From d4284c109d593fa1413a162734b3db5134c66d19 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Sat, 18 Oct 2025 04:25:40 +0900
Subject: [PATCH] internal/app/spruntime: emulate pam_systemd type

This sets XDG_SESSION_TYPE to the corresponding values specified in pam_systemd(8) according to enablements.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 internal/app/app_test.go       |   4 +-
 internal/app/outcome.go        |   2 +-
 internal/app/spruntime.go      | 103 ++++++++++++++++++++++++++++-----
 internal/app/spruntime_test.go |  94 +++++++++++++++++++++++++++++-
 test/sandbox/case/device.nix   |   2 +-
 test/sandbox/case/mapuid.nix   |   2 +-
 test/sandbox/case/pdlike.nix   |   2 +-
 test/sandbox/case/preset.nix   |   2 +-
 test/sandbox/case/tty.nix      |   2 +-
 9 files changed, 186 insertions(+), 27 deletions(-)

diff --git a/internal/app/app_test.go b/internal/app/app_test.go
index acecf94..96fe0b1 100644
--- a/internal/app/app_test.go
+++ b/internal/app/app_test.go
@@ -268,7 +268,7 @@ func TestApp(t *testing.T) {
 					"WAYLAND_DISPLAY=wayland-0",
 					"XDG_RUNTIME_DIR=/run/user/65534",
 					"XDG_SESSION_CLASS=user",
-					"XDG_SESSION_TYPE=tty",
+					"XDG_SESSION_TYPE=wayland",
 				},
 				Ops: new(container.Ops).
 					Root(m("/"), bits.BindWritable).
@@ -420,7 +420,7 @@ func TestApp(t *testing.T) {
 					"WAYLAND_DISPLAY=wayland-0",
 					"XDG_RUNTIME_DIR=/run/user/1971",
 					"XDG_SESSION_CLASS=user",
-					"XDG_SESSION_TYPE=tty",
+					"XDG_SESSION_TYPE=wayland",
 				},
 				Ops: new(container.Ops).
 					Proc(m("/proc/")).
diff --git a/internal/app/outcome.go b/internal/app/outcome.go
index 6f688b8..d9aad2a 100644
--- a/internal/app/outcome.go
+++ b/internal/app/outcome.go
@@ -275,7 +275,7 @@ func (state *outcomeStateSys) toSystem() error {
 		// TODO(ophestra): move this late for #8 and #9
 		&spFilesystemOp{},
 
-		spRuntimeOp{},
+		&spRuntimeOp{},
 		spTmpdirOp{},
 		spAccountOp{},
 
diff --git a/internal/app/spruntime.go b/internal/app/spruntime.go
index 54281c1..35ebff0 100644
--- a/internal/app/spruntime.go
+++ b/internal/app/spruntime.go
@@ -6,43 +6,114 @@ import (
 	"hakurei.app/container/bits"
 	"hakurei.app/container/check"
 	"hakurei.app/container/fhs"
+	"hakurei.app/hst"
 	"hakurei.app/system"
 	"hakurei.app/system/acl"
 )
 
-func init() { gob.Register(spRuntimeOp{}) }
+const (
+	/*
+		Path to a user-private user-writable directory that is bound
+		to the user login time on the machine. It is automatically
+		created the first time a user logs in and removed on the
+		user's final logout. If a user logs in twice at the same time,
+		both sessions will see the same $XDG_RUNTIME_DIR and the same
+		contents. If a user logs in once, then logs out again, and
+		logs in again, the directory contents will have been lost in
+		between, but applications should not rely on this behavior and
+		must be able to deal with stale files. To store
+		session-private data in this directory, the user should
+		include the value of $XDG_SESSION_ID in the filename. This
+		directory shall be used for runtime file system objects such
+		as AF_UNIX sockets, FIFOs, PID files and similar. It is
+		guaranteed that this directory is local and offers the
+		greatest possible file system feature set the operating system
+		provides. For further details, see the XDG Base Directory
+		Specification[3].  $XDG_RUNTIME_DIR is not set if the current
+		user is not the original user of the session.
+	*/
+	envXDGRuntimeDir = "XDG_RUNTIME_DIR"
+
+	/*
+		The session class. This may be used instead of class= on the
+		module parameter line, and is usually preferred.
+	*/
+	envXDGSessionClass = "XDG_SESSION_CLASS"
+
+	/*
+		A regular interactive user session. This is the default class
+		for sessions for which a TTY or X display is known at session
+		registration time.
+	*/
+	xdgSessionClassUser = "user"
+
+	/*
+		The session type. This may be used instead of type= on the
+		module parameter line, and is usually preferred.
+
+		One of "unspecified", "tty", "x11", "wayland", "mir", or "web".
+	*/
+	envXDGSessionType = "XDG_SESSION_TYPE"
+)
+
+func init() { gob.Register(new(spRuntimeOp)) }
+
+const (
+	sessionTypeUnspec = iota
+	sessionTypeTTY
+	sessionTypeX11
+	sessionTypeWayland
+)
 
 // spRuntimeOp sets up XDG_RUNTIME_DIR inside the container.
-type spRuntimeOp struct{}
+type spRuntimeOp struct {
+	// SessionType determines the value of envXDGSessionType. Populated during toSystem.
+	SessionType uintptr
+}
 
-func (s spRuntimeOp) toSystem(state *outcomeStateSys) error {
+func (s *spRuntimeOp) toSystem(state *outcomeStateSys) error {
 	runtimeDir, runtimeDirInst := s.commonPaths(state.outcomeState)
 	state.sys.Ensure(runtimeDir, 0700)
 	state.sys.UpdatePermType(system.User, runtimeDir, acl.Execute)
 	state.sys.Ensure(runtimeDirInst, 0700)
 	state.sys.UpdatePermType(system.User, runtimeDirInst, acl.Read, acl.Write, acl.Execute)
+
+	if state.et&hst.EWayland != 0 {
+		s.SessionType = sessionTypeWayland
+	} else if state.et&hst.EX11 != 0 {
+		s.SessionType = sessionTypeX11
+	} else {
+		s.SessionType = sessionTypeTTY
+	}
+
 	return nil
 }
 
-func (s spRuntimeOp) toContainer(state *outcomeStateParams) error {
-	const (
-		xdgRuntimeDir   = "XDG_RUNTIME_DIR"
-		xdgSessionClass = "XDG_SESSION_CLASS"
-		xdgSessionType  = "XDG_SESSION_TYPE"
-	)
-
+func (s *spRuntimeOp) toContainer(state *outcomeStateParams) error {
 	state.runtimeDir = fhs.AbsRunUser.Append(state.mapuid.String())
-	state.env[xdgRuntimeDir] = state.runtimeDir.String()
-	state.env[xdgSessionClass] = "user"
-	state.env[xdgSessionType] = "tty"
+	state.env[envXDGRuntimeDir] = state.runtimeDir.String()
+	state.env[envXDGSessionClass] = xdgSessionClassUser
+
+	switch s.SessionType {
+	case sessionTypeUnspec:
+		state.env[envXDGSessionType] = "unspecified"
+	case sessionTypeTTY:
+		state.env[envXDGSessionType] = "tty"
+	case sessionTypeX11:
+		state.env[envXDGSessionType] = "x11"
+	case sessionTypeWayland:
+		state.env[envXDGSessionType] = "wayland"
+
+	}
 
 	_, runtimeDirInst := s.commonPaths(state.outcomeState)
-	state.params.Tmpfs(fhs.AbsRunUser, 1<<12, 0755)
-	state.params.Bind(runtimeDirInst, state.runtimeDir, bits.BindWritable)
+	state.params.
+		Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
+		Bind(runtimeDirInst, state.runtimeDir, bits.BindWritable)
 	return nil
 }
 
-func (s spRuntimeOp) commonPaths(state *outcomeState) (runtimeDir, runtimeDirInst *check.Absolute) {
+func (s *spRuntimeOp) commonPaths(state *outcomeState) (runtimeDir, runtimeDirInst *check.Absolute) {
 	runtimeDir = state.sc.SharePath.Append("runtime")
 	runtimeDirInst = runtimeDir.Append(state.identity.String())
 	return
diff --git a/internal/app/spruntime_test.go b/internal/app/spruntime_test.go
index 2b65048..493e66a 100644
--- a/internal/app/spruntime_test.go
+++ b/internal/app/spruntime_test.go
@@ -17,9 +17,47 @@ func TestSpRuntimeOp(t *testing.T) {
 	config := hst.Template()
 
 	checkOpBehaviour(t, []opBehaviourTestCase{
-		{"success", func(bool, bool) outcomeOp {
-			return spRuntimeOp{}
-		}, hst.Template, nil, []stub.Call{
+		{"success zero", func(isShim bool, clearUnexported bool) outcomeOp {
+			if !isShim {
+				return new(spRuntimeOp)
+			}
+			op := &spRuntimeOp{sessionTypeTTY}
+			if clearUnexported {
+				op.SessionType = sessionTypeUnspec
+			}
+			return op
+		}, func() *hst.Config {
+			c := hst.Template()
+			*c.Enablements = 0
+			return c
+		}, nil, []stub.Call{
+			// this op configures the system state and does not make calls during toSystem
+		}, newI().
+			Ensure(m("/proc/nonexistent/tmp/hakurei.0/runtime"), 0700).
+			UpdatePermType(system.User, m("/proc/nonexistent/tmp/hakurei.0/runtime"), acl.Execute).
+			Ensure(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), 0700).
+			UpdatePermType(system.User, m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), acl.Read, acl.Write, acl.Execute), nil, nil, insertsOps(nil), []stub.Call{
+			// this op configures the container state and does not make calls during toContainer
+		}, &container.Params{
+			Ops: new(container.Ops).
+				Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
+				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), bits.BindWritable),
+		}, paramsWantEnv(config, map[string]string{
+			"XDG_RUNTIME_DIR":   "/run/user/1000",
+			"XDG_SESSION_CLASS": "user",
+			"XDG_SESSION_TYPE":  "unspecified",
+		}, nil), nil},
+
+		{"success tty", func(isShim, _ bool) outcomeOp {
+			if !isShim {
+				return new(spRuntimeOp)
+			}
+			return &spRuntimeOp{sessionTypeTTY}
+		}, func() *hst.Config {
+			c := hst.Template()
+			*c.Enablements = 0
+			return c
+		}, nil, []stub.Call{
 			// this op configures the system state and does not make calls during toSystem
 		}, newI().
 			Ensure(m("/proc/nonexistent/tmp/hakurei.0/runtime"), 0700).
@@ -36,5 +74,55 @@ func TestSpRuntimeOp(t *testing.T) {
 			"XDG_SESSION_CLASS": "user",
 			"XDG_SESSION_TYPE":  "tty",
 		}, nil), nil},
+
+		{"success x11", func(isShim, _ bool) outcomeOp {
+			if !isShim {
+				return new(spRuntimeOp)
+			}
+			return &spRuntimeOp{sessionTypeX11}
+		}, func() *hst.Config {
+			c := hst.Template()
+			*c.Enablements = hst.Enablements(hst.EX11)
+			return c
+		}, nil, []stub.Call{
+			// this op configures the system state and does not make calls during toSystem
+		}, newI().
+			Ensure(m("/proc/nonexistent/tmp/hakurei.0/runtime"), 0700).
+			UpdatePermType(system.User, m("/proc/nonexistent/tmp/hakurei.0/runtime"), acl.Execute).
+			Ensure(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), 0700).
+			UpdatePermType(system.User, m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), acl.Read, acl.Write, acl.Execute), nil, nil, insertsOps(nil), []stub.Call{
+			// this op configures the container state and does not make calls during toContainer
+		}, &container.Params{
+			Ops: new(container.Ops).
+				Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
+				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), bits.BindWritable),
+		}, paramsWantEnv(config, map[string]string{
+			"XDG_RUNTIME_DIR":   "/run/user/1000",
+			"XDG_SESSION_CLASS": "user",
+			"XDG_SESSION_TYPE":  "x11",
+		}, nil), nil},
+
+		{"success", func(isShim, _ bool) outcomeOp {
+			if !isShim {
+				return new(spRuntimeOp)
+			}
+			return &spRuntimeOp{sessionTypeWayland}
+		}, hst.Template, nil, []stub.Call{
+			// this op configures the system state and does not make calls during toSystem
+		}, newI().
+			Ensure(m("/proc/nonexistent/tmp/hakurei.0/runtime"), 0700).
+			UpdatePermType(system.User, m("/proc/nonexistent/tmp/hakurei.0/runtime"), acl.Execute).
+			Ensure(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), 0700).
+			UpdatePermType(system.User, m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), acl.Read, acl.Write, acl.Execute), nil, nil, insertsOps(nil), []stub.Call{
+			// this op configures the container state and does not make calls during toContainer
+		}, &container.Params{
+			Ops: new(container.Ops).
+				Tmpfs(fhs.AbsRunUser, 1<<12, 0755).
+				Bind(m("/proc/nonexistent/tmp/hakurei.0/runtime/9"), m("/run/user/1000"), bits.BindWritable),
+		}, paramsWantEnv(config, map[string]string{
+			"XDG_RUNTIME_DIR":   "/run/user/1000",
+			"XDG_SESSION_CLASS": "user",
+			"XDG_SESSION_TYPE":  "wayland",
+		}, nil), nil},
 	})
 }
diff --git a/test/sandbox/case/device.nix b/test/sandbox/case/device.nix
index a6de9b7..ee90aac 100644
--- a/test/sandbox/case/device.nix
+++ b/test/sandbox/case/device.nix
@@ -46,7 +46,7 @@ in
       "WAYLAND_DISPLAY=wayland-0"
       "XDG_RUNTIME_DIR=/run/user/65534"
       "XDG_SESSION_CLASS=user"
-      "XDG_SESSION_TYPE=tty"
+      "XDG_SESSION_TYPE=wayland"
     ];
 
     fs = fs "dead" {
diff --git a/test/sandbox/case/mapuid.nix b/test/sandbox/case/mapuid.nix
index d507232..22a9a22 100644
--- a/test/sandbox/case/mapuid.nix
+++ b/test/sandbox/case/mapuid.nix
@@ -54,7 +54,7 @@ in
       "WAYLAND_DISPLAY=wayland-0"
       "XDG_RUNTIME_DIR=/run/user/1000"
       "XDG_SESSION_CLASS=user"
-      "XDG_SESSION_TYPE=tty"
+      "XDG_SESSION_TYPE=wayland"
     ];
 
     fs = fs "dead" {
diff --git a/test/sandbox/case/pdlike.nix b/test/sandbox/case/pdlike.nix
index b34c2b8..5bd2019 100644
--- a/test/sandbox/case/pdlike.nix
+++ b/test/sandbox/case/pdlike.nix
@@ -54,7 +54,7 @@ in
       "WAYLAND_DISPLAY=wayland-0"
       "XDG_RUNTIME_DIR=/run/user/65534"
       "XDG_SESSION_CLASS=user"
-      "XDG_SESSION_TYPE=tty"
+      "XDG_SESSION_TYPE=wayland"
     ];
 
     fs = fs "dead" {
diff --git a/test/sandbox/case/preset.nix b/test/sandbox/case/preset.nix
index e6594b3..88ed54b 100644
--- a/test/sandbox/case/preset.nix
+++ b/test/sandbox/case/preset.nix
@@ -54,7 +54,7 @@ in
       "WAYLAND_DISPLAY=wayland-0"
       "XDG_RUNTIME_DIR=/run/user/65534"
       "XDG_SESSION_CLASS=user"
-      "XDG_SESSION_TYPE=tty"
+      "XDG_SESSION_TYPE=wayland"
     ];
 
     fs = fs "dead" {
diff --git a/test/sandbox/case/tty.nix b/test/sandbox/case/tty.nix
index 5ee7f64..de9e753 100644
--- a/test/sandbox/case/tty.nix
+++ b/test/sandbox/case/tty.nix
@@ -55,7 +55,7 @@ in
       "WAYLAND_DISPLAY=wayland-0"
       "XDG_RUNTIME_DIR=/run/user/65534"
       "XDG_SESSION_CLASS=user"
-      "XDG_SESSION_TYPE=tty"
+      "XDG_SESSION_TYPE=wayland"
     ];
 
     fs = fs "dead" {