security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

container: move out of toplevel
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 1m52s
Details
Test / Sandbox (race detector) (push) Successful in 3m14s
Details
Test / Planterette (push) Successful in 3m36s
Details
Test / Hakurei (race detector) (push) Successful in 4m31s
Details
Test / Hakurei (push) Successful in 2m3s
Details
Test / Flake checks (push) Successful in 1m13s
Details

Browse Source 
This allows slightly easier use of the vanity url. This also provides some disambiguation between low level containers and hakurei app containers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-07-03 02:59:43 +09:00
parent 82561d62b6
commit 1b5ecd9eaf
55 changed files with 232 additions and 234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
system/dbus/dbus_test.go
View File

@@ -13,7 +13,7 @@ import (
"testing"
"time"
"git.gensokyo.uk/security/hakurei"
"git.gensokyo.uk/security/hakurei/container"
"git.gensokyo.uk/security/hakurei/helper"
"git.gensokyo.uk/security/hakurei/internal"
"git.gensokyo.uk/security/hakurei/internal/hlog"
@@ -134,11 +134,11 @@ func testProxyFinaliseStartWaitCloseString(t *testing.T, useSandbox bool) {
}
p.CmdF = func(v any) {
if useSandbox {
container := v.(*hakurei.Container)
if container.Args[0] != dbus.ProxyName {
z := v.(*container.Container)
if z.Args[0] != dbus.ProxyName {
panic(fmt.Sprintf("unexpected argv0 %q", os.Args[0]))
}
container.Args = append([]string{os.Args[0], "-test.run=TestHelperStub", "--"}, container.Args[1:]...)
z.Args = append([]string{os.Args[0], "-test.run=TestHelperStub", "--"}, z.Args[1:]...)
} else {
cmd := v.(*exec.Cmd)
if cmd.Args[0] != dbus.ProxyName {
@@ -208,6 +208,6 @@ func TestHelperInit(t *testing.T) {
if len(os.Args) != 5 || os.Args[4] != "init" {
return
}
hakurei.SetOutput(hlog.Output{})
hakurei.Init(hlog.Prepare, internal.InstallOutput)
container.SetOutput(hlog.Output{})
container.Init(hlog.Prepare, internal.InstallOutput)
}

26
system/dbus/proc.go
View File

@@ -11,10 +11,10 @@ import (
"strconv"
"syscall"
"git.gensokyo.uk/security/hakurei"
"git.gensokyo.uk/security/hakurei/container"
"git.gensokyo.uk/security/hakurei/container/seccomp"
"git.gensokyo.uk/security/hakurei/helper"
"git.gensokyo.uk/security/hakurei/ldd"
"git.gensokyo.uk/security/hakurei/seccomp"
)
// Start starts and configures a D-Bus proxy process.
@@ -65,22 +65,22 @@ func (p *Proxy) Start() error {
p.helper = helper.New(
ctx, toolPath,
p.final, true,
argF, func(container *hakurei.Container) {
container.SeccompFlags |= seccomp.AllowMultiarch
container.SeccompPresets |= seccomp.PresetStrict
container.Hostname = "hakurei-dbus"
container.CommandContext = p.CommandContext
argF, func(z *container.Container) {
z.SeccompFlags |= seccomp.AllowMultiarch
z.SeccompPresets |= seccomp.PresetStrict
z.Hostname = "hakurei-dbus"
z.CommandContext = p.CommandContext
if p.output != nil {
container.Stdout, container.Stderr = p.output, p.output
z.Stdout, z.Stderr = p.output, p.output
}
if p.CmdF != nil {
p.CmdF(container)
p.CmdF(z)
}
// these lib paths are unpredictable, so mount them first so they cannot cover anything
for _, name := range libPaths {
container.Bind(name, name, 0)
z.Bind(name, name, 0)
}
// upstream bus directories
@@ -101,7 +101,7 @@ func (p *Proxy) Start() error {
slices.Sort(upstreamPaths)
upstreamPaths = slices.Compact(upstreamPaths)
for _, name := range upstreamPaths {
container.Bind(name, name, 0)
z.Bind(name, name, 0)
}
// parent directories of bind paths
@@ -115,12 +115,12 @@ func (p *Proxy) Start() error {
slices.Sort(sockDirPaths)
sockDirPaths = slices.Compact(sockDirPaths)
for _, name := range sockDirPaths {
container.Bind(name, name, hakurei.BindWritable)
z.Bind(name, name, container.BindWritable)
}
// xdg-dbus-proxy bin path
binPath := path.Dir(toolPath)
container.Bind(binPath, binPath, 0)
z.Bind(binPath, binPath, 0)
}, nil)
}