security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

priv/shim: move /sbin/init setup to app
All checks were successful
Test / Create distribution (push) Successful in 49s
Details
Test / Run NixOS test (push) Successful in 3m36s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-02-15 02:56:08 +09:00
parent a0062d8275
commit ea8d1c07df
7 changed files with 24 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/priv/shim/main.go
View File

@@ -121,21 +121,12 @@ func Main() {
}()
}
// bind fortify inside sandbox
var (
innerSbin = path.Join(fst.Tmp, "sbin")
innerFortify = path.Join(innerSbin, "fortify")
innerInit = path.Join(innerSbin, "init")
)
conf.Bind(proc.MustExecutable(), innerFortify)
conf.Symlink("fortify", innerInit)
helper.BubblewrapName = payload.Exec[0] // resolved bwrap path by parent
if fmsg.Verbose() {
seccomp.CPrintln = fmsg.Println
}
if b, err := helper.NewBwrap(
conf, innerInit,
conf, path.Join(fst.Tmp, "sbin/init"),
nil, func(int, int) []string { return make([]string, 0) },
extraFiles,
syncFd,