security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

dbus: run in native sandbox
All checks were successful
Test / Create distribution (push) Successful in 24s
Details
Test / Fortify (push) Successful in 2m31s
Details
Test / Fpkg (push) Successful in 3m25s
Details
Test / Data race detector (push) Successful in 4m5s
Details
Test / Flake checks (push) Successful in 53s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-03-17 00:13:14 +09:00
parent bc54db54d2
commit 44277dc0f1
6 changed files with 122 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
helper/stub.go
View File

@@ -5,7 +5,6 @@ import (
"fmt"
"io"
"os"
"path"
"strconv"
"strings"
"syscall"
@@ -137,27 +136,7 @@ func bwrapStub() {
AsInit: true,
}
efp := new(proc.ExtraFilesPre)
if t, ok := os.LookupEnv("GO_TEST_FORTIFY_BWRAP_STUB_TYPE"); ok {
switch t {
case "dbus":
sc.Net = false
sc.Hostname = "fortify-dbus"
sc.Chdir = "/"
sc.Syscall = &bwrap.SyscallPolicy{DenyDevel: true, Multiarch: true}
sc.AsInit = false
sc.
Bind("/run/user/1971", "/run/user/1971").
Bind("/tmp/fortify.1971/12622d846cc3fe7b4c10359d01f0eb47", "/tmp/fortify.1971/12622d846cc3fe7b4c10359d01f0eb47", false, true).
Bind(path.Dir(os.Args[0]), path.Dir(os.Args[0]))
// manipulate extra files list so fd ends up as 5
efp.Append()
efp.Append()
}
}
if _, err := MustNewCheckedArgs(sc.Args(nil, efp, new([]proc.File))).
if _, err := MustNewCheckedArgs(sc.Args(nil, new(proc.ExtraFilesPre), new([]proc.File))).
WriteTo(want); err != nil {
panic("cannot read want: " + err.Error())
}