system/wayland: hang up security-context-v1 internally

This should have been an implementation detail and should not be up to the caller to close. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-10-05 03:19:37 +09:00
parent eb5ee4fece
commit 8ace214832
6 changed files with 50 additions and 84 deletions
--- a/internal/app/app_test.go
+++ b/internal/app/app_test.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"io"
 	"io/fs"
-	"os"
 	"reflect"
 	"syscall"
 	"testing"
@@ -140,7 +139,7 @@ func TestApp(t *testing.T) {
 				Ensure(m("/tmp/hakurei.0/tmpdir"), 0700).UpdatePermType(system.User, m("/tmp/hakurei.0/tmpdir"), acl.Execute).
 				Ensure(m("/tmp/hakurei.0/tmpdir/9"), 01700).UpdatePermType(system.User, m("/tmp/hakurei.0/tmpdir/9"), acl.Read, acl.Write, acl.Execute).
 				Ephemeral(system.Process, m("/tmp/hakurei.0/ebf083d1b175911782d413369b64ce7c"), 0711).
-				Wayland(new(*os.File), m("/tmp/hakurei.0/ebf083d1b175911782d413369b64ce7c/wayland"), m("/run/user/1971/wayland-0"), "org.chromium.Chromium", "ebf083d1b175911782d413369b64ce7c").
+				Wayland(m("/tmp/hakurei.0/ebf083d1b175911782d413369b64ce7c/wayland"), m("/run/user/1971/wayland-0"), "org.chromium.Chromium", "ebf083d1b175911782d413369b64ce7c").
 				Ensure(m("/run/user/1971/hakurei"), 0700).UpdatePermType(system.User, m("/run/user/1971/hakurei"), acl.Execute).
 				Ensure(m("/run/user/1971"), 0700).UpdatePermType(system.User, m("/run/user/1971"), acl.Execute). // this is ordered as is because the previous Ensure only calls mkdir if XDG_RUNTIME_DIR is unset
 				Ephemeral(system.Process, m("/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c"), 0700).UpdatePermType(system.Process, m("/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c"), acl.Execute).
--- a/internal/app/finalise.go
+++ b/internal/app/finalise.go
@@ -39,9 +39,6 @@ type outcome struct {

 	container container.Params

-	// TODO(ophestra): move this to the system op
-	sync *os.File
-
 	// Populated during outcome.finalise.
 	proc *finaliseProcess

@@ -227,7 +224,7 @@ func (k *outcome) finalise(ctx context.Context, msg container.Msg, id *state.ID,

 		et := config.Enablements.Unwrap()
 		if et&hst.EWayland != 0 {
-			ops = append(ops, &spWaylandOp{sync: &k.sync})
+			ops = append(ops, &spWaylandOp{})
 		}
 		if et&hst.EX11 != 0 {
 			ops = append(ops, &spX11Op{})
--- a/internal/app/process.go
+++ b/internal/app/process.go
@@ -124,11 +124,6 @@ func (ms mainState) beforeExit(isFault bool) {
 		}

 		ms.Resume()
-		if ms.k.sync != nil {
-			if err := ms.k.sync.Close(); err != nil {
-				perror(err, "close wayland security context")
-			}
-		}
 	}

 	if ms.uintptr&mainNeedsRevert != 0 {
--- a/internal/app/spwayland.go
+++ b/internal/app/spwayland.go
@@ -1,8 +1,6 @@
 package app

 import (
-	"os"
-
 	"hakurei.app/container"
 	"hakurei.app/hst"
 	"hakurei.app/system/acl"
@@ -13,10 +11,6 @@ import (
 type spWaylandOp struct {
 	// Path to host wayland socket. Populated during toSystem if DirectWayland is true.
 	SocketPath *container.Absolute
-
-	// Address to write the security-context-v1 synchronisation fd [os.File] address to.
-	// Only populated for toSystem.
-	sync **os.File
 }

 func (s *spWaylandOp) toSystem(state *outcomeStateSys, config *hst.Config) error {
@@ -38,7 +32,7 @@ func (s *spWaylandOp) toSystem(state *outcomeStateSys, config *hst.Config) error
 			appID = "app.hakurei." + state.id.String()
 		}
 		// downstream socket paths
-		state.sys.Wayland(s.sync, state.instance().Append("wayland"), socketPath, appID, state.id.String())
+		state.sys.Wayland(state.instance().Append("wayland"), socketPath, appID, state.id.String())
 	} else { // bind mount wayland socket (insecure)
 		state.msg.Verbose("direct wayland access, PROCEED WITH CAUTION")
 		state.ensureRuntimeDir()