helper: combine helper ipc setup
The two-step args call is no longer necessary since stat is passed on initialisation. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -2,13 +2,11 @@ package helper
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
"slices"
|
||||
"strconv"
|
||||
"sync"
|
||||
"syscall"
|
||||
|
||||
"git.gensokyo.uk/security/fortify/helper/bwrap"
|
||||
@@ -18,34 +16,6 @@ import (
|
||||
// BubblewrapName is the file name or path to bubblewrap.
|
||||
var BubblewrapName = "bwrap"
|
||||
|
||||
type bubblewrap struct {
|
||||
// final args fd of bwrap process
|
||||
argsFd uintptr
|
||||
|
||||
// name of the command to run in bwrap
|
||||
name string
|
||||
|
||||
lock sync.RWMutex
|
||||
*helperCmd
|
||||
}
|
||||
|
||||
func (b *bubblewrap) Start() error {
|
||||
b.lock.Lock()
|
||||
defer b.lock.Unlock()
|
||||
|
||||
// Check for doubled Start calls before we defer failure cleanup. If the prior
|
||||
// call to Start succeeded, we don't want to spuriously close its pipes.
|
||||
if b.Cmd != nil && b.Cmd.Process != nil {
|
||||
return errors.New("exec: already started")
|
||||
}
|
||||
|
||||
args := b.finalise()
|
||||
b.Cmd.Args = slices.Grow(b.Cmd.Args, 4+len(args))
|
||||
b.Cmd.Args = append(b.Cmd.Args, "--args", strconv.Itoa(int(b.argsFd)), "--", b.name)
|
||||
b.Cmd.Args = append(b.Cmd.Args, args...)
|
||||
return proc.Fulfill(b.ctx, &b.ExtraFiles, b.Cmd.Start, b.files, b.extraFiles)
|
||||
}
|
||||
|
||||
// MustNewBwrap initialises a new Bwrap instance with wt as the null-terminated argument writer.
|
||||
// If wt is nil, the child process spawned by bwrap will not get an argument pipe.
|
||||
// Function argF returns an array of arguments passed directly to the child process.
|
||||
@@ -84,24 +54,25 @@ func NewBwrap(
|
||||
extraFiles []*os.File,
|
||||
syncFd *os.File,
|
||||
) (Helper, error) {
|
||||
b := new(bubblewrap)
|
||||
|
||||
b.name = name
|
||||
b.helperCmd = newHelperCmd(ctx, BubblewrapName, wt, argF, stat, extraFiles)
|
||||
b, args := newHelperCmd(ctx, BubblewrapName, wt, stat, argF, extraFiles)
|
||||
if setpgid {
|
||||
b.Cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true}
|
||||
}
|
||||
if cmdF != nil {
|
||||
cmdF(b.helperCmd.Cmd)
|
||||
}
|
||||
|
||||
var argsFd uintptr
|
||||
if v, err := NewCheckedArgs(conf.Args(syncFd, b.extraFiles, &b.files)); err != nil {
|
||||
return nil, err
|
||||
} else {
|
||||
f := proc.NewWriterTo(v)
|
||||
b.argsFd = proc.InitFile(f, b.extraFiles)
|
||||
argsFd = proc.InitFile(f, b.extraFiles)
|
||||
b.files = append(b.files, f)
|
||||
}
|
||||
|
||||
b.Args = slices.Grow(b.Args, 4+len(args))
|
||||
b.Args = append(b.Args, "--args", strconv.Itoa(int(argsFd)), "--", name)
|
||||
b.Args = append(b.Args, args...)
|
||||
if cmdF != nil {
|
||||
cmdF(b.Cmd)
|
||||
}
|
||||
return b, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user