app: integrate security-context-v1

Should be able to get rid of XDG_RUNTIME_DIR share after this. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-06 04:25:33 +09:00
parent 8d0573405a
commit b3ef53b193
12 changed files with 57 additions and 185 deletions
--- a/cmd/fshim/ipc/payload.go
+++ b/cmd/fshim/ipc/payload.go
@@ -2,7 +2,6 @@ package shim0

 import (
 	"encoding/gob"
-	"errors"
 	"net"

 	"git.ophivana.moe/security/fortify/helper/bwrap"
@@ -18,25 +17,19 @@ type Payload struct {
 	Exec [2]string
 	// bwrap config
 	Bwrap *bwrap.Config
-	// whether to pass wayland fd
-	WL bool
+	// sync fd
+	Sync *uintptr

 	// verbosity pass through
 	Verbose bool
 }

-func (p *Payload) Serve(conn *net.UnixConn, wl *Wayland) error {
+func (p *Payload) Serve(conn *net.UnixConn) error {
 	if err := gob.NewEncoder(conn).Encode(*p); err != nil {
 		return fmsg.WrapErrorSuffix(err,
 			"cannot stream shim payload:")
 	}

-	if wl != nil {
-		if err := wl.WriteUnix(conn); err != nil {
-			return errors.Join(err, conn.Close())
-		}
-	}
-
 	return fmsg.WrapErrorSuffix(conn.Close(),
 		"cannot close setup connection:")
 }