Ophestra
8accd3b219
All checks were successful
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m14s
Test / Hakurei (push) Successful in 3m9s
Test / Sandbox (race detector) (push) Successful in 3m58s
Test / Hpkg (push) Successful in 4m5s
Test / Hakurei (race detector) (push) Successful in 4m46s
Test / Flake checks (push) Successful in 1m28s
This enables instrumented testing of the shim. Signed-off-by: Ophestra <cat@gensokyo.uk>
164 lines
6.0 KiB
Go
164 lines
6.0 KiB
Go
package app
|
|
|
|
import (
|
|
"context"
|
|
"io"
|
|
"io/fs"
|
|
"os"
|
|
"os/exec"
|
|
"os/signal"
|
|
"os/user"
|
|
"path/filepath"
|
|
|
|
"hakurei.app/container"
|
|
"hakurei.app/container/check"
|
|
"hakurei.app/container/seccomp"
|
|
"hakurei.app/internal"
|
|
"hakurei.app/message"
|
|
"hakurei.app/system/dbus"
|
|
)
|
|
|
|
// osFile represents [os.File].
|
|
type osFile interface {
|
|
Name() string
|
|
io.Writer
|
|
fs.File
|
|
}
|
|
|
|
// syscallDispatcher provides methods that make state-dependent system calls as part of their behaviour.
|
|
type syscallDispatcher interface {
|
|
// new starts a goroutine with a new instance of syscallDispatcher.
|
|
// A syscallDispatcher must never be used in any goroutine other than the one owning it,
|
|
// just synchronising access is not enough, as this is for test instrumentation.
|
|
new(f func(k syscallDispatcher, msg message.Msg))
|
|
|
|
// getpid provides [os.Getpid].
|
|
getpid() int
|
|
// getuid provides [os.Getuid].
|
|
getuid() int
|
|
// getgid provides [os.Getgid].
|
|
getgid() int
|
|
// lookupEnv provides [os.LookupEnv].
|
|
lookupEnv(key string) (string, bool)
|
|
// pipe provides os.Pipe.
|
|
pipe() (r, w *os.File, err error)
|
|
// stat provides [os.Stat].
|
|
stat(name string) (os.FileInfo, error)
|
|
// open provides [os.Open].
|
|
open(name string) (osFile, error)
|
|
// readdir provides [os.ReadDir].
|
|
readdir(name string) ([]os.DirEntry, error)
|
|
// tempdir provides [os.TempDir].
|
|
tempdir() string
|
|
// exit provides [os.Exit].
|
|
exit(code int)
|
|
|
|
// evalSymlinks provides [filepath.EvalSymlinks].
|
|
evalSymlinks(path string) (string, error)
|
|
|
|
// lookupGroupId calls [user.LookupGroup] and returns the Gid field of the resulting [user.Group] struct.
|
|
lookupGroupId(name string) (string, error)
|
|
|
|
// cmdOutput provides the Output method of [exec.Cmd].
|
|
cmdOutput(cmd *exec.Cmd) ([]byte, error)
|
|
|
|
// notifyContext provides [signal.NotifyContext].
|
|
notifyContext(parent context.Context, signals ...os.Signal) (ctx context.Context, stop context.CancelFunc)
|
|
|
|
// prctl provides [container.Prctl].
|
|
prctl(op, arg2, arg3 uintptr) error
|
|
// overflowUid provides [container.OverflowUid].
|
|
overflowUid(msg message.Msg) int
|
|
// overflowGid provides [container.OverflowGid].
|
|
overflowGid(msg message.Msg) int
|
|
// setDumpable provides [container.SetDumpable].
|
|
setDumpable(dumpable uintptr) error
|
|
// receive provides [container.Receive].
|
|
receive(key string, e any, fdp *uintptr) (closeFunc func() error, err error)
|
|
|
|
// containerStart provides the Start method of [container.Container].
|
|
containerStart(z *container.Container) error
|
|
// containerStart provides the Serve method of [container.Container].
|
|
containerServe(z *container.Container) error
|
|
// containerStart provides the Wait method of [container.Container].
|
|
containerWait(z *container.Container) error
|
|
|
|
// seccompLoad provides [seccomp.Load].
|
|
seccompLoad(rules []seccomp.NativeRule, flags seccomp.ExportFlag) error
|
|
|
|
// mustHsuPath provides [internal.MustHsuPath].
|
|
mustHsuPath() *check.Absolute
|
|
|
|
// dbusAddress provides [dbus.Address].
|
|
dbusAddress() (session, system string)
|
|
|
|
// setupContSignal provides setupContSignal.
|
|
setupContSignal(pid int) (io.ReadCloser, func(), error)
|
|
|
|
// getMsg returns the [message.Msg] held by syscallDispatcher.
|
|
getMsg() message.Msg
|
|
// fatal provides [log.Fatal].
|
|
fatal(v ...any)
|
|
// fatalf provides [log.Fatalf].
|
|
fatalf(format string, v ...any)
|
|
}
|
|
|
|
// direct implements syscallDispatcher on the current kernel.
|
|
type direct struct{ msg message.Msg }
|
|
|
|
func (k direct) new(f func(k syscallDispatcher, msg message.Msg)) { go f(k, k.msg) }
|
|
|
|
func (direct) getpid() int { return os.Getpid() }
|
|
func (direct) getuid() int { return os.Getuid() }
|
|
func (direct) getgid() int { return os.Getgid() }
|
|
func (direct) lookupEnv(key string) (string, bool) { return os.LookupEnv(key) }
|
|
func (direct) pipe() (r, w *os.File, err error) { return os.Pipe() }
|
|
func (direct) stat(name string) (os.FileInfo, error) { return os.Stat(name) }
|
|
func (direct) open(name string) (osFile, error) { return os.Open(name) }
|
|
func (direct) readdir(name string) ([]os.DirEntry, error) { return os.ReadDir(name) }
|
|
func (direct) tempdir() string { return os.TempDir() }
|
|
func (direct) exit(code int) { os.Exit(code) }
|
|
|
|
func (direct) evalSymlinks(path string) (string, error) { return filepath.EvalSymlinks(path) }
|
|
|
|
func (direct) lookupGroupId(name string) (gid string, err error) {
|
|
var group *user.Group
|
|
group, err = user.LookupGroup(name)
|
|
if group != nil {
|
|
gid = group.Gid
|
|
}
|
|
return
|
|
}
|
|
|
|
func (direct) cmdOutput(cmd *exec.Cmd) ([]byte, error) { return cmd.Output() }
|
|
|
|
func (direct) notifyContext(parent context.Context, signals ...os.Signal) (ctx context.Context, stop context.CancelFunc) {
|
|
return signal.NotifyContext(parent, signals...)
|
|
}
|
|
|
|
func (direct) prctl(op, arg2, arg3 uintptr) error { return container.Prctl(op, arg2, arg3) }
|
|
func (direct) overflowUid(msg message.Msg) int { return container.OverflowUid(msg) }
|
|
func (direct) overflowGid(msg message.Msg) int { return container.OverflowGid(msg) }
|
|
func (direct) setDumpable(dumpable uintptr) error { return container.SetDumpable(dumpable) }
|
|
func (direct) receive(key string, e any, fdp *uintptr) (func() error, error) {
|
|
return container.Receive(key, e, fdp)
|
|
}
|
|
|
|
func (direct) containerStart(z *container.Container) error { return z.Start() }
|
|
func (direct) containerServe(z *container.Container) error { return z.Serve() }
|
|
func (direct) containerWait(z *container.Container) error { return z.Wait() }
|
|
|
|
func (direct) seccompLoad(rules []seccomp.NativeRule, flags seccomp.ExportFlag) error {
|
|
return seccomp.Load(rules, flags)
|
|
}
|
|
|
|
func (direct) mustHsuPath() *check.Absolute { return internal.MustHsuPath() }
|
|
|
|
func (direct) dbusAddress() (session, system string) { return dbus.Address() }
|
|
|
|
func (direct) setupContSignal(pid int) (io.ReadCloser, func(), error) { return setupContSignal(pid) }
|
|
|
|
func (k direct) getMsg() message.Msg { return k.msg }
|
|
func (k direct) fatal(v ...any) { k.msg.GetLogger().Fatal(v...) }
|
|
func (k direct) fatalf(format string, v ...any) { k.msg.GetLogger().Fatalf(format, v...) }
|