hst/container: pack boolean options

The memory saving is relatively insignificant, however this increases serialisation efficiency. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-10-14 06:37:24 +09:00
parent a341466942
commit 4c647add0d
14 changed files with 362 additions and 144 deletions
--- a/cmd/hakurei/command.go
+++ b/cmd/hakurei/command.go
@@ -147,11 +147,6 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 				Enablements: hst.NewEnablements(et),

 				Container: &hst.ContainerConfig{
-					Userns:       true,
-					HostNet:      true,
-					Tty:          true,
-					HostAbstract: true,
-
 					Filesystem: []hst.FilesystemConfigJSON{
 						// autoroot, includes the home directory
 						{FilesystemConfig: &hst.FSBind{
@@ -167,6 +162,8 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr

 					Path: progPath,
 					Args: args,
+
+					Flags: hst.FUserns | hst.FHostNet | hst.FHostAbstract | hst.FTty,
 				},
 			}

--- a/cmd/hakurei/print.go
+++ b/cmd/hakurei/print.go
@@ -87,19 +87,19 @@ func printShowInstance(
 			t.Printf(" Hostname:\t%s\n", params.Hostname)
 		}
 		flags := make([]string, 0, 7)
-		writeFlag := func(name string, value bool) {
-			if value {
+		writeFlag := func(name string, flag uintptr, force bool) {
+			if params.Flags&flag != 0 || force {
 				flags = append(flags, name)
 			}
 		}
-		writeFlag("userns", params.Userns)
-		writeFlag("devel", params.Devel)
-		writeFlag("net", params.HostNet)
-		writeFlag("abstract", params.HostAbstract)
-		writeFlag("device", params.Device)
-		writeFlag("tty", params.Tty)
-		writeFlag("mapuid", params.MapRealUID)
-		writeFlag("directwl", config.DirectWayland)
+		writeFlag("userns", hst.FUserns, false)
+		writeFlag("devel", hst.FDevel, false)
+		writeFlag("net", hst.FHostNet, false)
+		writeFlag("abstract", hst.FHostAbstract, false)
+		writeFlag("device", hst.FDevice, false)
+		writeFlag("tty", hst.FTty, false)
+		writeFlag("mapuid", hst.FMapRealUID, false)
+		writeFlag("directwl", 0, config.DirectWayland)
 		if len(flags) == 0 {
 			flags = append(flags, "none")
 		}
--- a/cmd/hakurei/print_test.go
+++ b/cmd/hakurei/print_test.go
@@ -252,20 +252,11 @@ App
    "container": {
      "hostname": "localhost",
      "wait_delay": -1,
-      "seccomp_compat": true,
-      "devel": true,
-      "userns": true,
-      "host_net": true,
-      "host_abstract": true,
-      "tty": true,
-      "multiarch": true,
      "env": {
        "GOOGLE_API_KEY": "AIzaSyBHDrl33hwRp4rMQY0ziRbj8K9LPA6vUCY",
        "GOOGLE_DEFAULT_CLIENT_ID": "77185425430.apps.googleusercontent.com",
        "GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT"
      },
-      "map_real_uid": true,
-      "device": true,
      "filesystem": [
        {
          "type": "bind",
@@ -331,7 +322,16 @@ App
        "--disable-smooth-scrolling",
        "--enable-features=UseOzonePlatform",
        "--ozone-platform=wayland"
-      ]
+      ],
+      "seccomp_compat": true,
+      "devel": true,
+      "userns": true,
+      "host_net": true,
+      "host_abstract": true,
+      "tty": true,
+      "multiarch": true,
+      "map_real_uid": true,
+      "device": true
    }
  },
  "time": "1970-01-01T00:00:00.000000009Z"
@@ -402,20 +402,11 @@ App
  "container": {
    "hostname": "localhost",
    "wait_delay": -1,
-    "seccomp_compat": true,
-    "devel": true,
-    "userns": true,
-    "host_net": true,
-    "host_abstract": true,
-    "tty": true,
-    "multiarch": true,
    "env": {
      "GOOGLE_API_KEY": "AIzaSyBHDrl33hwRp4rMQY0ziRbj8K9LPA6vUCY",
      "GOOGLE_DEFAULT_CLIENT_ID": "77185425430.apps.googleusercontent.com",
      "GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT"
    },
-    "map_real_uid": true,
-    "device": true,
    "filesystem": [
      {
        "type": "bind",
@@ -481,7 +472,16 @@ App
      "--disable-smooth-scrolling",
      "--enable-features=UseOzonePlatform",
      "--ozone-platform=wayland"
-    ]
+    ],
+    "seccomp_compat": true,
+    "devel": true,
+    "userns": true,
+    "host_net": true,
+    "host_abstract": true,
+    "tty": true,
+    "multiarch": true,
+    "map_real_uid": true,
+    "device": true
  }
 }
 `, true},
@@ -612,20 +612,11 @@ func TestPrintPs(t *testing.T) {
      "container": {
        "hostname": "localhost",
        "wait_delay": -1,
-        "seccomp_compat": true,
-        "devel": true,
-        "userns": true,
-        "host_net": true,
-        "host_abstract": true,
-        "tty": true,
-        "multiarch": true,
        "env": {
          "GOOGLE_API_KEY": "AIzaSyBHDrl33hwRp4rMQY0ziRbj8K9LPA6vUCY",
          "GOOGLE_DEFAULT_CLIENT_ID": "77185425430.apps.googleusercontent.com",
          "GOOGLE_DEFAULT_CLIENT_SECRET": "OTJgUOQcT7lO7GsGZq2G4IlT"
        },
-        "map_real_uid": true,
-        "device": true,
        "filesystem": [
          {
            "type": "bind",
@@ -691,7 +682,16 @@ func TestPrintPs(t *testing.T) {
          "--disable-smooth-scrolling",
          "--enable-features=UseOzonePlatform",
          "--ozone-platform=wayland"
-        ]
+        ],
+        "seccomp_compat": true,
+        "devel": true,
+        "userns": true,
+        "host_net": true,
+        "host_abstract": true,
+        "tty": true,
+        "multiarch": true,
+        "map_real_uid": true,
+        "device": true
      }
    },
    "time": "1970-01-01T00:00:00.000000009Z"