diff --git a/.gitignore b/.gitignore index 2b91571..89781e7 100644 --- a/.gitignore +++ b/.gitignore @@ -27,6 +27,7 @@ go.work.sum # go generate security-context-v1-protocol.* +/cmd/hakurei/LICENSE # release /dist/hakurei-* \ No newline at end of file diff --git a/LICENSE b/LICENSE index b1d4760..7f53ce8 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2024 Ophestra Umiker +Copyright (c) 2024-2025 Ophestra Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: diff --git a/internal/app/app.go b/cmd/hakurei/internal/app/app.go similarity index 75% rename from internal/app/app.go rename to cmd/hakurei/internal/app/app.go index 902df10..94b4907 100644 --- a/internal/app/app.go +++ b/cmd/hakurei/internal/app/app.go @@ -47,13 +47,3 @@ func (rs *RunState) SetStart() { now := time.Now().UTC() rs.Time = &now } - -// Paths contains environment-dependent paths used by hakurei. -type Paths struct { - // path to shared directory (usually `/tmp/hakurei.%d`) - SharePath string `json:"share_path"` - // XDG_RUNTIME_DIR value (usually `/run/user/%d`) - RuntimePath string `json:"runtime_path"` - // application runtime directory (usually `/run/user/%d/hakurei`) - RunDirPath string `json:"run_dir_path"` -} diff --git a/internal/app/id.go b/cmd/hakurei/internal/app/id.go similarity index 100% rename from internal/app/id.go rename to cmd/hakurei/internal/app/id.go diff --git a/internal/app/id_test.go b/cmd/hakurei/internal/app/id_test.go similarity index 96% rename from internal/app/id_test.go rename to cmd/hakurei/internal/app/id_test.go index f8acdab..232421d 100644 --- a/internal/app/id_test.go +++ b/cmd/hakurei/internal/app/id_test.go @@ -4,7 +4,7 @@ import ( "errors" "testing" - . "git.gensokyo.uk/security/hakurei/internal/app" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" ) func TestParseAppID(t *testing.T) { diff --git a/internal/app/instance/common/container.go b/cmd/hakurei/internal/app/instance/common/container.go similarity index 100% rename from internal/app/instance/common/container.go rename to cmd/hakurei/internal/app/instance/common/container.go diff --git a/internal/app/instance/common/path.go b/cmd/hakurei/internal/app/instance/common/path.go similarity index 100% rename from internal/app/instance/common/path.go rename to cmd/hakurei/internal/app/instance/common/path.go diff --git a/internal/app/instance/common/path_test.go b/cmd/hakurei/internal/app/instance/common/path_test.go similarity index 100% rename from internal/app/instance/common/path_test.go rename to cmd/hakurei/internal/app/instance/common/path_test.go diff --git a/internal/app/instance/errors.go b/cmd/hakurei/internal/app/instance/errors.go similarity index 63% rename from internal/app/instance/errors.go rename to cmd/hakurei/internal/app/instance/errors.go index 51d9cdb..9e67208 100644 --- a/internal/app/instance/errors.go +++ b/cmd/hakurei/internal/app/instance/errors.go @@ -3,8 +3,8 @@ package instance import ( "syscall" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" ) func PrintRunStateErr(whence int, rs *app.RunState, runErr error) (code int) { diff --git a/internal/app/instance/new.go b/cmd/hakurei/internal/app/instance/new.go similarity index 81% rename from internal/app/instance/new.go rename to cmd/hakurei/internal/app/instance/new.go index d1a6230..4c4a9c6 100644 --- a/internal/app/instance/new.go +++ b/cmd/hakurei/internal/app/instance/new.go @@ -6,8 +6,8 @@ import ( "log" "syscall" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" "git.gensokyo.uk/security/hakurei/internal/sys" ) diff --git a/internal/app/instance/shim.go b/cmd/hakurei/internal/app/instance/shim.go similarity index 64% rename from internal/app/instance/shim.go rename to cmd/hakurei/internal/app/instance/shim.go index 8147b7c..b10fae1 100644 --- a/internal/app/instance/shim.go +++ b/cmd/hakurei/internal/app/instance/shim.go @@ -1,6 +1,6 @@ package instance -import "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" +import "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" // ShimMain is the main function of the shim process and runs as the unconstrained target user. func ShimMain() { setuid.ShimMain() } diff --git a/internal/app/internal/setuid/app.go b/cmd/hakurei/internal/app/internal/setuid/app.go similarity index 95% rename from internal/app/internal/setuid/app.go rename to cmd/hakurei/internal/app/internal/setuid/app.go index 92c90fb..b06c3b0 100644 --- a/internal/app/internal/setuid/app.go +++ b/cmd/hakurei/internal/app/internal/setuid/app.go @@ -5,8 +5,8 @@ import ( "fmt" "sync" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/hst" - . "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/hlog" "git.gensokyo.uk/security/hakurei/internal/sys" ) diff --git a/internal/app/internal/setuid/app_nixos_test.go b/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go similarity index 99% rename from internal/app/internal/setuid/app_nixos_test.go rename to cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go index a516252..6dd01e9 100644 --- a/internal/app/internal/setuid/app_nixos_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go @@ -2,9 +2,9 @@ package setuid_test import ( "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/sandbox/seccomp" "git.gensokyo.uk/security/hakurei/system" diff --git a/internal/app/internal/setuid/app_pd_test.go b/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go similarity index 99% rename from internal/app/internal/setuid/app_pd_test.go rename to cmd/hakurei/internal/app/internal/setuid/app_pd_test.go index 7513301..49759aa 100644 --- a/internal/app/internal/setuid/app_pd_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go @@ -4,9 +4,9 @@ import ( "os" "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/sandbox/seccomp" "git.gensokyo.uk/security/hakurei/system" diff --git a/internal/app/internal/setuid/app_stub_test.go b/cmd/hakurei/internal/app/internal/setuid/app_stub_test.go similarity index 97% rename from internal/app/internal/setuid/app_stub_test.go rename to cmd/hakurei/internal/app/internal/setuid/app_stub_test.go index 690948f..f3b851d 100644 --- a/internal/app/internal/setuid/app_stub_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_stub_test.go @@ -7,7 +7,7 @@ import ( "os/user" "strconv" - "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/hst" ) // fs methods are not implemented using a real FS @@ -125,8 +125,8 @@ func (s *stubNixOS) Open(name string) (fs.File, error) { } } -func (s *stubNixOS) Paths() app.Paths { - return app.Paths{ +func (s *stubNixOS) Paths() hst.Paths { + return hst.Paths{ SharePath: "/tmp/hakurei.1971", RuntimePath: "/run/user/1971", RunDirPath: "/run/user/1971/hakurei", diff --git a/internal/app/internal/setuid/app_test.go b/cmd/hakurei/internal/app/internal/setuid/app_test.go similarity index 95% rename from internal/app/internal/setuid/app_test.go rename to cmd/hakurei/internal/app/internal/setuid/app_test.go index 82df7c3..072f4c1 100644 --- a/internal/app/internal/setuid/app_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_test.go @@ -7,9 +7,9 @@ import ( "testing" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/internal/setuid" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" "git.gensokyo.uk/security/hakurei/internal/sys" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/system" diff --git a/internal/app/internal/setuid/errors.go b/cmd/hakurei/internal/app/internal/setuid/errors.go similarity index 98% rename from internal/app/internal/setuid/errors.go rename to cmd/hakurei/internal/app/internal/setuid/errors.go index cce96c4..bb7dd89 100644 --- a/internal/app/internal/setuid/errors.go +++ b/cmd/hakurei/internal/app/internal/setuid/errors.go @@ -4,7 +4,7 @@ import ( "errors" "log" - . "git.gensokyo.uk/security/hakurei/internal/app" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/hlog" ) diff --git a/internal/app/internal/setuid/export_test.go b/cmd/hakurei/internal/app/internal/setuid/export_test.go similarity index 88% rename from internal/app/internal/setuid/export_test.go rename to cmd/hakurei/internal/app/internal/setuid/export_test.go index 1a7f970..2606fc7 100644 --- a/internal/app/internal/setuid/export_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/export_test.go @@ -1,7 +1,7 @@ package setuid import ( - . "git.gensokyo.uk/security/hakurei/internal/app" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/sys" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/system" diff --git a/internal/app/internal/setuid/process.go b/cmd/hakurei/internal/app/internal/setuid/process.go similarity index 97% rename from internal/app/internal/setuid/process.go rename to cmd/hakurei/internal/app/internal/setuid/process.go index 8779d65..c5597d1 100644 --- a/internal/app/internal/setuid/process.go +++ b/cmd/hakurei/internal/app/internal/setuid/process.go @@ -12,10 +12,10 @@ import ( "syscall" "time" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/internal" - . "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/hlog" - "git.gensokyo.uk/security/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/system" ) diff --git a/internal/app/internal/setuid/seal.go b/cmd/hakurei/internal/app/internal/setuid/seal.go similarity index 98% rename from internal/app/internal/setuid/seal.go rename to cmd/hakurei/internal/app/internal/setuid/seal.go index 69b242a..2ec2610 100644 --- a/internal/app/internal/setuid/seal.go +++ b/cmd/hakurei/internal/app/internal/setuid/seal.go @@ -17,11 +17,11 @@ import ( "syscall" "git.gensokyo.uk/security/hakurei/acl" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance/common" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal" - . "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/instance/common" "git.gensokyo.uk/security/hakurei/internal/hlog" "git.gensokyo.uk/security/hakurei/internal/sys" "git.gensokyo.uk/security/hakurei/sandbox" @@ -97,7 +97,7 @@ type shareHost struct { runtimeSharePath string seal *outcome - sc Paths + sc hst.Paths } // ensureRuntimeDir must be called if direct access to paths within XDG_RUNTIME_DIR is required @@ -183,7 +183,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co if seal.user.username == "" { seal.user.username = "chronos" } else if !posixUsername.MatchString(seal.user.username) || - len(seal.user.username) >= internal.Sysconf_SC_LOGIN_NAME_MAX() { + len(seal.user.username) >= internal.Sysconf(internal.SC_LOGIN_NAME_MAX) { return hlog.WrapErr(ErrName, fmt.Sprintf("invalid user name %q", seal.user.username)) } diff --git a/internal/app/internal/setuid/shim.go b/cmd/hakurei/internal/app/internal/setuid/shim.go similarity index 99% rename from internal/app/internal/setuid/shim.go rename to cmd/hakurei/internal/app/internal/setuid/shim.go index 100cf1c..1646cd5 100644 --- a/internal/app/internal/setuid/shim.go +++ b/cmd/hakurei/internal/app/internal/setuid/shim.go @@ -104,7 +104,7 @@ func ShimMain() { log.Fatalf("cannot receive shim setup params: %v", err) } else { - internal.InstallFmsg(params.Verbose) + internal.InstallOutput(params.Verbose) closeSetup = f // the Go runtime does not expose siginfo_t so SIGCONT is handled in C to check si_pid diff --git a/internal/app/internal/setuid/strings.go b/cmd/hakurei/internal/app/internal/setuid/strings.go similarity index 87% rename from internal/app/internal/setuid/strings.go rename to cmd/hakurei/internal/app/internal/setuid/strings.go index 7e9df5f..6521def 100644 --- a/internal/app/internal/setuid/strings.go +++ b/cmd/hakurei/internal/app/internal/setuid/strings.go @@ -3,7 +3,7 @@ package setuid import ( "strconv" - . "git.gensokyo.uk/security/hakurei/internal/app" + . "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" ) func newInt(v int) *stringPair[int] { return &stringPair[int]{v, strconv.Itoa(v)} } diff --git a/internal/state/join.go b/cmd/hakurei/internal/state/join.go similarity index 100% rename from internal/state/join.go rename to cmd/hakurei/internal/state/join.go diff --git a/internal/state/multi.go b/cmd/hakurei/internal/state/multi.go similarity index 99% rename from internal/state/multi.go rename to cmd/hakurei/internal/state/multi.go index fac5b38..cd66c8c 100644 --- a/internal/state/multi.go +++ b/cmd/hakurei/internal/state/multi.go @@ -13,8 +13,8 @@ import ( "sync" "syscall" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/hlog" ) diff --git a/cmd/hakurei/internal/state/multi_test.go b/cmd/hakurei/internal/state/multi_test.go new file mode 100644 index 0000000..6097b0a --- /dev/null +++ b/cmd/hakurei/internal/state/multi_test.go @@ -0,0 +1,9 @@ +package state_test + +import ( + "testing" + + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" +) + +func TestMulti(t *testing.T) { testStore(t, state.NewMulti(t.TempDir())) } diff --git a/internal/state/state.go b/cmd/hakurei/internal/state/state.go similarity index 95% rename from internal/state/state.go rename to cmd/hakurei/internal/state/state.go index 0c07b37..ad92ff0 100644 --- a/internal/state/state.go +++ b/cmd/hakurei/internal/state/state.go @@ -5,8 +5,8 @@ import ( "io" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" ) var ErrNoConfig = errors.New("state does not contain config") diff --git a/internal/state/state_test.go b/cmd/hakurei/internal/state/state_test.go similarity index 96% rename from internal/state/state_test.go rename to cmd/hakurei/internal/state/state_test.go index caf5c43..6c49fc4 100644 --- a/internal/state/state_test.go +++ b/cmd/hakurei/internal/state/state_test.go @@ -10,9 +10,9 @@ import ( "testing" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/state" ) func testStore(t *testing.T, s state.Store) { diff --git a/main.go b/cmd/hakurei/main.go similarity index 95% rename from main.go rename to cmd/hakurei/main.go index e5f54ee..143ce9c 100644 --- a/main.go +++ b/cmd/hakurei/main.go @@ -1,5 +1,8 @@ package main +// this works around go:embed '..' limitation +//go:generate cp ../../LICENSE . + import ( "context" _ "embed" @@ -15,14 +18,14 @@ import ( "syscall" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app/instance" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/command" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/app/instance" "git.gensokyo.uk/security/hakurei/internal/hlog" - "git.gensokyo.uk/security/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/internal/sys" "git.gensokyo.uk/security/hakurei/sandbox" "git.gensokyo.uk/security/hakurei/system" @@ -41,7 +44,7 @@ var std sys.State = new(sys.Std) func main() { // early init path, skips root check and duplicate PR_SET_DUMPABLE - sandbox.TryArgv0(hlog.Output{}, hlog.Prepare, internal.InstallFmsg) + sandbox.TryArgv0(hlog.Output{}, hlog.Prepare, internal.InstallOutput) if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil { log.Printf("cannot set SUID_DUMP_DISABLE: %s", err) @@ -67,7 +70,7 @@ func buildCommand(out io.Writer) command.Command { flagVerbose bool flagJSON bool ) - c := command.New(out, log.Printf, "hakurei", func([]string) error { internal.InstallFmsg(flagVerbose); return nil }). + c := command.New(out, log.Printf, "hakurei", func([]string) error { internal.InstallOutput(flagVerbose); return nil }). Flag(&flagVerbose, "v", command.BoolFlag(false), "Increase log verbosity"). Flag(&flagJSON, "json", command.BoolFlag(false), "Serialise output in JSON when applicable") diff --git a/main_test.go b/cmd/hakurei/main_test.go similarity index 100% rename from main_test.go rename to cmd/hakurei/main_test.go diff --git a/parse.go b/cmd/hakurei/parse.go similarity index 97% rename from parse.go rename to cmd/hakurei/parse.go index 2e7f507..aee71c2 100644 --- a/parse.go +++ b/cmd/hakurei/parse.go @@ -10,9 +10,9 @@ import ( "strings" "syscall" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal/hlog" - "git.gensokyo.uk/security/hakurei/internal/state" ) func tryPath(name string) (config *hst.Config) { diff --git a/print.go b/cmd/hakurei/print.go similarity index 99% rename from print.go rename to cmd/hakurei/print.go index 4227d46..5df2e0c 100644 --- a/print.go +++ b/cmd/hakurei/print.go @@ -12,10 +12,10 @@ import ( "text/tabwriter" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal/hlog" - "git.gensokyo.uk/security/hakurei/internal/state" ) func printShowSystem(output io.Writer, short, flagJSON bool) { diff --git a/print_test.go b/cmd/hakurei/print_test.go similarity index 99% rename from print_test.go rename to cmd/hakurei/print_test.go index 012a48d..d0cf163 100644 --- a/print_test.go +++ b/cmd/hakurei/print_test.go @@ -5,10 +5,10 @@ import ( "testing" "time" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/state" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/internal/app" - "git.gensokyo.uk/security/hakurei/internal/state" ) var ( diff --git a/cmd/planterette/main.go b/cmd/planterette/main.go index 8988d27..a9f45d8 100644 --- a/cmd/planterette/main.go +++ b/cmd/planterette/main.go @@ -42,7 +42,7 @@ func main() { flagVerbose bool flagDropShell bool ) - c := command.New(os.Stderr, log.Printf, "planterette", func([]string) error { internal.InstallFmsg(flagVerbose); return nil }). + c := command.New(os.Stderr, log.Printf, "planterette", func([]string) error { internal.InstallOutput(flagVerbose); return nil }). Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console"). Flag(&flagDropShell, "s", command.BoolFlag(false), "Drop to a shell in place of next hakurei action") diff --git a/dbus/dbus_test.go b/dbus/dbus_test.go index 77a3e4f..8965e0f 100644 --- a/dbus/dbus_test.go +++ b/dbus/dbus_test.go @@ -209,5 +209,5 @@ func TestHelperInit(t *testing.T) { return } sandbox.SetOutput(hlog.Output{}) - sandbox.Init(hlog.Prepare, internal.InstallFmsg) + sandbox.Init(hlog.Prepare, internal.InstallOutput) } diff --git a/helper/container_test.go b/helper/container_test.go index c6341c6..e8ee7f3 100644 --- a/helper/container_test.go +++ b/helper/container_test.go @@ -53,5 +53,5 @@ func TestHelperInit(t *testing.T) { return } sandbox.SetOutput(hlog.Output{}) - sandbox.Init(hlog.Prepare, func(bool) { internal.InstallFmsg(false) }) + sandbox.Init(hlog.Prepare, func(bool) { internal.InstallOutput(false) }) } diff --git a/hst/paths.go b/hst/paths.go new file mode 100644 index 0000000..31c14df --- /dev/null +++ b/hst/paths.go @@ -0,0 +1,11 @@ +package hst + +// Paths contains environment-dependent paths used by hakurei. +type Paths struct { + // path to shared directory (usually `/tmp/hakurei.%d`) + SharePath string `json:"share_path"` + // XDG_RUNTIME_DIR value (usually `/run/user/%d`) + RuntimePath string `json:"runtime_path"` + // application runtime directory (usually `/run/user/%d/hakurei`) + RunDirPath string `json:"run_dir_path"` +} diff --git a/internal/output.go b/internal/output.go index a00cc21..36eb810 100644 --- a/internal/output.go +++ b/internal/output.go @@ -6,7 +6,7 @@ import ( "git.gensokyo.uk/security/hakurei/system" ) -func InstallFmsg(verbose bool) { +func InstallOutput(verbose bool) { hlog.Store(verbose) sandbox.SetOutput(hlog.Output{}) system.SetOutput(hlog.Output{}) diff --git a/internal/state/multi_test.go b/internal/state/multi_test.go deleted file mode 100644 index 2549034..0000000 --- a/internal/state/multi_test.go +++ /dev/null @@ -1,11 +0,0 @@ -package state_test - -import ( - "testing" - - "git.gensokyo.uk/security/hakurei/internal/state" -) - -func TestMulti(t *testing.T) { - testStore(t, state.NewMulti(t.TempDir())) -} diff --git a/internal/sys/interface.go b/internal/sys/interface.go index 57c5a7e..06cb450 100644 --- a/internal/sys/interface.go +++ b/internal/sys/interface.go @@ -1,3 +1,4 @@ +// Package sys wraps OS interaction library functions. package sys import ( @@ -6,7 +7,7 @@ import ( "path" "strconv" - "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal/hlog" ) @@ -40,15 +41,15 @@ type State interface { Println(v ...any) Printf(format string, v ...any) - // Paths returns a populated [Paths] struct. - Paths() app.Paths + // Paths returns a populated [hst.Paths] struct. + Paths() hst.Paths // Uid invokes hsu and returns target uid. // Any errors returned by Uid is already wrapped [fmsg.BaseError]. Uid(aid int) (int, error) } // CopyPaths is a generic implementation of [hst.Paths]. -func CopyPaths(os State, v *app.Paths) { +func CopyPaths(os State, v *hst.Paths) { v.SharePath = path.Join(os.TempDir(), "hakurei."+strconv.Itoa(os.Getuid())) hlog.Verbosef("process share directory at %q", v.SharePath) diff --git a/internal/sys/std.go b/internal/sys/std.go index 6db4bae..c3913a7 100644 --- a/internal/sys/std.go +++ b/internal/sys/std.go @@ -12,15 +12,15 @@ import ( "sync" "syscall" + "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal" - "git.gensokyo.uk/security/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/internal/hlog" "git.gensokyo.uk/security/hakurei/sandbox" ) // Std implements System using the standard library. type Std struct { - paths app.Paths + paths hst.Paths pathsOnce sync.Once uidOnce sync.Once @@ -48,7 +48,7 @@ func (s *Std) Printf(format string, v ...any) { hlog.Verbosef(form const xdgRuntimeDir = "XDG_RUNTIME_DIR" -func (s *Std) Paths() app.Paths { +func (s *Std) Paths() hst.Paths { s.pathsOnce.Do(func() { CopyPaths(s, &s.paths) }) return s.paths } diff --git a/internal/sysconf.go b/internal/sysconf.go index 03b236f..712dce7 100644 --- a/internal/sysconf.go +++ b/internal/sysconf.go @@ -3,4 +3,6 @@ package internal //#include import "C" -func Sysconf_SC_LOGIN_NAME_MAX() int { return int(C.sysconf(C._SC_LOGIN_NAME_MAX)) } +const SC_LOGIN_NAME_MAX = C._SC_LOGIN_NAME_MAX + +func Sysconf(name C.int) int { return int(C.sysconf(name)) } diff --git a/sandbox/container_test.go b/sandbox/container_test.go index d7b774f..72c5069 100644 --- a/sandbox/container_test.go +++ b/sandbox/container_test.go @@ -30,7 +30,7 @@ func TestContainer(t *testing.T) { { oldVerbose := hlog.Load() oldOutput := sandbox.GetOutput() - internal.InstallFmsg(true) + internal.InstallOutput(true) t.Cleanup(func() { hlog.Store(oldVerbose) }) t.Cleanup(func() { sandbox.SetOutput(oldOutput) }) } @@ -202,7 +202,7 @@ func TestHelperInit(t *testing.T) { return } sandbox.SetOutput(hlog.Output{}) - sandbox.Init(hlog.Prepare, internal.InstallFmsg) + sandbox.Init(hlog.Prepare, internal.InstallOutput) } func TestHelperCheckContainer(t *testing.T) {