seccomp: install output atomically

Signed-off-by: Ophestra <cat@gensokyo.uk>

internal/app/shim/main.go

@@ -17,7 +17,6 @@ import (
 	"git.gensokyo.uk/security/fortify/internal"
 	"git.gensokyo.uk/security/fortify/internal/app/init0"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
-	"git.gensokyo.uk/security/fortify/seccomp"
 )
 
 // everything beyond this point runs as unconstrained target user
@@ -48,7 +47,7 @@ func Main() {
 
 		log.Fatalf("cannot decode shim setup payload: %v", err)
 	} else {
-		fmsg.Store(payload.Verbose)
+		internal.InstallFmsg(payload.Verbose)
 		closeSetup = f
 	}
 
@@ -121,9 +120,6 @@ func Main() {
 	}
 
 	helper.BubblewrapName = payload.Exec[0] // resolved bwrap path by parent
-	if fmsg.Load() {
-		seccomp.CPrintln = log.Println
-	}
 
 	ctx, stop := signal.NotifyContext(context.Background(), os.Interrupt, syscall.SIGTERM)
 	defer stop() // unreachable

internal/output.go

@@ -0,0 +1,13 @@
+package internal
+
+import (
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
+	"git.gensokyo.uk/security/fortify/seccomp"
+)
+
+func InstallFmsg(verbose bool) {
+	fmsg.Store(verbose)
+	if verbose {
+		seccomp.SetOutput(fmsg.Verbose)
+	}
+}

internal/sandbox/init.go

@@ -72,11 +72,8 @@ func Init(exit func(code int)) {
 			log.Fatal("invalid setup parameters")
 		}
 
-		fmsg.Store(params.Verbose)
+		internal.InstallFmsg(params.Verbose)
 		fmsg.Verbose("received setup parameters")
-		if params.Verbose {
-			seccomp.CPrintln = fmsg.Verbose
-		}
 		closeSetup = f
 		offsetSetup = int(setupFile.Fd() + 1)
 	}