helper/bwrap: move sync to helper state

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/proc/priv/shim/main.go

@@ -62,8 +62,9 @@ func Main() {
 	}
 
 	// restore bwrap sync fd
+	var syncFd *os.File
 	if payload.Sync != nil {
-		payload.Bwrap.SetSync(os.NewFile(*payload.Sync, "sync"))
+		syncFd = os.NewFile(*payload.Sync, "sync")
 	}
 
 	// close setup socket
@@ -134,8 +135,11 @@ func Main() {
 	conf.Symlink("fortify", innerInit)
 
 	helper.BubblewrapName = payload.Exec[0] // resolved bwrap path by parent
-	if b, err := helper.NewBwrap(conf, nil, innerInit,
-		func(int, int) []string { return make([]string, 0) }); err != nil {
+	if b, err := helper.NewBwrap(
+		conf, innerInit,
+		nil, func(int, int) []string { return make([]string, 0) },
+		syncFd,
+	); err != nil {
 		fmsg.Fatalf("malformed sandbox config: %v", err)
 	} else {
 		cmd := b.Unwrap()

internal/proc/priv/shim/manager.go

@@ -24,6 +24,8 @@ type Shim struct {
 	killFallback chan error
 	// monitor to shim encoder
 	encoder *gob.Encoder
+	// bwrap --sync-fd value
+	sync *uintptr
 }
 
 func (s *Shim) String() string {
@@ -46,8 +48,8 @@ func (s *Shim) Start(
 	aid string,
 	// string representation of supplementary group ids
 	supp []string,
-	// shim setup payload
-	payload *Payload,
+	// bwrap --sync-fd
+	syncFd *os.File,
 ) (*time.Time, error) {
 	// prepare user switcher invocation
 	var fsu string
@@ -80,9 +82,9 @@ func (s *Shim) Start(
 	s.cmd.Dir = "/"
 
 	// pass sync fd if set
-	if payload.Bwrap.Sync() != nil {
-		fd := proc.ExtraFile(s.cmd, payload.Bwrap.Sync())
-		payload.Sync = &fd
+	if syncFd != nil {
+		fd := proc.ExtraFile(s.cmd, syncFd)
+		s.sync = &fd
 	}
 
 	fmsg.VPrintln("starting shim via fsu:", s.cmd)
@@ -106,6 +108,7 @@ func (s *Shim) Serve(ctx context.Context, payload *Payload) error {
 	}
 	defer func() { killShim() }()
 
+	payload.Sync = s.sync
 	encodeErr := make(chan error)
 	go func() { encodeErr <- s.encoder.Encode(payload) }()