From b47094191145277319b81feb6d1a7f0e3e20b906 Mon Sep 17 00:00:00 2001 From: Ophestra Umiker Date: Sun, 13 Oct 2024 12:09:38 +0900 Subject: [PATCH] shim: get rid of insane launch condition Signed-off-by: Ophestra Umiker --- internal/app/launch.machinectl.go | 4 ++-- internal/app/launch.sudo.go | 2 +- internal/shim/main.go | 11 +++++++++++ internal/shim/parent.go | 8 -------- main.go | 6 ++---- 5 files changed, 16 insertions(+), 15 deletions(-) diff --git a/internal/app/launch.machinectl.go b/internal/app/launch.machinectl.go index 59efd55..9fb9ea0 100644 --- a/internal/app/launch.machinectl.go +++ b/internal/app/launch.machinectl.go @@ -57,8 +57,8 @@ func (a *app) commandBuilderMachineCtl(shimEnv string) (args []string) { } } - // both license and version flags need to be set to activate shim path - innerCommand.WriteString("exec " + a.seal.sys.executable + " -V -license") + // launch fortify as shim + innerCommand.WriteString("exec " + a.seal.sys.executable + " shim") // append inner command args = append(args, innerCommand.String()) diff --git a/internal/app/launch.sudo.go b/internal/app/launch.sudo.go index 777cb2a..3e364ac 100644 --- a/internal/app/launch.sudo.go +++ b/internal/app/launch.sudo.go @@ -26,7 +26,7 @@ func (a *app) commandBuilderSudo(shimEnv string) (args []string) { args = append(args, shimEnv) // -- $@ - args = append(args, "--", a.seal.sys.executable, "-V", "--license") // magic for shim.Try() + args = append(args, "--", a.seal.sys.executable, "shim") return } diff --git a/internal/shim/main.go b/internal/shim/main.go index f9cf038..e5bca6f 100644 --- a/internal/shim/main.go +++ b/internal/shim/main.go @@ -3,6 +3,7 @@ package shim import ( "encoding/gob" "errors" + "flag" "fmt" "net" "os" @@ -148,3 +149,13 @@ func receiveWLfd(conn *net.UnixConn) (int, error) { return fds[0], nil } } + +// Try runs shim and stops execution if FORTIFY_SHIM is set. +func Try() { + if args := flag.Args(); len(args) == 1 && args[0] == "shim" { + if s, ok := os.LookupEnv(EnvShim); ok { + shim(s) + panic("unreachable") + } + } +} diff --git a/internal/shim/parent.go b/internal/shim/parent.go index 7ffc1c4..9885655 100644 --- a/internal/shim/parent.go +++ b/internal/shim/parent.go @@ -80,11 +80,3 @@ func ServeConfig(socket string, payload *Payload, wl string, done chan struct{}) return ws, nil } } - -// Try runs shim and stops execution if FORTIFY_SHIM is set. -func Try() { - if s, ok := os.LookupEnv(EnvShim); ok { - shim(s) - } - panic("unreachable") -} diff --git a/main.go b/main.go index 896f7aa..b0558c1 100644 --- a/main.go +++ b/main.go @@ -35,10 +35,8 @@ func main() { verbose.Println("system booted with systemd as init system") } - // launcher payload early exit - if printVersion && printLicense { - shim.Try() - } + // shim early exit + shim.Try() // version/license/template command early exit tryVersion()