From 4246256d781f169b86f76d8654f6df5ffc6ddae6 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Fri, 10 Oct 2025 01:20:16 +0900 Subject: [PATCH] internal/app: hold config address in state This can be removed eventually as it is barely used. Signed-off-by: Ophestra --- internal/app/app_test.go | 4 ++-- internal/app/finalise.go | 4 ++-- internal/app/outcome.go | 6 ++++-- internal/app/spaccount.go | 3 +-- internal/app/spcontainer.go | 4 ++-- internal/app/spdbus.go | 11 +++++------ internal/app/spfinal.go | 4 ++-- internal/app/sppulse.go | 2 +- internal/app/spruntime.go | 3 +-- internal/app/sptmpdir.go | 3 +-- internal/app/spwayland.go | 6 +++--- internal/app/spx11.go | 2 +- 12 files changed, 25 insertions(+), 27 deletions(-) diff --git a/internal/app/app_test.go b/internal/app/app_test.go index 7dcbc7d..fccb7ad 100644 --- a/internal/app/app_test.go +++ b/internal/app/app_test.go @@ -464,9 +464,9 @@ func TestApp(t *testing.T) { } gotSys = system.New(t.Context(), msg, sPriv.uid.unwrap()) - stateSys := outcomeStateSys{sys: gotSys, outcomeState: &sPriv} + stateSys := outcomeStateSys{config: tc.config, sys: gotSys, outcomeState: &sPriv} for _, op := range sPriv.Shim.Ops { - if err := op.toSystem(&stateSys, tc.config); err != nil { + if err := op.toSystem(&stateSys); err != nil { t.Fatalf("toSystem: error = %#v", err) } } diff --git a/internal/app/finalise.go b/internal/app/finalise.go index 7693f25..9acc51f 100644 --- a/internal/app/finalise.go +++ b/internal/app/finalise.go @@ -81,9 +81,9 @@ func (k *outcome) finalise(ctx context.Context, msg message.Msg, id *state.ID, c } sys := system.New(k.ctx, msg, s.uid.unwrap()) - stateSys := outcomeStateSys{sys: sys, outcomeState: &s} + stateSys := outcomeStateSys{config: config, sys: sys, outcomeState: &s} for _, op := range s.Shim.Ops { - if err := op.toSystem(&stateSys, config); err != nil { + if err := op.toSystem(&stateSys); err != nil { return err } } diff --git a/internal/app/outcome.go b/internal/app/outcome.go index f458993..0161755 100644 --- a/internal/app/outcome.go +++ b/internal/app/outcome.go @@ -133,7 +133,7 @@ func (s *outcomeState) instancePath() *check.Absolute { return s.sc.SharePath.Ap func (s *outcomeState) runtimePath() *check.Absolute { return s.sc.RunDirPath.Append(s.id.String()) } // outcomeStateSys wraps outcomeState and [system.I]. Used on the priv side only. -// Implementations of outcomeOp must not access fields other than sys unless explicitly stated. +// Implementations of outcomeOp must not access fields other than sys and config unless explicitly stated. type outcomeStateSys struct { // Whether XDG_RUNTIME_DIR is used post hsu. useRuntimeDir bool @@ -141,6 +141,8 @@ type outcomeStateSys struct { sharePath *check.Absolute // Process-specific directory in XDG_RUNTIME_DIR, nil if unused. runtimeSharePath *check.Absolute + // Must not be modified by outcomeOp. + config *hst.Config sys *system.I *outcomeState @@ -206,7 +208,7 @@ type outcomeStateParams struct { // An implementation of outcomeOp must store cross-process states in exported fields only. type outcomeOp interface { // toSystem inflicts the current outcome on [system.I] in the priv side process. - toSystem(state *outcomeStateSys, config *hst.Config) error + toSystem(state *outcomeStateSys) error // toContainer inflicts the current outcome on [container.Params] in the shim process. // The implementation must not write to the Env field of [container.Params] as it will be overwritten diff --git a/internal/app/spaccount.go b/internal/app/spaccount.go index 6976e80..66633d4 100644 --- a/internal/app/spaccount.go +++ b/internal/app/spaccount.go @@ -6,7 +6,6 @@ import ( "syscall" "hakurei.app/container/fhs" - "hakurei.app/hst" ) func init() { gob.Register(spAccountOp{}) } @@ -14,7 +13,7 @@ func init() { gob.Register(spAccountOp{}) } // spAccountOp sets up user account emulation inside the container. type spAccountOp struct{} -func (s spAccountOp) toSystem(state *outcomeStateSys, _ *hst.Config) error { +func (s spAccountOp) toSystem(state *outcomeStateSys) error { const fallbackUsername = "chronos" // do checks here to fail before fork/exec diff --git a/internal/app/spcontainer.go b/internal/app/spcontainer.go index ee2833b..b637831 100644 --- a/internal/app/spcontainer.go +++ b/internal/app/spcontainer.go @@ -32,7 +32,7 @@ type spParamsOp struct { TermSet bool } -func (s *spParamsOp) toSystem(state *outcomeStateSys, _ *hst.Config) error { +func (s *spParamsOp) toSystem(state *outcomeStateSys) error { s.Term, s.TermSet = state.k.lookupEnv("TERM") state.sys.Ensure(state.sc.SharePath, 0711) return nil @@ -122,7 +122,7 @@ func init() { gob.Register(spFilesystemOp{}) } // spFilesystemOp applies configured filesystems to [container.Params], excluding the optional root filesystem. type spFilesystemOp struct{} -func (s spFilesystemOp) toSystem(state *outcomeStateSys, _ *hst.Config) error { +func (s spFilesystemOp) toSystem(state *outcomeStateSys) error { /* retrieve paths and hide them if they're made available in the sandbox; this feature tries to improve user experience of permissive defaults, and diff --git a/internal/app/spdbus.go b/internal/app/spdbus.go index 81e0595..0d26d99 100644 --- a/internal/app/spdbus.go +++ b/internal/app/spdbus.go @@ -4,7 +4,6 @@ import ( "encoding/gob" "hakurei.app/container/fhs" - "hakurei.app/hst" "hakurei.app/system/acl" "hakurei.app/system/dbus" ) @@ -18,23 +17,23 @@ type spDBusOp struct { ProxySystem bool } -func (s *spDBusOp) toSystem(state *outcomeStateSys, config *hst.Config) error { - if config.SessionBus == nil { - config.SessionBus = dbus.NewConfig(config.ID, true, true) +func (s *spDBusOp) toSystem(state *outcomeStateSys) error { + if state.config.SessionBus == nil { + state.config.SessionBus = dbus.NewConfig(state.config.ID, true, true) } // downstream socket paths sessionPath, systemPath := state.instance().Append("bus"), state.instance().Append("system_bus_socket") if err := state.sys.ProxyDBus( - config.SessionBus, config.SystemBus, + state.config.SessionBus, state.config.SystemBus, sessionPath, systemPath, ); err != nil { return err } state.sys.UpdatePerm(sessionPath, acl.Read, acl.Write) - if config.SystemBus != nil { + if state.config.SystemBus != nil { s.ProxySystem = true state.sys.UpdatePerm(systemPath, acl.Read, acl.Write) } diff --git a/internal/app/spfinal.go b/internal/app/spfinal.go index b64d080..8760d09 100644 --- a/internal/app/spfinal.go +++ b/internal/app/spfinal.go @@ -19,9 +19,9 @@ func init() { gob.Register(spFinal{}) } // It exists to avoid reordering the expected entries in test cases. type spFinal struct{} -func (s spFinal) toSystem(state *outcomeStateSys, config *hst.Config) error { +func (s spFinal) toSystem(state *outcomeStateSys) error { // append ExtraPerms last - for _, p := range config.ExtraPerms { + for _, p := range state.config.ExtraPerms { if p == nil || p.Path == nil { continue } diff --git a/internal/app/sppulse.go b/internal/app/sppulse.go index bf79ae5..5e4bfab 100644 --- a/internal/app/sppulse.go +++ b/internal/app/sppulse.go @@ -23,7 +23,7 @@ type spPulseOp struct { Cookie *[pulseCookieSizeMax]byte } -func (s *spPulseOp) toSystem(state *outcomeStateSys, _ *hst.Config) error { +func (s *spPulseOp) toSystem(state *outcomeStateSys) error { pulseRuntimeDir, pulseSocket := s.commonPaths(state.outcomeState) if _, err := state.k.stat(pulseRuntimeDir.String()); err != nil { diff --git a/internal/app/spruntime.go b/internal/app/spruntime.go index 87decd1..54281c1 100644 --- a/internal/app/spruntime.go +++ b/internal/app/spruntime.go @@ -6,7 +6,6 @@ import ( "hakurei.app/container/bits" "hakurei.app/container/check" "hakurei.app/container/fhs" - "hakurei.app/hst" "hakurei.app/system" "hakurei.app/system/acl" ) @@ -16,7 +15,7 @@ func init() { gob.Register(spRuntimeOp{}) } // spRuntimeOp sets up XDG_RUNTIME_DIR inside the container. type spRuntimeOp struct{} -func (s spRuntimeOp) toSystem(state *outcomeStateSys, _ *hst.Config) error { +func (s spRuntimeOp) toSystem(state *outcomeStateSys) error { runtimeDir, runtimeDirInst := s.commonPaths(state.outcomeState) state.sys.Ensure(runtimeDir, 0700) state.sys.UpdatePermType(system.User, runtimeDir, acl.Execute) diff --git a/internal/app/sptmpdir.go b/internal/app/sptmpdir.go index 8f8dd85..cb49f78 100644 --- a/internal/app/sptmpdir.go +++ b/internal/app/sptmpdir.go @@ -6,7 +6,6 @@ import ( "hakurei.app/container/bits" "hakurei.app/container/check" "hakurei.app/container/fhs" - "hakurei.app/hst" "hakurei.app/system" "hakurei.app/system/acl" ) @@ -16,7 +15,7 @@ func init() { gob.Register(spTmpdirOp{}) } // spTmpdirOp sets up TMPDIR inside the container. type spTmpdirOp struct{} -func (s spTmpdirOp) toSystem(state *outcomeStateSys, _ *hst.Config) error { +func (s spTmpdirOp) toSystem(state *outcomeStateSys) error { tmpdir, tmpdirInst := s.commonPaths(state.outcomeState) state.sys.Ensure(tmpdir, 0700) state.sys.UpdatePermType(system.User, tmpdir, acl.Execute) diff --git a/internal/app/spwayland.go b/internal/app/spwayland.go index efbd8af..104f0a6 100644 --- a/internal/app/spwayland.go +++ b/internal/app/spwayland.go @@ -17,7 +17,7 @@ type spWaylandOp struct { SocketPath *check.Absolute } -func (s *spWaylandOp) toSystem(state *outcomeStateSys, config *hst.Config) error { +func (s *spWaylandOp) toSystem(state *outcomeStateSys) error { // outer wayland socket (usually `/run/user/%d/wayland-%d`) var socketPath *check.Absolute if name, ok := state.k.lookupEnv(wayland.WaylandDisplay); !ok { @@ -29,8 +29,8 @@ func (s *spWaylandOp) toSystem(state *outcomeStateSys, config *hst.Config) error socketPath = a } - if !config.DirectWayland { // set up security-context-v1 - appID := config.ID + if !state.config.DirectWayland { // set up security-context-v1 + appID := state.config.ID if appID == "" { // use instance ID in case app id is not set appID = "app.hakurei." + state.id.String() diff --git a/internal/app/spx11.go b/internal/app/spx11.go index ba7a768..e0e1067 100644 --- a/internal/app/spx11.go +++ b/internal/app/spx11.go @@ -24,7 +24,7 @@ type spX11Op struct { Display string } -func (s *spX11Op) toSystem(state *outcomeStateSys, _ *hst.Config) error { +func (s *spX11Op) toSystem(state *outcomeStateSys) error { if d, ok := state.k.lookupEnv("DISPLAY"); !ok { return newWithMessage("DISPLAY is not set") } else {