init: custom init process inside sandbox

Bubblewrap as init is a bit awkward and don't support a few setup actions fortify will need, such as starting/supervising nscd. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-14 02:27:02 +09:00
parent 315c9b8849
commit 1302bcede0
7 changed files with 222 additions and 24 deletions
--- a/internal/shim/payload.go
+++ b/internal/shim/payload.go
@@ -7,8 +7,8 @@ const EnvShim = "FORTIFY_SHIM"
 type Payload struct {
 	// child full argv
 	Argv []string
-	// bwrap, target full exec path
-	Exec [2]string
+	// fortify, bwrap, target full exec path
+	Exec [3]string
 	// bwrap config
 	Bwrap *bwrap.Config
 	// whether to pass wayland fd