hst/config: hold acl struct by value
All checks were successful
Test / Create distribution (push) Successful in 34s
Test / Sandbox (race detector) (push) Successful in 4m6s
Test / Hpkg (push) Successful in 4m12s
Test / Hakurei (race detector) (push) Successful in 4m46s
Test / Sandbox (push) Successful in 1m22s
Test / Hakurei (push) Successful in 2m18s
Test / Flake checks (push) Successful in 1m37s
All checks were successful
Test / Create distribution (push) Successful in 34s
Test / Sandbox (race detector) (push) Successful in 4m6s
Test / Hpkg (push) Successful in 4m12s
Test / Hakurei (race detector) (push) Successful in 4m46s
Test / Sandbox (push) Successful in 1m22s
Test / Hakurei (push) Successful in 2m18s
Test / Flake checks (push) Successful in 1m37s
Doc comments are also reworded for clarity. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -26,8 +26,8 @@ type Config struct {
|
||||
// and the bare socket is made available to the container.
|
||||
DirectWayland bool `json:"direct_wayland,omitempty"`
|
||||
|
||||
// Extra acl update ops to perform before setuid.
|
||||
ExtraPerms []*ExtraPermConfig `json:"extra_perms,omitempty"`
|
||||
// Extra acl updates to perform before setuid.
|
||||
ExtraPerms []ExtraPermConfig `json:"extra_perms,omitempty"`
|
||||
|
||||
// Numerical application id, passed to hsu, used to derive init user namespace credentials.
|
||||
Identity int `json:"identity"`
|
||||
@@ -86,15 +86,21 @@ func (config *Config) Validate() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// ExtraPermConfig describes an acl update op.
|
||||
// ExtraPermConfig describes an acl update to perform before setuid.
|
||||
type ExtraPermConfig struct {
|
||||
Ensure bool `json:"ensure,omitempty"`
|
||||
Path *check.Absolute `json:"path"`
|
||||
Read bool `json:"r,omitempty"`
|
||||
Write bool `json:"w,omitempty"`
|
||||
Execute bool `json:"x,omitempty"`
|
||||
// Whether to create Path as a directory if it does not exist.
|
||||
Ensure bool `json:"ensure,omitempty"`
|
||||
// Pathname to act on.
|
||||
Path *check.Absolute `json:"path"`
|
||||
// Whether to set ACL_READ for the target user.
|
||||
Read bool `json:"r,omitempty"`
|
||||
// Whether to set ACL_WRITE for the target user.
|
||||
Write bool `json:"w,omitempty"`
|
||||
// Whether to set ACL_EXECUTE for the target user.
|
||||
Execute bool `json:"x,omitempty"`
|
||||
}
|
||||
|
||||
// String returns a checked string representation of [ExtraPermConfig].
|
||||
func (e *ExtraPermConfig) String() string {
|
||||
if e == nil || e.Path == nil {
|
||||
return "<invalid>"
|
||||
|
||||
@@ -88,7 +88,7 @@ func Template() *Config {
|
||||
},
|
||||
DirectWayland: false,
|
||||
|
||||
ExtraPerms: []*ExtraPermConfig{
|
||||
ExtraPerms: []ExtraPermConfig{
|
||||
{Path: fhs.AbsVarLib.Append("hakurei/u0"), Ensure: true, Execute: true},
|
||||
{Path: fhs.AbsVarLib.Append("hakurei/u0/org.chromium.Chromium"), Read: true, Write: true, Execute: true},
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user