hst: rename net and abstract fields

This makes more sense and matches the container library.

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/hakurei/print.go

@@ -98,7 +98,8 @@ func printShowInstance(
 		}
 		writeFlag("userns", params.Userns)
 		writeFlag("devel", params.Devel)
-		writeFlag("net", params.Net)
+		writeFlag("net", params.HostNet)
+		writeFlag("abstract", params.HostAbstract)
 		writeFlag("device", params.Device)
 		writeFlag("tty", params.Tty)
 		writeFlag("mapuid", params.MapRealUID)

cmd/hakurei/print_test.go

@@ -41,7 +41,7 @@ func Test_printShowInstance(t *testing.T) {
  Groups:         video, dialout, plugdev
  Data:           /var/lib/hakurei/u0/org.chromium.Chromium
  Hostname:       localhost
- Flags:          userns devel net device tty mapuid autoetc
+ Flags:          userns devel net abstract device tty mapuid autoetc
  Root:           /var/lib/hakurei/base/org.debian (2)
  Etc:            /etc/
  Path:           /run/current-system/sw/bin/chromium
@@ -120,7 +120,7 @@ App
  Groups:         video, dialout, plugdev
  Data:           /var/lib/hakurei/u0/org.chromium.Chromium
  Hostname:       localhost
- Flags:          userns devel net device tty mapuid autoetc
+ Flags:          userns devel net abstract device tty mapuid autoetc
  Root:           /var/lib/hakurei/base/org.debian (2)
  Etc:            /etc/
  Path:           /run/current-system/sw/bin/chromium
@@ -267,7 +267,8 @@ App
       "seccomp_compat": true,
       "devel": true,
       "userns": true,
-      "net": true,
+      "host_net": true,
+      "host_abstract": true,
       "tty": true,
       "multiarch": true,
       "env": {
@@ -415,7 +416,8 @@ App
     "seccomp_compat": true,
     "devel": true,
     "userns": true,
-    "net": true,
+    "host_net": true,
+    "host_abstract": true,
     "tty": true,
     "multiarch": true,
     "env": {
@@ -617,7 +619,8 @@ func Test_printPs(t *testing.T) {
         "seccomp_compat": true,
         "devel": true,
         "userns": true,
-        "net": true,
+        "host_net": true,
+        "host_abstract": true,
         "tty": true,
         "multiarch": true,
         "env": {

cmd/hpkg/app.go

@@ -26,9 +26,9 @@ type appInfo struct {
 	// passed through to [hst.Config]
 	Userns bool `json:"userns,omitempty"`
 	// passed through to [hst.Config]
-	Net bool `json:"net,omitempty"`
+	HostNet bool `json:"net,omitempty"`
 	// passed through to [hst.Config]
-	Abstract bool `json:"abstract,omitempty"`
+	HostAbstract bool `json:"abstract,omitempty"`
 	// passed through to [hst.Config]
 	Device bool `json:"dev,omitempty"`
 	// passed through to [hst.Config]
@@ -85,14 +85,14 @@ func (app *appInfo) toHst(pathSet *appPathSet, pathname *container.Absolute, arg
 		Groups:   app.Groups,
 
 		Container: &hst.ContainerConfig{
-			Hostname:   formatHostname(app.Name),
+			Hostname:     formatHostname(app.Name),
-			Devel:      app.Devel,
+			Devel:        app.Devel,
-			Userns:     app.Userns,
+			Userns:       app.Userns,
-			Net:        app.Net,
+			HostNet:      app.HostNet,
-			Abstract:   app.Abstract,
+			HostAbstract: app.HostAbstract,
-			Device:     app.Device,
+			Device:       app.Device,
-			Tty:        app.Tty || flagDropShell,
+			Tty:          app.Tty || flagDropShell,
-			MapRealUID: app.MapRealUID,
+			MapRealUID:   app.MapRealUID,
 			Filesystem: []hst.FilesystemConfigJSON{
 				{FilesystemConfig: &hst.FSBind{Source: pathSet.nixPath.Append("store"), Target: pathNixStore}},
 				{FilesystemConfig: &hst.FSBind{Source: pathSet.metaPath, Target: hst.AbsTmp.Append("app")}},

cmd/hpkg/with.go

@@ -45,7 +45,7 @@ func withNixDaemon(
 		Container: &hst.ContainerConfig{
 			Hostname:     formatHostname(app.Name) + "-" + action,
 			Userns:       true, // nix sandbox requires userns
-			Net:          net,
+			HostNet:      net,
 			SeccompFlags: seccomp.AllowMultiarch,
 			Tty:          dropShell,
 			Filesystem: []hst.FilesystemConfigJSON{

hst/config.go

@@ -78,9 +78,9 @@ type (
 		// allow userns creation in container
 		Userns bool `json:"userns,omitempty"`
 		// share host net namespace
-		Net bool `json:"net,omitempty"`
+		HostNet bool `json:"host_net,omitempty"`
 		// share abstract unix socket scope
-		Abstract bool `json:"abstract,omitempty"`
+		HostAbstract bool `json:"host_abstract,omitempty"`
 		// allow dangerous terminal I/O
 		Tty bool `json:"tty,omitempty"`
 		// allow multiarch

hst/hst.go

@@ -79,7 +79,8 @@ func Template() *Config {
 			Hostname:       "localhost",
 			Devel:          true,
 			Userns:         true,
-			Net:            true,
+			HostNet:        true,
+			HostAbstract:   true,
 			Device:         true,
 			WaitDelay:      -1,
 			SeccompFlags:   seccomp.AllowMultiarch,

hst/hst_test.go

@@ -90,7 +90,8 @@ func TestTemplate(t *testing.T) {
 		"seccomp_compat": true,
 		"devel": true,
 		"userns": true,
-		"net": true,
+		"host_net": true,
+		"host_abstract": true,
 		"tty": true,
 		"multiarch": true,
 		"env": {

internal/app/app_nixos_linux_test.go

@@ -27,7 +27,7 @@ var testCasesNixos = []sealTestCase{
 			Shell:       m("/run/current-system/sw/bin/zsh"),
 
 			Container: &hst.ContainerConfig{
-				Userns: true, Net: true, MapRealUID: true, Env: nil, AutoEtc: true,
+				Userns: true, HostNet: true, MapRealUID: true, Env: nil, AutoEtc: true,
 				Filesystem: []hst.FilesystemConfigJSON{
 					f(&hst.FSBind{Source: m("/bin")}),
 					f(&hst.FSBind{Source: m("/usr/bin/")}),

internal/app/container_linux.go

@@ -32,8 +32,8 @@ func newContainer(s *hst.ContainerConfig, os sys.State, prefix string, uid, gid
 		SeccompFlags:   s.SeccompFlags,
 		SeccompPresets: s.SeccompPresets,
 		RetainSession:  s.Tty,
-		HostNet:        s.Net,
+		HostNet:        s.HostNet,
-		HostAbstract:   s.Abstract,
+		HostAbstract:   s.HostAbstract,
 
 		// the container is canceled when shim is requested to exit or receives an interrupt or termination signal;
 		// this behaviour is implemented in the shim

internal/app/seal_linux.go

@@ -238,11 +238,11 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 		}
 
 		conf := &hst.ContainerConfig{
-			Userns:   true,
+			Userns:       true,
-			Net:      true,
+			HostNet:      true,
-			Abstract: true,
+			HostAbstract: true,
-			Tty:      true,
+			Tty:          true,
-			AutoEtc:  true,
+			AutoEtc:      true,
 
 			AutoRoot:  container.AbsFHSRoot,
 			RootFlags: container.BindWritable,

nixos.nix

@@ -131,14 +131,14 @@ in
                         wait_delay
                         devel
                         userns
-                        net
-                        abstract
                         device
                         tty
                         multiarch
                         env
                         ;
                       map_real_uid = app.mapRealUid;
+                      host_net = app.hostNet;
+                      host_abstract = app.hostAbstract;
 
                       filesystem =
                         let

options.nix

@@ -179,10 +179,10 @@ in
               tty = mkEnableOption "access to the controlling terminal";
               multiarch = mkEnableOption "multiarch kernel-level support";
 
-              net = mkEnableOption "network access" // {
+              hostNet = mkEnableOption "share host net namespace" // {
                 default = true;
               };
-              abstract = mkEnableOption "abstract unix domain socket access";
+              hostAbstract = mkEnableOption "share abstract unix socket scope";
 
               nix = mkEnableOption "nix daemon access";
               mapRealUid = mkEnableOption "mapping to priv-user uid";