sandbox: wrap fmsg interface

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/app/init0/main.go

@@ -12,6 +12,7 @@ import (
 	"git.gensokyo.uk/security/fortify/helper/proc"
 	"git.gensokyo.uk/security/fortify/internal"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/sandbox"
 )
 
 const (
@@ -28,7 +29,7 @@ func Main() {
 	fmsg.Prepare("init0")
 
 	// setting this prevents ptrace
-	if err := internal.SetDumpable(internal.SUID_DUMP_DISABLE); err != nil {
+	if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil {
 		log.Fatalf("cannot set SUID_DUMP_DISABLE: %s", err)
 	}
 
@@ -64,7 +65,7 @@ func Main() {
 	}
 
 	// die with parent
-	if err := internal.SetPdeathsig(syscall.SIGKILL); err != nil {
+	if err := sandbox.SetPdeathsig(syscall.SIGKILL); err != nil {
 		log.Fatalf("prctl(PR_SET_PDEATHSIG, SIGKILL): %v", err)
 	}
 

internal/app/seal.go

@@ -231,10 +231,6 @@ func (seal *outcome) finalise(sys sys.State, config *fst.Config) error {
 	sc := sys.Paths()
 	seal.runDirPath = sc.RunDirPath
 	seal.sys = system.New(seal.user.uid.unwrap())
-	seal.sys.IsVerbose = fmsg.Load
-	seal.sys.Verbose = fmsg.Verbose
-	seal.sys.Verbosef = fmsg.Verbosef
-	seal.sys.WrapErr = fmsg.WrapError
 
 	/*
 		Work directories

internal/app/shim/main.go

@@ -17,6 +17,7 @@ import (
 	"git.gensokyo.uk/security/fortify/internal"
 	"git.gensokyo.uk/security/fortify/internal/app/init0"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/internal/sandbox"
 )
 
 // everything beyond this point runs as unconstrained target user
@@ -28,7 +29,7 @@ func Main() {
 	fmsg.Prepare("shim")
 
 	// setting this prevents ptrace
-	if err := internal.SetDumpable(internal.SUID_DUMP_DISABLE); err != nil {
+	if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil {
 		log.Fatalf("cannot set SUID_DUMP_DISABLE: %s", err)
 	}