security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 35 Wiki Activity
0f1f0e4364
fortify/helper/bwrap.go
Ophestra 0f1f0e4364
All checks were successful
Test / Create distribution (push) Successful in 43s
Details
Test / Fortify (push) Successful in 6m53s
Details
Test / Fpkg (push) Successful in 11m51s
Details
Test / Data race detector (push) Successful in 2m32s
Details
Test / Flake checks (push) Successful in 56s
Details
helper: combine helper ipc setup 
The two-step args call is no longer necessary since stat is passed on initialisation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-15 02:10:22 +09:00

79 lines
2.0 KiB
Go
Raw Blame History

package helper
import (
"context"
"io"
"os"
"os/exec"
"slices"
"strconv"
"syscall"
"git.gensokyo.uk/security/fortify/helper/bwrap"
"git.gensokyo.uk/security/fortify/helper/proc"
)
// BubblewrapName is the file name or path to bubblewrap.
var BubblewrapName = "bwrap"
// MustNewBwrap initialises a new Bwrap instance with wt as the null-terminated argument writer.
// If wt is nil, the child process spawned by bwrap will not get an argument pipe.
// Function argF returns an array of arguments passed directly to the child process.
func MustNewBwrap(
ctx context.Context,
name string,
wt io.WriterTo,
stat bool,
argF func(argsFd, statFd int) []string,
cmdF func(cmd *exec.Cmd),
conf *bwrap.Config,
setpgid bool,
extraFiles []*os.File,
syncFd *os.File,
) Helper {
b, err := NewBwrap(ctx, name, wt, stat, argF, cmdF, conf, setpgid, extraFiles, syncFd)
if err != nil {
panic(err.Error())
} else {
return b
}
}
// NewBwrap initialises a new Bwrap instance with wt as the null-terminated argument writer.
// If wt is nil, the child process spawned by bwrap will not get an argument pipe.
// Function argF returns an array of arguments passed directly to the child process.
func NewBwrap(
ctx context.Context,
name string,
wt io.WriterTo,
stat bool,
argF func(argsFd, statFd int) []string,
cmdF func(cmd *exec.Cmd),
conf *bwrap.Config,
setpgid bool,
extraFiles []*os.File,
syncFd *os.File,
) (Helper, error) {
b, args := newHelperCmd(ctx, BubblewrapName, wt, stat, argF, extraFiles)
if setpgid {
b.Cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
}
var argsFd uintptr
if v, err := NewCheckedArgs(conf.Args(syncFd, b.extraFiles, &b.files)); err != nil {
return nil, err
} else {
f := proc.NewWriterTo(v)
argsFd = proc.InitFile(f, b.extraFiles)
b.files = append(b.files, f)
}
b.Args = slices.Grow(b.Args, 4+len(args))
b.Args = append(b.Args, "--args", strconv.Itoa(int(argsFd)), "--", name)
b.Args = append(b.Args, args...)
if cmdF != nil {
cmdF(b.Cmd)
}
return b, nil
}
Reference in New Issue View Git Blame Copy Permalink