fipc: export config struct
Also store full config as part of state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
@@ -82,27 +82,41 @@ func (s *simpleStore) mustPrintLauncherState(w **tabwriter.Writer, now time.Time
|
||||
continue
|
||||
}
|
||||
|
||||
// build enablements string
|
||||
ets := strings.Builder{}
|
||||
// append enablement strings in order
|
||||
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
|
||||
if state.Capability.Has(i) {
|
||||
ets.WriteString(", " + i.String())
|
||||
// build enablements and command string
|
||||
var (
|
||||
ets *strings.Builder
|
||||
cs = "(No command information)"
|
||||
)
|
||||
|
||||
// check if enablements are provided
|
||||
if state.Config != nil {
|
||||
ets = new(strings.Builder)
|
||||
// append enablement strings in order
|
||||
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
|
||||
if state.Config.Confinement.Enablements.Has(i) {
|
||||
ets.WriteString(", " + i.String())
|
||||
}
|
||||
}
|
||||
|
||||
cs = fmt.Sprintf("%q", state.Config.Command)
|
||||
}
|
||||
// prevent an empty string when
|
||||
if ets.Len() == 0 {
|
||||
ets.WriteString("(No enablements)")
|
||||
if ets != nil {
|
||||
// prevent an empty string
|
||||
if ets.Len() == 0 {
|
||||
ets.WriteString("(No enablements)")
|
||||
}
|
||||
} else {
|
||||
ets = new(strings.Builder)
|
||||
ets.WriteString("(No confinement information)")
|
||||
}
|
||||
|
||||
if !fmsg.Verbose() {
|
||||
_, _ = fmt.Fprintf(*w, "\t%d\t%s\t%s\t%s\t%s\n",
|
||||
state.PID, s.path[len(s.path)-1], now.Sub(state.Time).Round(time.Second).String(), strings.TrimPrefix(ets.String(), ", "),
|
||||
state.Command)
|
||||
state.PID, s.path[len(s.path)-1], now.Sub(state.Time).Round(time.Second).String(), strings.TrimPrefix(ets.String(), ", "), cs)
|
||||
} else {
|
||||
// emit argv instead when verbose
|
||||
_, _ = fmt.Fprintf(*w, "\t%d\t%s\t%s\n",
|
||||
state.PID, s.path[len(s.path)-1], state.Argv)
|
||||
state.PID, s.path[len(s.path)-1], state.ID)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -176,6 +176,10 @@ func (b *simpleBackend) Save(state *State) error {
|
||||
b.lock.Lock()
|
||||
defer b.lock.Unlock()
|
||||
|
||||
if state.Config == nil {
|
||||
return errors.New("state does not contain config")
|
||||
}
|
||||
|
||||
statePath := b.filename(state.PID)
|
||||
|
||||
// create and open state data file
|
||||
|
||||
@@ -3,7 +3,7 @@ package state
|
||||
import (
|
||||
"time"
|
||||
|
||||
"git.ophivana.moe/security/fortify/internal/system"
|
||||
"git.ophivana.moe/security/fortify/fipc"
|
||||
)
|
||||
|
||||
type Store interface {
|
||||
@@ -26,15 +26,13 @@ type Backend interface {
|
||||
|
||||
// State is the on-disk format for a fortified process's state information
|
||||
type State struct {
|
||||
// fortify instance id
|
||||
ID [16]byte `json:"instance"`
|
||||
// child process PID value
|
||||
PID int
|
||||
// command used to seal the app
|
||||
Command []string
|
||||
// capability enablements applied to child
|
||||
Capability system.Enablements
|
||||
PID int `json:"pid"`
|
||||
// sealed app configuration
|
||||
Config *fipc.Config `json:"config"`
|
||||
|
||||
// full argv whe launching
|
||||
Argv []string
|
||||
// process start time
|
||||
Time time.Time
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user