security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

app: expose single run method
All checks were successful
Tests / Go tests (push) Successful in 1m1s
Details
Nix / NixOS tests (push) Successful in 3m20s
Details

Browse Source 
App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-01-15 23:39:51 +09:00
parent be4d8b6300
commit 124743ffd3
5 changed files with 195 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/proc/fd.go
View File

@@ -12,6 +12,7 @@ var (
ErrInvalid = errors.New("bad file descriptor")
)
// Setup appends the read end of a pipe for payload transmission and returns its fd.
func Setup(extraFiles *[]*os.File) (int, *gob.Encoder, error) {
if r, w, err := os.Pipe(); err != nil {
return -1, nil, err
@@ -22,6 +23,8 @@ func Setup(extraFiles *[]*os.File) (int, *gob.Encoder, error) {
}
}
// Receive retrieves payload pipe fd from the environment,
// receives its payload and returns the Close method of the pipe.
func Receive(key string, e any) (func() error, error) {
var setup *os.File