security/hakurei
6
3
Fork 1
Code Issues 11 Pull Requests 2 Actions 2 Packages Projects Releases 14 Wiki Activity

internal/outcome: improve doc comments
All checks were successful
Test / Create distribution (push) Successful in 1m2s
Details
Test / Sandbox (push) Successful in 2m44s
Details
Test / Hakurei (push) Successful in 4m21s
Details
Test / ShareFS (push) Successful in 4m49s
Details
Test / Hakurei (race detector) (push) Successful in 3m42s
Details
Test / Sandbox (race detector) (push) Successful in 2m24s
Details
Test / Flake checks (push) Successful in 1m17s
Details

Browse Source 
This improves readability on smaller displays.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2026-03-11 21:04:02 +09:00
parent 1e8ac5f68e
commit 5c540f90aa
11 changed files with 189 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
internal/outcome/shim.go
View File

@@ -37,9 +37,12 @@ const (
shimMsgBadPID = C.HAKUREI_SHIM_BAD_PID
)
// setupContSignal sets up the SIGCONT signal handler for the cross-uid shim exit hack.
// The signal handler is implemented in C, signals can be processed by reading from the returned reader.
// The returned function must be called after all signal processing concludes.
// setupContSignal sets up the SIGCONT signal handler for the cross-uid shim
// exit hack.
//
// The signal handler is implemented in C, signals can be processed by reading
// from the returned reader. The returned function must be called after all
// signal processing concludes.
func setupContSignal(pid int) (io.ReadCloser, func(), error) {
if r, w, err := os.Pipe(); err != nil {
return nil, nil, err
@@ -51,22 +54,28 @@ func setupContSignal(pid int) (io.ReadCloser, func(), error) {
}
}
// shimEnv is the name of the environment variable storing decimal representation of
// setup pipe fd for [container.Receive].
// shimEnv is the name of the environment variable storing decimal representation
// of setup pipe fd for [container.Receive].
const shimEnv = "HAKUREI_SHIM"
// shimParams is embedded in outcomeState and transmitted from priv side to shim.
type shimParams struct {
// Priv side pid, checked against ppid in signal handler for the syscall.SIGCONT hack.
// Priv side pid, checked against ppid in signal handler for the
// syscall.SIGCONT hack.
PrivPID int
// Duration to wait for after the initial process receives os.Interrupt before the container is killed.
// Duration to wait for after the initial process receives os.Interrupt
// before the container is killed.
//
// Limits are enforced on the priv side.
WaitDelay time.Duration
// Verbosity pass through from [message.Msg].
Verbose bool
// Copied from [hst.Config].
SchedPolicy std.SchedPolicy
// Outcome setup ops, contains setup state. Populated by outcome.finalise.
Ops []outcomeOp
}
@@ -77,7 +86,9 @@ func (p *shimParams) valid() bool { return p != nil && p.PrivPID > 0 }
// shimName is the prefix used by log.std in the shim process.
const shimName = "shim"
// Shim is called by the main function of the shim process and runs as the unconstrained target user.
// Shim is called by the main function of the shim process and runs as the
// unconstrained target user.
//
// Shim does not return.
func Shim(msg message.Msg) {
if msg == nil {
@@ -131,7 +142,8 @@ func (sp *shimPrivate) destroy() {
}
const (
// shimPipeWireTimeout is the duration pipewire-pulse is allowed to run before its socket becomes available.
// shimPipeWireTimeout is the duration pipewire-pulse is allowed to run
// before its socket becomes available.
shimPipeWireTimeout = 5 * time.Second
)