diff --git a/internal/app/finalise.go b/internal/app/finalise.go index a4e2d69..bd9cf2b 100644 --- a/internal/app/finalise.go +++ b/internal/app/finalise.go @@ -96,21 +96,7 @@ func (k *outcome) finalise(ctx context.Context, msg container.Msg, id *state.ID, EnvPaths: copyPaths(k.syscallDispatcher), Container: config.Container, } - - // enforce bounds and default early - if s.Container.WaitDelay <= 0 { - kp.waitDelay = hst.WaitDelayDefault - } else if s.Container.WaitDelay > hst.WaitDelayMax { - kp.waitDelay = hst.WaitDelayMax - } else { - kp.waitDelay = s.Container.WaitDelay - } - - if s.Container.MapRealUID { - s.Mapuid, s.Mapgid = k.getuid(), k.getgid() - } else { - s.Mapuid, s.Mapgid = k.overflowUid(msg), k.overflowGid(msg) - } + kp.waitDelay = s.populateEarly(k.syscallDispatcher, msg) // TODO(ophestra): duplicate in shim (params to shim) if err := s.populateLocal(k.syscallDispatcher, msg); err != nil { diff --git a/internal/app/outcome.go b/internal/app/outcome.go index e2673e4..f0880ad 100644 --- a/internal/app/outcome.go +++ b/internal/app/outcome.go @@ -2,6 +2,7 @@ package app import ( "strconv" + "time" "hakurei.app/container" "hakurei.app/container/check" @@ -68,6 +69,27 @@ func (s *outcomeState) valid() bool { s.EnvPaths != nil } +// populateEarly populates exported fields via syscallDispatcher. +// This must only be called from the priv side. +func (s *outcomeState) populateEarly(k syscallDispatcher, msg container.Msg) (waitDelay time.Duration) { + // enforce bounds and default early + if s.Container.WaitDelay <= 0 { + waitDelay = hst.WaitDelayDefault + } else if s.Container.WaitDelay > hst.WaitDelayMax { + waitDelay = hst.WaitDelayMax + } else { + waitDelay = s.Container.WaitDelay + } + + if s.Container.MapRealUID { + s.Mapuid, s.Mapgid = k.getuid(), k.getgid() + } else { + s.Mapuid, s.Mapgid = k.overflowUid(msg), k.overflowGid(msg) + } + + return +} + // populateLocal populates unexported fields from transmitted exported fields. // These fields are cheaper to recompute per-process. func (s *outcomeState) populateLocal(k syscallDispatcher, msg container.Msg) error { @@ -161,7 +183,7 @@ func (state *outcomeStateSys) runtime() *check.Absolute { type outcomeStateParams struct { // Overrides the embedded [container.Params] in [container.Container]. The Env field must not be used. params *container.Params - // Collapsed into the Env slice in [container.Params] after every call to outcomeOp.toContainer completes. + // Collapsed into the Env slice in [container.Params] by the final outcomeOp. env map[string]string // Filesystems with the optional root sliced off if present. Populated by spParamsOp.