system: optimise string formatting
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -45,7 +45,7 @@ var testCasesNixos = []sealTestCase{
|
||||
Call: map[string]string{}, Broadcast: map[string]string{},
|
||||
Filter: true,
|
||||
},
|
||||
Enablements: system.EWayland.Mask() | system.EDBus.Mask() | system.EPulse.Mask(),
|
||||
Enablements: system.EWayland | system.EDBus | system.EPulse,
|
||||
},
|
||||
},
|
||||
fst.ID{
|
||||
|
||||
@@ -196,7 +196,7 @@ var testCasesPd = []sealTestCase{
|
||||
},
|
||||
Filter: true,
|
||||
},
|
||||
Enablements: system.EWayland.Mask() | system.EDBus.Mask() | system.EPulse.Mask(),
|
||||
Enablements: system.EWayland | system.EDBus | system.EPulse,
|
||||
},
|
||||
},
|
||||
fst.ID{
|
||||
|
||||
@@ -5,7 +5,6 @@ import (
|
||||
"errors"
|
||||
"log"
|
||||
"os/exec"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.gensokyo.uk/security/fortify/fst"
|
||||
@@ -54,17 +53,16 @@ func (seal *outcome) Run(rs *fst.RunState) error {
|
||||
revert app setup transaction
|
||||
*/
|
||||
|
||||
rt, ec := new(system.Enablements), new(system.Criteria)
|
||||
ec.Enablements = new(system.Enablements)
|
||||
ec.Set(system.Process)
|
||||
var rt system.Enablement
|
||||
ec := system.Process
|
||||
if states, err := c.Load(); err != nil {
|
||||
// revert per-process state here to limit damage
|
||||
storeErr.OpErr = err
|
||||
return seal.sys.Revert(ec)
|
||||
return seal.sys.Revert((*system.Criteria)(&ec))
|
||||
} else {
|
||||
if l := len(states); l == 0 {
|
||||
fmsg.Verbose("no other launchers active, will clean up globals")
|
||||
ec.Set(system.User)
|
||||
ec |= system.User
|
||||
} else {
|
||||
fmsg.Verbosef("found %d active launchers, cleaning up without globals", l)
|
||||
}
|
||||
@@ -72,31 +70,20 @@ func (seal *outcome) Run(rs *fst.RunState) error {
|
||||
// accumulate enablements of remaining launchers
|
||||
for i, s := range states {
|
||||
if s.Config != nil {
|
||||
*rt |= s.Config.Confinement.Enablements
|
||||
rt |= s.Config.Confinement.Enablements
|
||||
} else {
|
||||
log.Printf("state entry %d does not contain config", i)
|
||||
}
|
||||
}
|
||||
}
|
||||
// invert accumulated enablements for cleanup
|
||||
for i := system.Enablement(0); i < system.Enablement(system.ELen); i++ {
|
||||
if !rt.Has(i) {
|
||||
ec.Set(i)
|
||||
}
|
||||
}
|
||||
ec |= rt ^ (system.EWayland | system.EX11 | system.EDBus | system.EPulse)
|
||||
if fmsg.Load() {
|
||||
labels := make([]string, 0, system.ELen+1)
|
||||
for i := system.Enablement(0); i < system.Enablement(system.ELen+2); i++ {
|
||||
if ec.Has(i) {
|
||||
labels = append(labels, system.TypeString(i))
|
||||
}
|
||||
}
|
||||
if len(labels) > 0 {
|
||||
fmsg.Verbose("reverting operations type", strings.Join(labels, ", "))
|
||||
if ec > 0 {
|
||||
fmsg.Verbose("reverting operations type", system.TypeString(ec))
|
||||
}
|
||||
}
|
||||
|
||||
return seal.sys.Revert(ec)
|
||||
return seal.sys.Revert((*system.Criteria)(&ec))
|
||||
}()
|
||||
})
|
||||
storeErr.save([]error{revertErr, store.Close()})
|
||||
|
||||
@@ -224,7 +224,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co
|
||||
conf.Cover = append(conf.Cover, nscd)
|
||||
}
|
||||
// bind GPU stuff
|
||||
if config.Confinement.Enablements.Has(system.EX11) || config.Confinement.Enablements.Has(system.EWayland) {
|
||||
if config.Confinement.Enablements&(system.EX11|system.EWayland) != 0 {
|
||||
conf.Filesystem = append(conf.Filesystem, &fst.FilesystemConfig{Src: "/dev/dri", Device: true})
|
||||
}
|
||||
// opportunistically bind kvm
|
||||
@@ -338,7 +338,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co
|
||||
seal.env[term] = t
|
||||
}
|
||||
|
||||
if config.Confinement.Enablements.Has(system.EWayland) {
|
||||
if config.Confinement.Enablements&system.EWayland != 0 {
|
||||
// outer wayland socket (usually `/run/user/%d/wayland-%d`)
|
||||
var socketPath string
|
||||
if name, ok := sys.LookupEnv(wl.WaylandDisplay); !ok {
|
||||
@@ -371,7 +371,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co
|
||||
}
|
||||
}
|
||||
|
||||
if config.Confinement.Enablements.Has(system.EX11) {
|
||||
if config.Confinement.Enablements&system.EX11 != 0 {
|
||||
if d, ok := sys.LookupEnv(display); !ok {
|
||||
return fmsg.WrapError(ErrXDisplay,
|
||||
"DISPLAY is not set")
|
||||
@@ -386,7 +386,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co
|
||||
PulseAudio server and authentication
|
||||
*/
|
||||
|
||||
if config.Confinement.Enablements.Has(system.EPulse) {
|
||||
if config.Confinement.Enablements&system.EPulse != 0 {
|
||||
// PulseAudio runtime directory (usually `/run/user/%d/pulse`)
|
||||
pulseRuntimeDir := path.Join(sc.RuntimePath, "pulse")
|
||||
// PulseAudio socket (usually `/run/user/%d/pulse/native`)
|
||||
@@ -439,7 +439,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co
|
||||
D-Bus proxy
|
||||
*/
|
||||
|
||||
if config.Confinement.Enablements.Has(system.EDBus) {
|
||||
if config.Confinement.Enablements&system.EDBus != 0 {
|
||||
// ensure dbus session bus defaults
|
||||
if config.Confinement.SessionBus == nil {
|
||||
config.Confinement.SessionBus = dbus.NewConfig(config.ID, true, true)
|
||||
|
||||
Reference in New Issue
Block a user