container/fhs: move pathname constants

This allows referencing FHS pathnames without importing container. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-10-07 21:29:16 +09:00
parent 0e6c1a5026
commit 5d18af0007
33 changed files with 264 additions and 233 deletions
--- a/internal/app/app_test.go
+++ b/internal/app/app_test.go
@@ -17,6 +17,7 @@ import (
 	"hakurei.app/container"
 	"hakurei.app/container/bits"
 	"hakurei.app/container/check"
+	"hakurei.app/container/fhs"
 	"hakurei.app/hst"
 	"hakurei.app/internal/app/state"
 	"hakurei.app/system"
@@ -42,19 +43,19 @@ func TestApp(t *testing.T) {

 				Filesystem: []hst.FilesystemConfigJSON{
 					{FilesystemConfig: &hst.FSBind{
-						Target:  container.AbsFHSRoot,
-						Source:  container.AbsFHSRoot,
+						Target:  fhs.AbsRoot,
+						Source:  fhs.AbsRoot,
 						Write:   true,
 						Special: true,
 					}},
 					{FilesystemConfig: &hst.FSBind{
-						Source:   container.AbsFHSDev.Append("kvm"),
+						Source:   fhs.AbsDev.Append("kvm"),
 						Device:   true,
 						Optional: true,
 					}},
 					{FilesystemConfig: &hst.FSBind{
-						Target:  container.AbsFHSEtc,
-						Source:  container.AbsFHSEtc,
+						Target:  fhs.AbsEtc,
+						Source:  fhs.AbsEtc,
 						Special: true,
 					}},
 				},
@@ -160,24 +161,24 @@ func TestApp(t *testing.T) {

 					Filesystem: []hst.FilesystemConfigJSON{
 						{FilesystemConfig: &hst.FSBind{
-							Target:  container.AbsFHSRoot,
-							Source:  container.AbsFHSRoot,
+							Target:  fhs.AbsRoot,
+							Source:  fhs.AbsRoot,
 							Write:   true,
 							Special: true,
 						}},
 						{FilesystemConfig: &hst.FSBind{
-							Source:   container.AbsFHSDev.Append("dri"),
+							Source:   fhs.AbsDev.Append("dri"),
 							Device:   true,
 							Optional: true,
 						}},
 						{FilesystemConfig: &hst.FSBind{
-							Source:   container.AbsFHSDev.Append("kvm"),
+							Source:   fhs.AbsDev.Append("kvm"),
 							Device:   true,
 							Optional: true,
 						}},
 						{FilesystemConfig: &hst.FSBind{
-							Target:  container.AbsFHSEtc,
-							Source:  container.AbsFHSEtc,
+							Target:  fhs.AbsEtc,
+							Source:  fhs.AbsEtc,
 							Special: true,
 						}},
 					},
--- a/internal/app/env_test.go
+++ b/internal/app/env_test.go
@@ -7,6 +7,7 @@ import (

 	"hakurei.app/container"
 	"hakurei.app/container/check"
+	"hakurei.app/container/fhs"
 	"hakurei.app/container/stub"
 	"hakurei.app/hst"
 )
@@ -23,26 +24,26 @@ func TestEnvPaths(t *testing.T) {
 		{"zero", new(EnvPaths), hst.Paths{}, "attempting to use an invalid EnvPaths"},

 		{"nil tempdir", &EnvPaths{
-			RuntimePath: container.AbsFHSTmp,
+			RuntimePath: fhs.AbsTmp,
 		}, hst.Paths{}, "attempting to use an invalid EnvPaths"},

 		{"nil runtime", &EnvPaths{
-			TempDir: container.AbsFHSTmp,
+			TempDir: fhs.AbsTmp,
 		}, hst.Paths{
-			TempDir:     container.AbsFHSTmp,
-			SharePath:   container.AbsFHSTmp.Append("hakurei.3735928559"),
-			RuntimePath: container.AbsFHSTmp.Append("hakurei.3735928559/run/compat"),
-			RunDirPath:  container.AbsFHSTmp.Append("hakurei.3735928559/run"),
+			TempDir:     fhs.AbsTmp,
+			SharePath:   fhs.AbsTmp.Append("hakurei.3735928559"),
+			RuntimePath: fhs.AbsTmp.Append("hakurei.3735928559/run/compat"),
+			RunDirPath:  fhs.AbsTmp.Append("hakurei.3735928559/run"),
 		}, ""},

 		{"full", &EnvPaths{
-			TempDir:     container.AbsFHSTmp,
-			RuntimePath: container.AbsFHSRunUser.Append("1000"),
+			TempDir:     fhs.AbsTmp,
+			RuntimePath: fhs.AbsRunUser.Append("1000"),
 		}, hst.Paths{
-			TempDir:     container.AbsFHSTmp,
-			SharePath:   container.AbsFHSTmp.Append("hakurei.3735928559"),
-			RuntimePath: container.AbsFHSRunUser.Append("1000"),
-			RunDirPath:  container.AbsFHSRunUser.Append("1000/hakurei"),
+			TempDir:     fhs.AbsTmp,
+			SharePath:   fhs.AbsTmp.Append("hakurei.3735928559"),
+			RuntimePath: fhs.AbsRunUser.Append("1000"),
+			RunDirPath:  fhs.AbsRunUser.Append("1000/hakurei"),
 		}, ""},
 	}
 	for _, tc := range testCases {
--- a/internal/app/finalise.go
+++ b/internal/app/finalise.go
@@ -16,6 +16,7 @@ import (
 	"syscall"

 	"hakurei.app/container"
+	"hakurei.app/container/fhs"
 	"hakurei.app/hst"
 	"hakurei.app/internal/app/state"
 	"hakurei.app/system"
@@ -184,7 +185,7 @@ func (k *outcome) finalise(ctx context.Context, msg container.Msg, id *state.ID,

 	// mount root read-only as the final setup Op
 	// TODO(ophestra): move this to spFilesystemOp after #8 and #9
-	k.container.Remount(container.AbsFHSRoot, syscall.MS_RDONLY)
+	k.container.Remount(fhs.AbsRoot, syscall.MS_RDONLY)

 	// append ExtraPerms last
 	for _, p := range config.ExtraPerms {
--- a/internal/app/hsu.go
+++ b/internal/app/hsu.go
@@ -10,6 +10,7 @@ import (
 	"sync"

 	"hakurei.app/container"
+	"hakurei.app/container/fhs"
 	"hakurei.app/hst"
 )

@@ -45,7 +46,7 @@ func (h *Hsu) ID() (int, error) {
 		cmd.Path = hsuPath
 		cmd.Stderr = os.Stderr // pass through fatal messages
 		cmd.Env = make([]string, 0)
-		cmd.Dir = container.FHSRoot
+		cmd.Dir = fhs.Root
 		var (
 			p         []byte
 			exitError *exec.ExitError
--- a/internal/app/process.go
+++ b/internal/app/process.go
@@ -14,6 +14,7 @@ import (

 	"hakurei.app/container"
 	"hakurei.app/container/check"
+	"hakurei.app/container/fhs"
 	"hakurei.app/hst"
 	"hakurei.app/internal"
 	"hakurei.app/internal/app/state"
@@ -253,7 +254,7 @@ func (k *outcome) main(msg container.Msg) {

 	ms.cmd = exec.CommandContext(ctx, hsuPath.String())
 	ms.cmd.Stdin, ms.cmd.Stdout, ms.cmd.Stderr = os.Stdin, os.Stdout, os.Stderr
-	ms.cmd.Dir = container.FHSRoot // container init enters final working directory
+	ms.cmd.Dir = fhs.Root // container init enters final working directory
 	// shim runs in the same session as monitor; see shim.go for behaviour
 	ms.cmd.Cancel = func() error { return ms.cmd.Process.Signal(syscall.SIGCONT) }

--- a/internal/app/spaccount.go
+++ b/internal/app/spaccount.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"syscall"

-	"hakurei.app/container"
+	"hakurei.app/container/fhs"
 	"hakurei.app/hst"
 )

@@ -34,14 +34,14 @@ func (s spAccountOp) toContainer(state *outcomeStateParams) error {
 	state.env["SHELL"] = state.Container.Shell.String()

 	state.params.
-		Place(container.AbsFHSEtc.Append("passwd"),
+		Place(fhs.AbsEtc.Append("passwd"),
 			[]byte(state.Container.Username+":x:"+
 				state.mapuid.String()+":"+
 				state.mapgid.String()+
 				":Hakurei:"+
 				state.Container.Home.String()+":"+
 				state.Container.Shell.String()+"\n")).
-		Place(container.AbsFHSEtc.Append("group"),
+		Place(fhs.AbsEtc.Append("group"),
 			[]byte("hakurei:x:"+state.mapgid.String()+":\n"))

 	return nil
--- a/internal/app/spcontainer.go
+++ b/internal/app/spcontainer.go
@@ -10,12 +10,13 @@ import (
 	"hakurei.app/container"
 	"hakurei.app/container/bits"
 	"hakurei.app/container/check"
+	"hakurei.app/container/fhs"
 	"hakurei.app/container/seccomp"
 	"hakurei.app/hst"
 	"hakurei.app/system/dbus"
 )

-const varRunNscd = container.FHSVar + "run/nscd"
+const varRunNscd = fhs.Var + "run/nscd"

 // spParamsOp initialises unordered fields of [container.Params] and the optional root filesystem.
 // This outcomeOp is hardcoded to always run first.
@@ -98,15 +99,15 @@ func (s *spParamsOp) toContainer(state *outcomeStateParams) error {

 	// early mount points
 	state.params.
-		Proc(container.AbsFHSProc).
+		Proc(fhs.AbsProc).
 		Tmpfs(hst.AbsTmp, 1<<12, 0755)
 	if !state.Container.Device {
-		state.params.DevWritable(container.AbsFHSDev, true)
+		state.params.DevWritable(fhs.AbsDev, true)
 	} else {
-		state.params.Bind(container.AbsFHSDev, container.AbsFHSDev, container.BindWritable|container.BindDevice)
+		state.params.Bind(fhs.AbsDev, fhs.AbsDev, container.BindWritable|container.BindDevice)
 	}
 	// /dev is mounted readonly later on, this prevents /dev/shm from going readonly with it
-	state.params.Tmpfs(container.AbsFHSDev.Append("shm"), 0, 01777)
+	state.params.Tmpfs(fhs.AbsDev.Append("shm"), 0, 01777)

 	return nil
 }
@@ -142,7 +143,7 @@ func (s spFilesystemOp) toSystem(state *outcomeStateSys, _ *hst.Config) error {
 					if path.IsAbs(pair[1]) {
 						// get parent dir of socket
 						dir := path.Dir(pair[1])
-						if dir == "." || dir == container.FHSRoot {
+						if dir == "." || dir == fhs.Root {
 							state.msg.Verbosef("dbus socket %q is in an unusual location", pair[1])
 						}
 						hidePaths = append(hidePaths, dir)
@@ -267,7 +268,7 @@ func (s spFilesystemOp) toContainer(state *outcomeStateParams) error {

 	// no more configured paths beyond this point
 	if !state.Container.Device {
-		state.params.Remount(container.AbsFHSDev, syscall.MS_RDONLY)
+		state.params.Remount(fhs.AbsDev, syscall.MS_RDONLY)
 	}
 	return nil
 }
@@ -278,7 +279,7 @@ func resolveRoot(c *hst.ContainerConfig) (rootfs hst.FilesystemConfig, filesyste
 	// root filesystem special case
 	filesystem = c.Filesystem
 	// valid happens late, so root gets it here
-	if len(filesystem) > 0 && filesystem[0].Valid() && filesystem[0].Path().String() == container.FHSRoot {
+	if len(filesystem) > 0 && filesystem[0].Valid() && filesystem[0].Path().String() == fhs.Root {
 		// if the first element targets /, it is inserted early and excluded from path hiding
 		rootfs = filesystem[0].FilesystemConfig
 		filesystem = filesystem[1:]
--- a/internal/app/spdbus.go
+++ b/internal/app/spdbus.go
@@ -1,7 +1,7 @@
 package app

 import (
-	"hakurei.app/container"
+	"hakurei.app/container/fhs"
 	"hakurei.app/hst"
 	"hakurei.app/system/acl"
 	"hakurei.app/system/dbus"
@@ -42,7 +42,7 @@ func (s *spDBusOp) toContainer(state *outcomeStateParams) error {
 	state.env["DBUS_SESSION_BUS_ADDRESS"] = "unix:path=" + sessionInner.String()
 	state.params.Bind(state.instancePath().Append("bus"), sessionInner, 0)
 	if s.ProxySystem {
-		systemInner := container.AbsFHSRun.Append("dbus/system_bus_socket")
+		systemInner := fhs.AbsRun.Append("dbus/system_bus_socket")
 		state.env["DBUS_SYSTEM_BUS_ADDRESS"] = "unix:path=" + systemInner.String()
 		state.params.Bind(state.instancePath().Append("system_bus_socket"), systemInner, 0)
 	}
--- a/internal/app/spruntime.go
+++ b/internal/app/spruntime.go
@@ -3,6 +3,7 @@ package app
 import (
 	"hakurei.app/container"
 	"hakurei.app/container/check"
+	"hakurei.app/container/fhs"
 	"hakurei.app/hst"
 	"hakurei.app/system"
 	"hakurei.app/system/acl"
@@ -27,13 +28,13 @@ func (s spRuntimeOp) toContainer(state *outcomeStateParams) error {
 		xdgSessionType  = "XDG_SESSION_TYPE"
 	)

-	state.runtimeDir = container.AbsFHSRunUser.Append(state.mapuid.String())
+	state.runtimeDir = fhs.AbsRunUser.Append(state.mapuid.String())
 	state.env[xdgRuntimeDir] = state.runtimeDir.String()
 	state.env[xdgSessionClass] = "user"
 	state.env[xdgSessionType] = "tty"

 	_, runtimeDirInst := s.commonPaths(state.outcomeState)
-	state.params.Tmpfs(container.AbsFHSRunUser, 1<<12, 0755)
+	state.params.Tmpfs(fhs.AbsRunUser, 1<<12, 0755)
 	state.params.Bind(runtimeDirInst, state.runtimeDir, container.BindWritable)
 	return nil
 }
--- a/internal/app/sptmpdir.go
+++ b/internal/app/sptmpdir.go
@@ -3,6 +3,7 @@ package app
 import (
 	"hakurei.app/container"
 	"hakurei.app/container/check"
+	"hakurei.app/container/fhs"
 	"hakurei.app/hst"
 	"hakurei.app/system"
 	"hakurei.app/system/acl"
@@ -23,7 +24,7 @@ func (s spTmpdirOp) toSystem(state *outcomeStateSys, _ *hst.Config) error {
 func (s spTmpdirOp) toContainer(state *outcomeStateParams) error {
 	// mount inner /tmp from share so it shares persistence and storage behaviour of host /tmp
 	_, tmpdirInst := s.commonPaths(state.outcomeState)
-	state.params.Bind(tmpdirInst, container.AbsFHSTmp, container.BindWritable)
+	state.params.Bind(tmpdirInst, fhs.AbsTmp, container.BindWritable)
 	return nil
 }

--- a/internal/app/spx11.go
+++ b/internal/app/spx11.go
@@ -7,13 +7,13 @@ import (
 	"strconv"
 	"strings"

-	"hakurei.app/container"
 	"hakurei.app/container/check"
+	"hakurei.app/container/fhs"
 	"hakurei.app/hst"
 	"hakurei.app/system/acl"
 )

-var absX11SocketDir = container.AbsFHSTmp.Append(".X11-unix")
+var absX11SocketDir = fhs.AbsTmp.Append(".X11-unix")

 // spX11Op exports the X11 display server to the container.
 type spX11Op struct {