hst/config: remove data field, rename dir to home

There is no reason to give the home directory special treatment, as this behaviour can be quite confusing. The home directory also does not necessarily require its own mount point, it could be provided by a parent or simply be ephemeral.

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/app/app_nixos_linux_test.go

@@ -41,6 +41,7 @@ var testCasesNixos = []sealTestCase{
 					f(&hst.FSBind{Source: m("/run/opengl-driver")}),
 					f(&hst.FSBind{Source: m("/dev/dri"), Device: true, Optional: true}),
 					f(&hst.FSBind{Source: m("/etc/"), Target: m("/etc/"), Special: true}),
+					f(&hst.FSBind{Source: m("/var/lib/persist/module/hakurei/0/1"), Write: true, Ensure: true}),
 				},
 			},
 			SystemBus: &dbus.Config{
@@ -64,7 +65,7 @@ var testCasesNixos = []sealTestCase{
 			DirectWayland: true,
 
 			Username: "u0_a1",
-			Data:     m("/var/lib/persist/module/hakurei/0/1"),
+			Home:     m("/var/lib/persist/module/hakurei/0/1"),
 			Identity: 1, Groups: []string{},
 		},
 		state.ID{
@@ -145,11 +146,11 @@ var testCasesNixos = []sealTestCase{
 				Bind(m("/run/opengl-driver"), m("/run/opengl-driver"), 0).
 				Bind(m("/dev/dri"), m("/dev/dri"), container.BindDevice|container.BindWritable|container.BindOptional).
 				Etc(m("/etc/"), "8e2c76b066dabe574cf073bdb46eb5c1").
+				Bind(m("/var/lib/persist/module/hakurei/0/1"), m("/var/lib/persist/module/hakurei/0/1"), container.BindWritable|container.BindEnsure).
 				Remount(m("/dev/"), syscall.MS_RDONLY).
 				Tmpfs(m("/run/user/"), 4096, 0755).
 				Bind(m("/tmp/hakurei.1971/runtime/1"), m("/run/user/1971"), container.BindWritable).
 				Bind(m("/tmp/hakurei.1971/tmpdir/1"), m("/tmp/"), container.BindWritable).
-				Bind(m("/var/lib/persist/module/hakurei/0/1"), m("/var/lib/persist/module/hakurei/0/1"), container.BindWritable).
 				Place(m("/etc/passwd"), []byte("u0_a1:x:1971:100:Hakurei:/var/lib/persist/module/hakurei/0/1:/run/current-system/sw/bin/zsh\n")).
 				Place(m("/etc/group"), []byte("hakurei:x:100:\n")).
 				Bind(m("/run/user/1971/wayland-0"), m("/run/user/1971/wayland-0"), 0).

internal/app/app_pd_linux_test.go

@@ -16,7 +16,7 @@ import (
 var testCasesPd = []sealTestCase{
 	{
 		"nixos permissive defaults no enablements", new(stubNixOS),
-		&hst.Config{Username: "chronos", Data: m("/home/chronos")},
+		&hst.Config{Username: "chronos", Home: m("/home/chronos")},
 		state.ID{
 			0x4a, 0x45, 0x0b, 0x65,
 			0x96, 0xd7, 0xbc, 0x15,
@@ -56,7 +56,6 @@ var testCasesPd = []sealTestCase{
 				Tmpfs(m("/run/user/"), 4096, 0755).
 				Bind(m("/tmp/hakurei.1971/runtime/0"), m("/run/user/65534"), container.BindWritable).
 				Bind(m("/tmp/hakurei.1971/tmpdir/0"), m("/tmp/"), container.BindWritable).
-				Bind(m("/home/chronos"), m("/home/chronos"), container.BindWritable).
 				Place(m("/etc/passwd"), []byte("chronos:x:65534:65534:Hakurei:/home/chronos:/run/current-system/sw/bin/zsh\n")).
 				Place(m("/etc/group"), []byte("hakurei:x:65534:\n")).
 				Remount(m("/"), syscall.MS_RDONLY),
@@ -75,7 +74,7 @@ var testCasesPd = []sealTestCase{
 			Identity: 9,
 			Groups:   []string{"video"},
 			Username: "chronos",
-			Data:     m("/home/chronos"),
+			Home:     m("/home/chronos"),
 			SessionBus: &dbus.Config{
 				Talk: []string{
 					"org.freedesktop.Notifications",
@@ -193,7 +192,6 @@ var testCasesPd = []sealTestCase{
 				Tmpfs(m("/run/user/"), 4096, 0755).
 				Bind(m("/tmp/hakurei.1971/runtime/9"), m("/run/user/65534"), container.BindWritable).
 				Bind(m("/tmp/hakurei.1971/tmpdir/9"), m("/tmp/"), container.BindWritable).
-				Bind(m("/home/chronos"), m("/home/chronos"), container.BindWritable).
 				Place(m("/etc/passwd"), []byte("chronos:x:65534:65534:Hakurei:/home/chronos:/run/current-system/sw/bin/zsh\n")).
 				Place(m("/etc/group"), []byte("hakurei:x:65534:\n")).
 				Bind(m("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/wayland"), m("/run/user/65534/wayland-0"), 0).

internal/app/process_linux.go

@@ -128,7 +128,6 @@ func (seal *outcome) Run(rs *RunState) error {
 			os.Getpid(),
 			seal.waitDelay,
 			seal.container,
-			seal.user.data.String(),
 			hlog.Load(),
 		})
 	}()

internal/app/seal_linux.go

@@ -144,8 +144,6 @@ type hsuUser struct {
 	// supplementary group ids
 	supp []string
 
-	// home directory host path
-	data *container.Absolute
 	// app user home directory
 	home *container.Absolute
 	// passwd database username
@@ -161,8 +159,8 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 	if config == nil {
 		return hlog.WrapErr(syscall.EINVAL, syscall.EINVAL.Error())
 	}
-	if config.Data == nil {
-		return hlog.WrapErr(os.ErrInvalid, "invalid data directory")
+	if config.Home == nil {
+		return hlog.WrapErr(os.ErrInvalid, "invalid path to home directory")
 	}
 
 	{
@@ -183,8 +181,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 
 	seal.user = hsuUser{
 		aid:      newInt(config.Identity),
-		data:     config.Data,
-		home:     config.Dir,
+		home:     config.Home,
 		username: config.Username,
 	}
 	if seal.user.username == "" {
@@ -194,9 +191,6 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 		return hlog.WrapErr(ErrName,
 			fmt.Sprintf("invalid user name %q", seal.user.username))
 	}
-	if seal.user.home == nil {
-		seal.user.home = seal.user.data
-	}
 	if u, err := sys.Uid(seal.user.aid.unwrap()); err != nil {
 		return err
 	} else {
@@ -244,6 +238,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 			Tty:          true,
 
 			Filesystem: []hst.FilesystemConfigJSON{
+				// autoroot, includes the home directory
 				{&hst.FSBind{
 					Target:  container.AbsFHSRoot,
 					Source:  container.AbsFHSRoot,
@@ -347,7 +342,6 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 		if seal.user.username != "" {
 			username = seal.user.username
 		}
-		seal.container.Bind(seal.user.data, seal.user.home, container.BindWritable)
 		seal.container.Dir = seal.user.home
 		seal.env["HOME"] = seal.user.home.String()
 		seal.env["USER"] = username

internal/app/shim_linux.go

@@ -34,8 +34,6 @@ type shimParams struct {
 
 	// finalised container params
 	Container *container.Params
-	// path to outer home directory
-	Home string
 
 	// verbosity pass through
 	Verbose bool
@@ -142,21 +140,6 @@ func ShimMain() {
 		// not fatal
 	}
 
-	// ensure home directory as target user
-	if s, err := os.Stat(params.Home); err != nil {
-		if os.IsNotExist(err) {
-			if err = os.Mkdir(params.Home, 0700); err != nil {
-				log.Fatalf("cannot create home directory: %v", err)
-			}
-		} else {
-			log.Fatalf("cannot access home directory: %v", err)
-		}
-
-		// home directory is created, proceed
-	} else if !s.IsDir() {
-		log.Fatalf("path %q is not a directory", params.Home)
-	}
-
 	ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
 	cancelContainer.Store(&stop)
 	z := container.New(ctx)