cmd/hakurei: exec instead of fork/exec from shell

There is no reason to keep the shell process around. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-12-08 22:29:41 +09:00 · 2025-12-08 22:29:41 +09:00 · d5fb179012
commit d5fb179012
parent 462863e290
4 changed files with 4 additions and 3 deletions
--- a/cmd/hakurei/command.go
+++ b/cmd/hakurei/command.go
@ -191,7 +191,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
 			if flagPulse {
 				config.Container.Filesystem = append(config.Container.Filesystem, hst.FilesystemConfigJSON{FilesystemConfig: &hst.FSDaemon{
 					Target: fhs.AbsRunUser.Append(strconv.Itoa(container.OverflowUid(msg)), "pulse/native"),
-					Exec:   shell, Args: []string{"-lc", "pipewire-pulse"},
+					Exec:   shell, Args: []string{"-lc", "exec pipewire-pulse"},
 				}})
 			}

--- a/nixos.nix
+++ b/nixos.nix
@ -202,7 +202,7 @@ in
                          path = cfg.shell;
                          args = [
                            "-lc"
-                            "pipewire-pulse"
+                            "exec pipewire-pulse"
                          ];
                        }
                        ++ [
--- a/test/interactive/hakurei.nix
+++ b/test/interactive/hakurei.nix
@ -37,7 +37,7 @@
            path = "/bin/sh";
            args = [
              "-lc"
-              "sleep 1 && false"
+              "sleep 1 && exec false"
            ];
          }
        ];
--- a/test/test.py
+++ b/test/test.py
@ -233,6 +233,7 @@ collect_state_ui("pipewire_wayland")
 machine.send_chars("exit\n")
 machine.wait_until_fails("pgrep foot", timeout=5)
 # Test PipeWire SecurityContext:
+machine.succeed("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 hakurei -v run --pulse pactl info")
 machine.fail("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 hakurei -v run --pulse pactl set-sink-mute @DEFAULT_SINK@ toggle")

 # Test XWayland (foot does not support X):