init: custom init process inside sandbox

Bubblewrap as init is a bit awkward and don't support a few setup actions fortify will need, such as starting/supervising nscd.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>

main.go

@@ -8,6 +8,7 @@ import (
 
 	"git.ophivana.moe/cat/fortify/internal"
 	"git.ophivana.moe/cat/fortify/internal/app"
+	init0 "git.ophivana.moe/cat/fortify/internal/init"
 	"git.ophivana.moe/cat/fortify/internal/shim"
 	"git.ophivana.moe/cat/fortify/internal/verbose"
 )
@@ -27,15 +28,14 @@ func main() {
 	// linux/sched/coredump.h
 	if _, _, errno := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_DUMPABLE, 0, 0); errno != 0 {
 		fmt.Printf("fortify: cannot set SUID_DUMP_DISABLE: %s", errno.Error())
-	} else {
-		verbose.Println("prctl(PR_SET_DUMPABLE, SUID_DUMP_DISABLE) succeeded")
 	}
 
 	if internal.SdBootedV {
 		verbose.Println("system booted with systemd as init system")
 	}
 
-	// shim early exit
+	// shim/init early exit
+	init0.Try()
 	shim.Try()
 
 	// root check