container: move out of toplevel

This allows slightly easier use of the vanity url. This also provides some disambiguation between low level containers and hakurei app containers.

Signed-off-by: Ophestra <cat@gensokyo.uk>

system/dbus/dbus_test.go

@@ -13,7 +13,7 @@ import (
 	"testing"
 	"time"
 
-	"git.gensokyo.uk/security/hakurei"
+	"git.gensokyo.uk/security/hakurei/container"
 	"git.gensokyo.uk/security/hakurei/helper"
 	"git.gensokyo.uk/security/hakurei/internal"
 	"git.gensokyo.uk/security/hakurei/internal/hlog"
@@ -134,11 +134,11 @@ func testProxyFinaliseStartWaitCloseString(t *testing.T, useSandbox bool) {
 			}
 			p.CmdF = func(v any) {
 				if useSandbox {
-					container := v.(*hakurei.Container)
-					if container.Args[0] != dbus.ProxyName {
+					z := v.(*container.Container)
+					if z.Args[0] != dbus.ProxyName {
 						panic(fmt.Sprintf("unexpected argv0 %q", os.Args[0]))
 					}
-					container.Args = append([]string{os.Args[0], "-test.run=TestHelperStub", "--"}, container.Args[1:]...)
+					z.Args = append([]string{os.Args[0], "-test.run=TestHelperStub", "--"}, z.Args[1:]...)
 				} else {
 					cmd := v.(*exec.Cmd)
 					if cmd.Args[0] != dbus.ProxyName {
@@ -208,6 +208,6 @@ func TestHelperInit(t *testing.T) {
 	if len(os.Args) != 5 || os.Args[4] != "init" {
 		return
 	}
-	hakurei.SetOutput(hlog.Output{})
-	hakurei.Init(hlog.Prepare, internal.InstallOutput)
+	container.SetOutput(hlog.Output{})
+	container.Init(hlog.Prepare, internal.InstallOutput)
 }

system/dbus/proc.go

@@ -11,10 +11,10 @@ import (
 	"strconv"
 	"syscall"
 
-	"git.gensokyo.uk/security/hakurei"
+	"git.gensokyo.uk/security/hakurei/container"
+	"git.gensokyo.uk/security/hakurei/container/seccomp"
 	"git.gensokyo.uk/security/hakurei/helper"
 	"git.gensokyo.uk/security/hakurei/ldd"
-	"git.gensokyo.uk/security/hakurei/seccomp"
 )
 
 // Start starts and configures a D-Bus proxy process.
@@ -65,22 +65,22 @@ func (p *Proxy) Start() error {
 		p.helper = helper.New(
 			ctx, toolPath,
 			p.final, true,
-			argF, func(container *hakurei.Container) {
-				container.SeccompFlags |= seccomp.AllowMultiarch
-				container.SeccompPresets |= seccomp.PresetStrict
-				container.Hostname = "hakurei-dbus"
-				container.CommandContext = p.CommandContext
+			argF, func(z *container.Container) {
+				z.SeccompFlags |= seccomp.AllowMultiarch
+				z.SeccompPresets |= seccomp.PresetStrict
+				z.Hostname = "hakurei-dbus"
+				z.CommandContext = p.CommandContext
 				if p.output != nil {
-					container.Stdout, container.Stderr = p.output, p.output
+					z.Stdout, z.Stderr = p.output, p.output
 				}
 
 				if p.CmdF != nil {
-					p.CmdF(container)
+					p.CmdF(z)
 				}
 
 				// these lib paths are unpredictable, so mount them first so they cannot cover anything
 				for _, name := range libPaths {
-					container.Bind(name, name, 0)
+					z.Bind(name, name, 0)
 				}
 
 				// upstream bus directories
@@ -101,7 +101,7 @@ func (p *Proxy) Start() error {
 				slices.Sort(upstreamPaths)
 				upstreamPaths = slices.Compact(upstreamPaths)
 				for _, name := range upstreamPaths {
-					container.Bind(name, name, 0)
+					z.Bind(name, name, 0)
 				}
 
 				// parent directories of bind paths
@@ -115,12 +115,12 @@ func (p *Proxy) Start() error {
 				slices.Sort(sockDirPaths)
 				sockDirPaths = slices.Compact(sockDirPaths)
 				for _, name := range sockDirPaths {
-					container.Bind(name, name, hakurei.BindWritable)
+					z.Bind(name, name, container.BindWritable)
 				}
 
 				// xdg-dbus-proxy bin path
 				binPath := path.Dir(toolPath)
-				container.Bind(binPath, binPath, 0)
+				z.Bind(binPath, binPath, 0)
 			}, nil)
 	}
 

system/output.go

@@ -1,14 +1,14 @@
 package system
 
 import (
-	"git.gensokyo.uk/security/hakurei"
+	"git.gensokyo.uk/security/hakurei/container"
 )
 
-var msg hakurei.Msg = new(hakurei.DefaultMsg)
+var msg container.Msg = new(container.DefaultMsg)
 
-func SetOutput(v hakurei.Msg) {
+func SetOutput(v container.Msg) {
 	if v == nil {
-		msg = new(hakurei.DefaultMsg)
+		msg = new(container.DefaultMsg)
 	} else {
 		msg = v
 	}