app: run in native sandbox

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-25 01:52:49 +09:00
parent e732dca762
commit 5c4058d5ac
35 changed files with 949 additions and 1225 deletions
--- a/internal/app/export_test.go
+++ b/internal/app/export_test.go
@@ -2,8 +2,8 @@ package app

 import (
 	"git.gensokyo.uk/security/fortify/fst"
-	"git.gensokyo.uk/security/fortify/helper/bwrap"
 	"git.gensokyo.uk/security/fortify/internal/sys"
+	"git.gensokyo.uk/security/fortify/sandbox"
 	"git.gensokyo.uk/security/fortify/system"
 )

@@ -14,7 +14,7 @@ func NewWithID(id fst.ID, os sys.State) fst.App {
 	return a
 }

-func AppSystemBwrap(a fst.App, sa fst.SealedApp) (*system.I, *bwrap.Config) {
+func AppIParams(a fst.App, sa fst.SealedApp) (*system.I, *sandbox.Params) {
 	v := a.(*app)
 	seal := sa.(*outcome)
 	if v.outcome != seal || v.id != seal.id {