internal/app: rename init to init0

This makes way for the new container init. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-13 21:57:54 +09:00
parent 9b1a60b5c9
commit 4133b555ba
10 changed files with 18 additions and 14 deletions
--- a/internal/app/app_nixos_test.go
+++ b/internal/app/app_nixos_test.go
@@ -218,6 +218,6 @@ var testCasesNixos = []sealTestCase{
 			Bind("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", "/run/dbus/system_bus_socket").
 			Tmpfs("/var/run/nscd", 8192).
 			Bind("/run/wrappers/bin/fortify", "/.fortify/sbin/fortify").
-			Symlink("fortify", "/.fortify/sbin/init"),
+			Symlink("fortify", "/.fortify/sbin/init0"),
 	},
 }
--- a/internal/app/app_pd_test.go
+++ b/internal/app/app_pd_test.go
@@ -158,7 +158,7 @@ var testCasesPd = []sealTestCase{
 			CopyBind("/etc/group", []byte("fortify:x:65534:\n")).
 			Tmpfs("/var/run/nscd", 8192).
 			Bind("/run/wrappers/bin/fortify", "/.fortify/sbin/fortify").
-			Symlink("fortify", "/.fortify/sbin/init"),
+			Symlink("fortify", "/.fortify/sbin/init0"),
 	},
 	{
 		"nixos permissive defaults chromium", new(stubNixOS),
@@ -389,6 +389,6 @@ var testCasesPd = []sealTestCase{
 			Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", "/run/dbus/system_bus_socket").
 			Tmpfs("/var/run/nscd", 8192).
 			Bind("/run/wrappers/bin/fortify", "/.fortify/sbin/fortify").
-			Symlink("fortify", "/.fortify/sbin/init"),
+			Symlink("fortify", "/.fortify/sbin/init0"),
 	},
 }
--- a/internal/app/init0/early.go
+++ b/internal/app/init0/early.go
@@ -9,9 +9,9 @@ import (

 // used by the parent process

-// TryArgv0 calls [Main] if argv0 indicates the process is started from a file named "init".
+// TryArgv0 calls [Main] if the last element of argv0 is "init0".
 func TryArgv0() {
-	if len(os.Args) > 0 && path.Base(os.Args[0]) == "init" {
+	if len(os.Args) > 0 && path.Base(os.Args[0]) == "init0" {
 		Main()
 		internal.Exit(0)
 	}
--- a/internal/app/init0/main.go
+++ b/internal/app/init0/main.go
@@ -25,7 +25,7 @@ const (
 func Main() {
 	// sharing stdout with shim
 	// USE WITH CAUTION
-	fmsg.Prepare("init")
+	fmsg.Prepare("init0")

 	// setting this prevents ptrace
 	if err := internal.SetDumpable(internal.SUID_DUMP_DISABLE); err != nil {
--- a/internal/app/init0/payload.go
+++ b/internal/app/init0/payload.go
--- a/internal/app/seal.go
+++ b/internal/app/seal.go
@@ -486,7 +486,7 @@ func (seal *outcome) finalise(sys sys.State, config *fst.Config) error {

 	// mount fortify in sandbox for init
 	seal.container.Bind(sys.MustExecutable(), path.Join(fst.Tmp, "sbin/fortify"))
-	seal.container.Symlink("fortify", path.Join(fst.Tmp, "sbin/init"))
+	seal.container.Symlink("fortify", path.Join(fst.Tmp, "sbin/init0"))

 	fmsg.Verbosef("created application seal for uid %s (%s) groups: %v, command: %s",
 		seal.user.uid, seal.user.username, config.Confinement.Groups, config.Command)
--- a/internal/app/shim/main.go
+++ b/internal/app/shim/main.go
@@ -16,7 +16,7 @@ import (
 	"git.gensokyo.uk/security/fortify/helper/proc"
 	"git.gensokyo.uk/security/fortify/helper/seccomp"
 	"git.gensokyo.uk/security/fortify/internal"
-	init0 "git.gensokyo.uk/security/fortify/internal/app/init"
+	"git.gensokyo.uk/security/fortify/internal/app/init0"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

@@ -125,7 +125,7 @@ func Main() {
 		seccomp.CPrintln = log.Println
 	}
 	if b, err := helper.NewBwrap(
-		conf, path.Join(fst.Tmp, "sbin/init"), false,
+		conf, path.Join(fst.Tmp, "sbin/init0"), false,
 		nil, func(int, int) []string { return make([]string, 0) },
 		extraFiles,
 		syncFd,