internal/app: hold config address in state
All checks were successful
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m13s
Test / Hakurei (push) Successful in 3m6s
Test / Hpkg (push) Successful in 4m9s
Test / Sandbox (race detector) (push) Successful in 4m32s
Test / Hakurei (race detector) (push) Successful in 5m22s
Test / Flake checks (push) Successful in 1m34s
All checks were successful
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m13s
Test / Hakurei (push) Successful in 3m6s
Test / Hpkg (push) Successful in 4m9s
Test / Sandbox (race detector) (push) Successful in 4m32s
Test / Hakurei (race detector) (push) Successful in 5m22s
Test / Flake checks (push) Successful in 1m34s
This can be removed eventually as it is barely used. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
a941ac025f
commit
4246256d78
SSH Key Fingerprint:
SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
@ -464,9 +464,9 @@ func TestApp(t *testing.T) {
|
||||
}
|
||||
|
||||
gotSys = system.New(t.Context(), msg, sPriv.uid.unwrap())
|
||||
stateSys := outcomeStateSys{sys: gotSys, outcomeState: &sPriv}
|
||||
stateSys := outcomeStateSys{config: tc.config, sys: gotSys, outcomeState: &sPriv}
|
||||
for _, op := range sPriv.Shim.Ops {
|
||||
if err := op.toSystem(&stateSys, tc.config); err != nil {
|
||||
if err := op.toSystem(&stateSys); err != nil {
|
||||
t.Fatalf("toSystem: error = %#v", err)
|
||||
}
|
||||
}
|
||||
|
||||
@ -81,9 +81,9 @@ func (k *outcome) finalise(ctx context.Context, msg message.Msg, id *state.ID, c
|
||||
}
|
||||
|
||||
sys := system.New(k.ctx, msg, s.uid.unwrap())
|
||||
stateSys := outcomeStateSys{sys: sys, outcomeState: &s}
|
||||
stateSys := outcomeStateSys{config: config, sys: sys, outcomeState: &s}
|
||||
for _, op := range s.Shim.Ops {
|
||||
if err := op.toSystem(&stateSys, config); err != nil {
|
||||
if err := op.toSystem(&stateSys); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
@ -133,7 +133,7 @@ func (s *outcomeState) instancePath() *check.Absolute { return s.sc.SharePath.Ap
|
||||
func (s *outcomeState) runtimePath() *check.Absolute { return s.sc.RunDirPath.Append(s.id.String()) }
|
||||
|
||||
// outcomeStateSys wraps outcomeState and [system.I]. Used on the priv side only.
|
||||
// Implementations of outcomeOp must not access fields other than sys unless explicitly stated.
|
||||
// Implementations of outcomeOp must not access fields other than sys and config unless explicitly stated.
|
||||
type outcomeStateSys struct {
|
||||
// Whether XDG_RUNTIME_DIR is used post hsu.
|
||||
useRuntimeDir bool
|
||||
@ -141,6 +141,8 @@ type outcomeStateSys struct {
|
||||
sharePath *check.Absolute
|
||||
// Process-specific directory in XDG_RUNTIME_DIR, nil if unused.
|
||||
runtimeSharePath *check.Absolute
|
||||
// Must not be modified by outcomeOp.
|
||||
config *hst.Config
|
||||
|
||||
sys *system.I
|
||||
*outcomeState
|
||||
@ -206,7 +208,7 @@ type outcomeStateParams struct {
|
||||
// An implementation of outcomeOp must store cross-process states in exported fields only.
|
||||
type outcomeOp interface {
|
||||
// toSystem inflicts the current outcome on [system.I] in the priv side process.
|
||||
toSystem(state *outcomeStateSys, config *hst.Config) error
|
||||
toSystem(state *outcomeStateSys) error
|
||||
|
||||
// toContainer inflicts the current outcome on [container.Params] in the shim process.
|
||||
// The implementation must not write to the Env field of [container.Params] as it will be overwritten
|
||||
|
||||
@ -6,7 +6,6 @@ import (
|
||||
"syscall"
|
||||
|
||||
"hakurei.app/container/fhs"
|
||||
"hakurei.app/hst"
|
||||
)
|
||||
|
||||
func init() { gob.Register(spAccountOp{}) }
|
||||
@ -14,7 +13,7 @@ func init() { gob.Register(spAccountOp{}) }
|
||||
// spAccountOp sets up user account emulation inside the container.
|
||||
type spAccountOp struct{}
|
||||
|
||||
func (s spAccountOp) toSystem(state *outcomeStateSys, _ *hst.Config) error {
|
||||
func (s spAccountOp) toSystem(state *outcomeStateSys) error {
|
||||
const fallbackUsername = "chronos"
|
||||
|
||||
// do checks here to fail before fork/exec
|
||||
|
||||
@ -32,7 +32,7 @@ type spParamsOp struct {
|
||||
TermSet bool
|
||||
}
|
||||
|
||||
func (s *spParamsOp) toSystem(state *outcomeStateSys, _ *hst.Config) error {
|
||||
func (s *spParamsOp) toSystem(state *outcomeStateSys) error {
|
||||
s.Term, s.TermSet = state.k.lookupEnv("TERM")
|
||||
state.sys.Ensure(state.sc.SharePath, 0711)
|
||||
return nil
|
||||
@ -122,7 +122,7 @@ func init() { gob.Register(spFilesystemOp{}) }
|
||||
// spFilesystemOp applies configured filesystems to [container.Params], excluding the optional root filesystem.
|
||||
type spFilesystemOp struct{}
|
||||
|
||||
func (s spFilesystemOp) toSystem(state *outcomeStateSys, _ *hst.Config) error {
|
||||
func (s spFilesystemOp) toSystem(state *outcomeStateSys) error {
|
||||
/* retrieve paths and hide them if they're made available in the sandbox;
|
||||
|
||||
this feature tries to improve user experience of permissive defaults, and
|
||||
|
||||
@ -4,7 +4,6 @@ import (
|
||||
"encoding/gob"
|
||||
|
||||
"hakurei.app/container/fhs"
|
||||
"hakurei.app/hst"
|
||||
"hakurei.app/system/acl"
|
||||
"hakurei.app/system/dbus"
|
||||
)
|
||||
@ -18,23 +17,23 @@ type spDBusOp struct {
|
||||
ProxySystem bool
|
||||
}
|
||||
|
||||
func (s *spDBusOp) toSystem(state *outcomeStateSys, config *hst.Config) error {
|
||||
if config.SessionBus == nil {
|
||||
config.SessionBus = dbus.NewConfig(config.ID, true, true)
|
||||
func (s *spDBusOp) toSystem(state *outcomeStateSys) error {
|
||||
if state.config.SessionBus == nil {
|
||||
state.config.SessionBus = dbus.NewConfig(state.config.ID, true, true)
|
||||
}
|
||||
|
||||
// downstream socket paths
|
||||
sessionPath, systemPath := state.instance().Append("bus"), state.instance().Append("system_bus_socket")
|
||||
|
||||
if err := state.sys.ProxyDBus(
|
||||
config.SessionBus, config.SystemBus,
|
||||
state.config.SessionBus, state.config.SystemBus,
|
||||
sessionPath, systemPath,
|
||||
); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
state.sys.UpdatePerm(sessionPath, acl.Read, acl.Write)
|
||||
if config.SystemBus != nil {
|
||||
if state.config.SystemBus != nil {
|
||||
s.ProxySystem = true
|
||||
state.sys.UpdatePerm(systemPath, acl.Read, acl.Write)
|
||||
}
|
||||
|
||||
@ -19,9 +19,9 @@ func init() { gob.Register(spFinal{}) }
|
||||
// It exists to avoid reordering the expected entries in test cases.
|
||||
type spFinal struct{}
|
||||
|
||||
func (s spFinal) toSystem(state *outcomeStateSys, config *hst.Config) error {
|
||||
func (s spFinal) toSystem(state *outcomeStateSys) error {
|
||||
// append ExtraPerms last
|
||||
for _, p := range config.ExtraPerms {
|
||||
for _, p := range state.config.ExtraPerms {
|
||||
if p == nil || p.Path == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
@ -23,7 +23,7 @@ type spPulseOp struct {
|
||||
Cookie *[pulseCookieSizeMax]byte
|
||||
}
|
||||
|
||||
func (s *spPulseOp) toSystem(state *outcomeStateSys, _ *hst.Config) error {
|
||||
func (s *spPulseOp) toSystem(state *outcomeStateSys) error {
|
||||
pulseRuntimeDir, pulseSocket := s.commonPaths(state.outcomeState)
|
||||
|
||||
if _, err := state.k.stat(pulseRuntimeDir.String()); err != nil {
|
||||
|
||||
@ -6,7 +6,6 @@ import (
|
||||
"hakurei.app/container/bits"
|
||||
"hakurei.app/container/check"
|
||||
"hakurei.app/container/fhs"
|
||||
"hakurei.app/hst"
|
||||
"hakurei.app/system"
|
||||
"hakurei.app/system/acl"
|
||||
)
|
||||
@ -16,7 +15,7 @@ func init() { gob.Register(spRuntimeOp{}) }
|
||||
// spRuntimeOp sets up XDG_RUNTIME_DIR inside the container.
|
||||
type spRuntimeOp struct{}
|
||||
|
||||
func (s spRuntimeOp) toSystem(state *outcomeStateSys, _ *hst.Config) error {
|
||||
func (s spRuntimeOp) toSystem(state *outcomeStateSys) error {
|
||||
runtimeDir, runtimeDirInst := s.commonPaths(state.outcomeState)
|
||||
state.sys.Ensure(runtimeDir, 0700)
|
||||
state.sys.UpdatePermType(system.User, runtimeDir, acl.Execute)
|
||||
|
||||
@ -6,7 +6,6 @@ import (
|
||||
"hakurei.app/container/bits"
|
||||
"hakurei.app/container/check"
|
||||
"hakurei.app/container/fhs"
|
||||
"hakurei.app/hst"
|
||||
"hakurei.app/system"
|
||||
"hakurei.app/system/acl"
|
||||
)
|
||||
@ -16,7 +15,7 @@ func init() { gob.Register(spTmpdirOp{}) }
|
||||
// spTmpdirOp sets up TMPDIR inside the container.
|
||||
type spTmpdirOp struct{}
|
||||
|
||||
func (s spTmpdirOp) toSystem(state *outcomeStateSys, _ *hst.Config) error {
|
||||
func (s spTmpdirOp) toSystem(state *outcomeStateSys) error {
|
||||
tmpdir, tmpdirInst := s.commonPaths(state.outcomeState)
|
||||
state.sys.Ensure(tmpdir, 0700)
|
||||
state.sys.UpdatePermType(system.User, tmpdir, acl.Execute)
|
||||
|
||||
@ -17,7 +17,7 @@ type spWaylandOp struct {
|
||||
SocketPath *check.Absolute
|
||||
}
|
||||
|
||||
func (s *spWaylandOp) toSystem(state *outcomeStateSys, config *hst.Config) error {
|
||||
func (s *spWaylandOp) toSystem(state *outcomeStateSys) error {
|
||||
// outer wayland socket (usually `/run/user/%d/wayland-%d`)
|
||||
var socketPath *check.Absolute
|
||||
if name, ok := state.k.lookupEnv(wayland.WaylandDisplay); !ok {
|
||||
@ -29,8 +29,8 @@ func (s *spWaylandOp) toSystem(state *outcomeStateSys, config *hst.Config) error
|
||||
socketPath = a
|
||||
}
|
||||
|
||||
if !config.DirectWayland { // set up security-context-v1
|
||||
appID := config.ID
|
||||
if !state.config.DirectWayland { // set up security-context-v1
|
||||
appID := state.config.ID
|
||||
if appID == "" {
|
||||
// use instance ID in case app id is not set
|
||||
appID = "app.hakurei." + state.id.String()
|
||||
|
||||
@ -24,7 +24,7 @@ type spX11Op struct {
|
||||
Display string
|
||||
}
|
||||
|
||||
func (s *spX11Op) toSystem(state *outcomeStateSys, _ *hst.Config) error {
|
||||
func (s *spX11Op) toSystem(state *outcomeStateSys) error {
|
||||
if d, ok := state.k.lookupEnv("DISPLAY"); !ok {
|
||||
return newWithMessage("DISPLAY is not set")
|
||||
} else {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user