath, seal.id.String())
|
|
seal.sys.ensureEphemeral(seal.share, 0701)
|
|
}
|
|
|
|
func (seal *appSeal) shareRuntimeChild() string {
|
|
// ensure child runtime parent directory (e.g. `/tmp/fortify.%d/runtime`)
|
|
targetRuntimeParent := path.Join(seal.SharePath, "runtime")
|
|
seal.sys.ensure(targetRuntimeParent, 0700)
|
|
seal.sys.updatePerm(targetRuntimeParent, acl.Execute)
|
|
|
|
// ensure child runtime directory (e.g. `/tmp/fortify.%d/runtime/%d`)
|
|
targetRuntime := path.Join(targetRuntimeParent, seal.sys.Uid)
|
|
seal.sys.ensure(targetRuntime, 0700)
|
|
seal.sys.updatePerm(targetRuntime, acl.Read, acl.Write, acl.Execute)
|
|
|
|
// point to ensured runtime path
|
|
seal.appendEnv(xdgRuntimeDir, targetRuntime)
|
|
seal.appendEnv(xdgSessionClass, "user")
|
|
seal.appendEnv(xdgSessionType, "tty")
|
|
|
|
return targetRuntime
|
|
}
|