cmd: shim and init into separate binaries
All checks were successful
test / test (push) Successful in 19s
All checks were successful
test / test (push) Successful in 19s
This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
12
main.go
12
main.go
@@ -4,11 +4,9 @@ import (
|
||||
"flag"
|
||||
"syscall"
|
||||
|
||||
"git.ophivana.moe/security/fortify/internal"
|
||||
"git.ophivana.moe/security/fortify/internal/app"
|
||||
"git.ophivana.moe/security/fortify/internal/fmsg"
|
||||
init0 "git.ophivana.moe/security/fortify/internal/init"
|
||||
"git.ophivana.moe/security/fortify/internal/shim"
|
||||
"git.ophivana.moe/security/fortify/internal/linux"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -19,12 +17,12 @@ func init() {
|
||||
flag.BoolVar(&flagVerbose, "v", false, "Verbose output")
|
||||
}
|
||||
|
||||
var os = new(internal.Std)
|
||||
var os = new(linux.Std)
|
||||
|
||||
func main() {
|
||||
// linux/sched/coredump.h
|
||||
if _, _, errno := syscall.RawSyscall(syscall.SYS_PRCTL, syscall.PR_SET_DUMPABLE, 0, 0); errno != 0 {
|
||||
fmsg.Printf("fortify: cannot set SUID_DUMP_DISABLE: %s", errno.Error())
|
||||
fmsg.Printf("cannot set SUID_DUMP_DISABLE: %s", errno.Error())
|
||||
}
|
||||
|
||||
flag.Parse()
|
||||
@@ -34,10 +32,6 @@ func main() {
|
||||
fmsg.VPrintln("system booted with systemd as init system")
|
||||
}
|
||||
|
||||
// shim/init early exit
|
||||
init0.Try()
|
||||
shim.Try()
|
||||
|
||||
// root check
|
||||
if os.Geteuid() == 0 {
|
||||
fmsg.Fatal("this program must not run as root")
|
||||
|
||||
Reference in New Issue
Block a user