system: move system access packages

These packages loosely belong in the "system" package and "system" provides high level wrappers for all of them.

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/hakurei/command.go

@@ -17,11 +17,11 @@ import (
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance"
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state"
 	"git.gensokyo.uk/security/hakurei/command"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/internal"
 	"git.gensokyo.uk/security/hakurei/internal/hlog"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 func buildCommand(out io.Writer) command.Command {

cmd/hakurei/internal/app/instance/common/container.go

@@ -9,10 +9,10 @@ import (
 	"syscall"
 
 	"git.gensokyo.uk/security/hakurei"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/internal/sys"
 	"git.gensokyo.uk/security/hakurei/seccomp"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 // in practice there should be less than 30 entries added by the runtime;

cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go

@@ -2,12 +2,12 @@ package setuid_test
 
 import (
 	"git.gensokyo.uk/security/hakurei"
-	"git.gensokyo.uk/security/hakurei/acl"
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/seccomp"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/acl"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 var testCasesNixos = []sealTestCase{

cmd/hakurei/internal/app/internal/setuid/app_pd_test.go

@@ -4,12 +4,12 @@ import (
 	"os"
 
 	"git.gensokyo.uk/security/hakurei"
-	"git.gensokyo.uk/security/hakurei/acl"
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/seccomp"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/acl"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 var testCasesPd = []sealTestCase{

cmd/hakurei/internal/app/internal/setuid/seal.go

@@ -17,16 +17,16 @@ import (
 	"syscall"
 
 	"git.gensokyo.uk/security/hakurei"
-	"git.gensokyo.uk/security/hakurei/acl"
 	. "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app"
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance/common"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/internal"
 	"git.gensokyo.uk/security/hakurei/internal/hlog"
 	"git.gensokyo.uk/security/hakurei/internal/sys"
-	"git.gensokyo.uk/security/hakurei/sandbox/wl"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/acl"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
+	"git.gensokyo.uk/security/hakurei/system/wayland"
 )
 
 const (
@@ -377,17 +377,17 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 	if config.Enablements&system.EWayland != 0 {
 		// outer wayland socket (usually `/run/user/%d/wayland-%d`)
 		var socketPath string
-		if name, ok := sys.LookupEnv(wl.WaylandDisplay); !ok {
-			hlog.Verbose(wl.WaylandDisplay + " is not set, assuming " + wl.FallbackName)
-			socketPath = path.Join(share.sc.RuntimePath, wl.FallbackName)
+		if name, ok := sys.LookupEnv(wayland.WaylandDisplay); !ok {
+			hlog.Verbose(wayland.WaylandDisplay + " is not set, assuming " + wayland.FallbackName)
+			socketPath = path.Join(share.sc.RuntimePath, wayland.FallbackName)
 		} else if !path.IsAbs(name) {
 			socketPath = path.Join(share.sc.RuntimePath, name)
 		} else {
 			socketPath = name
 		}
 
-		innerPath := path.Join(innerRuntimeDir, wl.FallbackName)
-		seal.env[wl.WaylandDisplay] = wl.FallbackName
+		innerPath := path.Join(innerRuntimeDir, wayland.FallbackName)
+		seal.env[wayland.WaylandDisplay] = wayland.FallbackName
 
 		if !config.DirectWayland { // set up security-context-v1
 			appID := config.ID

cmd/hakurei/print.go

@@ -13,9 +13,9 @@ import (
 	"time"
 
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/internal/hlog"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 func printShowSystem(output io.Writer, short, flagJSON bool) {

cmd/hakurei/print_test.go

@@ -7,8 +7,8 @@ import (
 
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app"
 	"git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state"
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 var (

cmd/planterette/app.go

@@ -6,10 +6,10 @@ import (
 	"os"
 	"path"
 
-	"git.gensokyo.uk/security/hakurei/dbus"
 	"git.gensokyo.uk/security/hakurei/hst"
 	"git.gensokyo.uk/security/hakurei/seccomp"
 	"git.gensokyo.uk/security/hakurei/system"
+	"git.gensokyo.uk/security/hakurei/system/dbus"
 )
 
 type appInfo struct {