cmd/hakurei/command: pd run dbus-verbose nil check

This otherwise dereferences a nil pointer when dbus-verbose is set and either session or system bus are nil.

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/hakurei/command.go

@@ -162,8 +162,12 @@ func buildCommand(out io.Writer) command.Command {
 
 				// override log from configuration
 				if dbusVerbose {
-					config.SessionBus.Log = true
+					if config.SessionBus != nil {
-					config.SystemBus.Log = true
+						config.SessionBus.Log = true
+					}
+					if config.SystemBus != nil {
+						config.SystemBus.Log = true
+					}
 				}
 			}
 

internal/app/seal_linux.go

@@ -418,7 +418,9 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co
 					}
 				} else {
 					seal.sys.UpdatePermType(system.EX11, socketPath.String(), acl.Read, acl.Write, acl.Execute)
-					d = "unix:" + socketPath.String()
+					if !config.Container.HostAbstract {
+						d = "unix:" + socketPath.String()
+					}
 				}
 			}
 

test/sandbox/case/default.nix

@@ -49,6 +49,7 @@ let
         mapRealUid
         useCommonPaths
         userns
+        hostAbstract
         ;
       enablements = {
         inherit (tc) x11;

test/sandbox/case/device.nix

@@ -26,6 +26,7 @@ in
   useCommonPaths = true;
   userns = false;
   x11 = true;
+  hostAbstract = false;
 
   # 0, PresetStrict
   expectedFilter = {

test/sandbox/case/mapuid.nix

@@ -35,6 +35,7 @@ in
   useCommonPaths = true;
   userns = false;
   x11 = false;
+  hostAbstract = false;
 
   # 0, PresetStrict
   expectedFilter = {

test/sandbox/case/pdlike.nix

@@ -35,6 +35,7 @@ in
   useCommonPaths = false;
   userns = true;
   x11 = false;
+  hostAbstract = false;
 
   # 0, PresetExt | PresetDenyDevel
   expectedFilter = {

test/sandbox/case/preset.nix

@@ -35,6 +35,7 @@ in
   useCommonPaths = false;
   userns = false;
   x11 = false;
+  hostAbstract = false;
 
   # 0, PresetStrict
   expectedFilter = {

test/sandbox/case/tty.nix

@@ -35,6 +35,7 @@ in
   useCommonPaths = true;
   userns = false;
   x11 = true;
+  hostAbstract = true;
 
   # 0, PresetExt | PresetDenyNS | PresetDenyDevel
   expectedFilter = {
@@ -45,7 +46,7 @@ in
   want = {
     env = [
       "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/65534/bus"
-      "DISPLAY=unix:/tmp/.X11-unix/X0"
+      "DISPLAY=:0"
       "HOME=/var/lib/hakurei/u0/a2"
       "PULSE_SERVER=unix:/run/user/65534/pulse/native"
       "SHELL=/run/current-system/sw/bin/bash"
@@ -276,7 +277,7 @@ in
     seccomp = true;
 
     try_socket = "/tmp/.X11-unix/X0";
-    socket_abstract = false;
+    socket_abstract = true;
     socket_pathname = true;
   };
 }

test/test.py

@@ -149,7 +149,7 @@ silent_output_interrupt("--wayland -X --dbus --pulse ")
 print(machine.fail("sudo -u alice -i hakurei -v run --wayland true"))
 
 # Start hakurei permissive defaults within Wayland session:
-hakurei('-v run --wayland --dbus notify-send -a "NixOS Tests" "Test notification" "Notification from within sandbox." && touch /tmp/dbus-ok')
+hakurei('-v run --wayland --dbus --dbus-log notify-send -a "NixOS Tests" "Test notification" "Notification from within sandbox." && touch /tmp/dbus-ok')
 machine.wait_for_file("/tmp/dbus-ok", timeout=15)
 collect_state_ui("dbus_notify_exited")
 # not in pid namespace, verify termination