app: integrate fsu

This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>

internal/app/system.go

@@ -1,8 +1,6 @@
 package app
 
 import (
-	"os/user"
-
 	"git.ophivana.moe/security/fortify/dbus"
 	"git.ophivana.moe/security/fortify/helper/bwrap"
 	"git.ophivana.moe/security/fortify/internal/linux"
@@ -18,7 +16,7 @@ type appSealSys struct {
 	// default formatted XDG_RUNTIME_DIR of User
 	runtime string
 	// target user sealed from config
-	user *user.User
+	user appUser
 
 	// mapped uid and gid in user namespace
 	mappedID int
@@ -32,6 +30,26 @@ type appSealSys struct {
 	// protected by upstream mutex
 }
 
+type appUser struct {
+	// full uid resolved by fsu
+	uid int
+	// string representation of uid
+	us string
+
+	// supplementary group ids
+	supp []string
+
+	// application id
+	aid int
+	// string representation of aid
+	as string
+
+	// app user home directory
+	home string
+	// passwd database username
+	username string
+}
+
 // shareAll calls all share methods in sequence
 func (seal *appSeal) shareAll(bus [2]*dbus.Config, os linux.System) error {
 	if seal.shared {