system: move enablements from state package
This removes the unnecessary import of the state package. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
@@ -6,7 +6,7 @@ import (
|
||||
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/helper/bwrap"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
)
|
||||
|
||||
func init() {
|
||||
@@ -41,7 +41,7 @@ type ConfinementConfig struct {
|
||||
SessionBus *dbus.Config `json:"session_bus,omitempty"`
|
||||
|
||||
// child capability enablements
|
||||
Enablements state.Enablements `json:"enablements"`
|
||||
Enablements system.Enablements `json:"enablements"`
|
||||
}
|
||||
|
||||
// SandboxConfig describes resources made available to the sandbox.
|
||||
@@ -171,7 +171,7 @@ func Template() *Config {
|
||||
Log: false,
|
||||
Filter: true,
|
||||
},
|
||||
Enablements: state.EnableWayland.Mask() | state.EnableDBus.Mask() | state.EnablePulse.Mask(),
|
||||
Enablements: system.EWayland.Mask() | system.EDBus.Mask() | system.EPulse.Mask(),
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
@@ -167,7 +167,7 @@ func (a *app) Seal(config *Config) error {
|
||||
conf.Override = append(conf.Override, nscd)
|
||||
}
|
||||
// bind GPU stuff
|
||||
if config.Confinement.Enablements.Has(state.EnableX) || config.Confinement.Enablements.Has(state.EnableWayland) {
|
||||
if config.Confinement.Enablements.Has(system.EX11) || config.Confinement.Enablements.Has(system.EWayland) {
|
||||
conf.Filesystem = append(conf.Filesystem, &FilesystemConfig{Src: "/dev/dri", Device: true})
|
||||
}
|
||||
config.Confinement.Sandbox = conf
|
||||
|
||||
@@ -5,7 +5,7 @@ import (
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/dbus"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -14,7 +14,7 @@ const (
|
||||
)
|
||||
|
||||
func (seal *appSeal) shareDBus(config [2]*dbus.Config) error {
|
||||
if !seal.et.Has(state.EnableDBus) {
|
||||
if !seal.et.Has(system.EDBus) {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ import (
|
||||
|
||||
"git.ophivana.moe/cat/fortify/acl"
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -30,7 +30,7 @@ func (seal *appSeal) shareDisplay() error {
|
||||
}
|
||||
|
||||
// set up wayland
|
||||
if seal.et.Has(state.EnableWayland) {
|
||||
if seal.et.Has(system.EWayland) {
|
||||
if wd, ok := os.LookupEnv(waylandDisplay); !ok {
|
||||
return fmsg.WrapError(ErrWayland,
|
||||
"WAYLAND_DISPLAY is not set")
|
||||
@@ -44,7 +44,7 @@ func (seal *appSeal) shareDisplay() error {
|
||||
seal.sys.bwrap.Bind(wpi, w)
|
||||
|
||||
// ensure Wayland socket ACL (e.g. `/run/user/%d/wayland-%d`)
|
||||
seal.sys.UpdatePermType(state.EnableWayland, wp, acl.Read, acl.Write, acl.Execute)
|
||||
seal.sys.UpdatePermType(system.EWayland, wp, acl.Read, acl.Write, acl.Execute)
|
||||
} else {
|
||||
// set wayland socket path (e.g. `/run/user/%d/wayland-%d`)
|
||||
seal.wl = path.Join(seal.RuntimePath, wd)
|
||||
@@ -52,7 +52,7 @@ func (seal *appSeal) shareDisplay() error {
|
||||
}
|
||||
|
||||
// set up X11
|
||||
if seal.et.Has(state.EnableX) {
|
||||
if seal.et.Has(system.EX11) {
|
||||
// discover X11 and grant user permission via the `ChangeHosts` command
|
||||
if d, ok := os.LookupEnv(display); !ok {
|
||||
return fmsg.WrapError(ErrXDisplay,
|
||||
|
||||
@@ -8,7 +8,7 @@ import (
|
||||
"path"
|
||||
|
||||
"git.ophivana.moe/cat/fortify/internal/fmsg"
|
||||
"git.ophivana.moe/cat/fortify/internal/state"
|
||||
"git.ophivana.moe/cat/fortify/internal/system"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -26,7 +26,7 @@ var (
|
||||
)
|
||||
|
||||
func (seal *appSeal) sharePulse() error {
|
||||
if !seal.et.Has(state.EnablePulse) {
|
||||
if !seal.et.Has(system.EPulse) {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -202,8 +202,8 @@ func (a *app) Wait() (int, error) {
|
||||
}
|
||||
|
||||
// enablements of remaining launchers
|
||||
rt, ec := new(state.Enablements), new(system.Criteria)
|
||||
ec.Enablements = new(state.Enablements)
|
||||
rt, ec := new(system.Enablements), new(system.Criteria)
|
||||
ec.Enablements = new(system.Enablements)
|
||||
ec.Set(system.Process)
|
||||
if states, err := b.Load(); err != nil {
|
||||
return err
|
||||
@@ -222,14 +222,14 @@ func (a *app) Wait() (int, error) {
|
||||
}
|
||||
}
|
||||
// invert accumulated enablements for cleanup
|
||||
for i := state.Enablement(0); i < state.EnableLength; i++ {
|
||||
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
|
||||
if !rt.Has(i) {
|
||||
ec.Set(i)
|
||||
}
|
||||
}
|
||||
if verbose.Get() {
|
||||
labels := make([]string, 0, state.EnableLength+1)
|
||||
for i := state.Enablement(0); i < state.EnableLength+2; i++ {
|
||||
labels := make([]string, 0, system.ELen+1)
|
||||
for i := system.Enablement(0); i < system.Enablement(system.ELen+2); i++ {
|
||||
if ec.Has(i) {
|
||||
labels = append(labels, system.TypeString(i))
|
||||
}
|
||||
|
||||
@@ -38,7 +38,7 @@ type appSeal struct {
|
||||
// path to launcher program
|
||||
toolPath string
|
||||
// pass-through enablement tracking from config
|
||||
et state.Enablements
|
||||
et system.Enablements
|
||||
|
||||
// prevents sharing from happening twice
|
||||
shared bool
|
||||
|
||||
Reference in New Issue
Block a user