security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

cmd: shim and init into separate binaries
All checks were successful
test / test (push) Successful in 19s
Details

Browse Source 
This change also fixes a deadlock when shim fails to connect and complete the setup.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra
2024-11-02 03:03:44 +09:00
parent 4b7b899bb3
commit 584732f80a
27 changed files with 350 additions and 218 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/app/seal.go
View File

@@ -7,10 +7,10 @@ import (
"path"
"strconv"
shim "git.ophivana.moe/security/fortify/cmd/fshim/ipc"
"git.ophivana.moe/security/fortify/dbus"
"git.ophivana.moe/security/fortify/internal"
"git.ophivana.moe/security/fortify/internal/fmsg"
"git.ophivana.moe/security/fortify/internal/shim"
"git.ophivana.moe/security/fortify/internal/linux"
"git.ophivana.moe/security/fortify/internal/state"
"git.ophivana.moe/security/fortify/internal/system"
)
@@ -66,7 +66,7 @@ type appSeal struct {
// seal system-level component
sys *appSealSys
internal.Paths
linux.Paths
// protected by upstream mutex
}
@@ -127,13 +127,6 @@ func (a *app) Seal(config *Config) error {
// create seal system component
seal.sys = new(appSealSys)
// look up fortify executable path
if p, err := a.os.Executable(); err != nil {
return fmsg.WrapErrorSuffix(err, "cannot look up fortify executable path:")
} else {
seal.sys.executable = p
}
// look up user from system
if u, err := a.os.Lookup(config.User); err != nil {
if errors.As(err, new(user.UnknownUserError)) {