cmd/hakurei: expose current instance identifier

This writes the 16-byte instance identifier to file descriptor specified by --identifier-fd if set, and closes the file. This enables safely obtaining the new instance's identifier. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-11-10 07:51:00 +09:00 · 2025-11-10 07:51:00 +09:00 · bb92e3ada9
commit bb92e3ada9
parent fad419c2a2
4 changed files with 44 additions and 18 deletions
--- a/cmd/hakurei/command.go
+++ b/cmd/hakurei/command.go
@ -52,20 +52,26 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr

 	c.Command("shim", command.UsageInternal, func([]string) error { outcome.Shim(msg); return errSuccess })

-	c.Command("app", "Load and start container from configuration file", func(args []string) error {
-		if len(args) < 1 {
-			log.Fatal("app requires at least 1 argument")
-		}
+	{
+		var (
+			flagIdentifierFile int
+		)
+		c.NewCommand("app", "Load and start container from configuration file", func(args []string) error {
+			if len(args) < 1 {
+				log.Fatal("app requires at least 1 argument")
+			}

-		// config extraArgs...
-		config := tryPath(msg, args[0])
-		if config != nil && config.Container != nil {
-			config.Container.Args = append(config.Container.Args, args[1:]...)
-		}
+			config := tryPath(msg, args[0])
+			if config != nil && config.Container != nil {
+				config.Container.Args = append(config.Container.Args, args[1:]...)
+			}

-		outcome.Main(ctx, msg, config)
-		panic("unreachable")
-	})
+			outcome.Main(ctx, msg, config, flagIdentifierFile)
+			panic("unreachable")
+		}).
+			Flag(&flagIdentifierFile, "identifier-fd", command.IntFlag(-1),
+				"Write identifier of current instance to fd after successful startup")
+	}

 	{
 		var (
@ -257,7 +263,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 				}
 			}

-			outcome.Main(ctx, msg, config)
+			outcome.Main(ctx, msg, config, -1)
 			panic("unreachable")
 		}).
 			Flag(&flagDBusConfigSession, "dbus-config", command.StringFlag("builtin"),
--- a/internal/outcome/main.go
+++ b/internal/outcome/main.go
@ -10,21 +10,21 @@ import (
 )

 // Main runs an app according to [hst.Config] and terminates. Main does not return.
-func Main(ctx context.Context, msg message.Msg, config *hst.Config) {
+func Main(ctx context.Context, msg message.Msg, config *hst.Config, fd int) {
 	var id hst.ID
 	if err := hst.NewInstanceID(&id); err != nil {
 		log.Fatal(err.Error())
 	}

-	seal := outcome{syscallDispatcher: direct{msg}}
+	k := outcome{syscallDispatcher: direct{msg}}

 	finaliseTime := time.Now()
-	if err := seal.finalise(ctx, msg, &id, config); err != nil {
+	if err := k.finalise(ctx, msg, &id, config); err != nil {
 		printMessageError(msg.GetLogger().Fatalln, "cannot seal app:", err)
 		panic("unreachable")
 	}
 	msg.Verbosef("finalise took %.2f ms", float64(time.Since(finaliseTime).Nanoseconds())/1e6)

-	seal.main(msg)
+	k.main(msg, fd)
 	panic("unreachable")
 }
--- a/internal/outcome/process.go
+++ b/internal/outcome/process.go
@ -33,7 +33,7 @@ const (
 func NewStore(sc *hst.Paths) *store.Store { return store.New(sc.SharePath.Append("state")) }

 // main carries out outcome and terminates. main does not return.
-func (k *outcome) main(msg message.Msg) {
+func (k *outcome) main(msg message.Msg, identifierFd int) {
 	if k.ctx == nil || k.sys == nil || k.state == nil {
 		panic("outcome: did not finalise")
 	}
@ -163,6 +163,21 @@ func (k *outcome) main(msg message.Msg) {
 				continue
 			}

+			if f := os.NewFile(uintptr(identifierFd), "identifier"); f != nil {
+				_, err = f.Write(k.state.id.v[:])
+				if err != nil {
+					unlock()
+					// transition here to avoid the commit/revert cycle on the doomed instance
+					perrorFatal(&hst.AppError{Step: "write instance identifier", Err: err},
+						"write instance identifier", processLifecycle)
+					continue
+				}
+				msg.Verbosef("wrote identifier to %d", identifierFd)
+				if err = f.Close(); err != nil {
+					msg.Verbose(err.Error())
+				}
+			}
+
 			err = k.sys.Commit()
 			unlock()
 			if err != nil {
--- a/test/test.py
+++ b/test/test.py
@ -172,6 +172,11 @@ machine.send_chars("exit\n")
 machine.wait_for_file("/tmp/p0-exit-ok", timeout=15)
 machine.fail("getfacl --absolute-names --omit-header --numeric /run/user/1000 | grep 10000")

+# Check invalid identifier fd behaviour:
+machine.fail('echo \'{"container":{"shell":"/proc/nonexistent","home":"/proc/nonexistent","path":"/proc/nonexistent"}}\' | sudo -u alice -i hakurei -v app --identifier-fd 32767 - 2>&1 | tee > /tmp/invalid-identifier-fd')
+machine.wait_for_file("/tmp/invalid-identifier-fd")
+print(machine.succeed('grep "^hakurei: cannot write identifier: bad file descriptor$" /tmp/invalid-identifier-fd'))
+
 # Check interrupt shim behaviour:
 swaymsg("exec sh -c 'ne-foot; echo -n $? > /tmp/monitor-exit-code'")
 wait_for_window(f"u0_a{hakurei_identity(0)}@machine")