fortify/internal
Ophestra Umiker 1906853382
clean up setup/launcher code and enable better control over shares
In the past Wayland, X and PulseAudio are shared unconditionally. This can unnecessarily increase attack surface as some of these resources might not be needed at all. This commit moves all environment preparation code to the internal app package and selectively call them based on flags.

An "enablements" bitfield is introduced tracking all enabled shares. This value is registered after successful child process launch and stored in launcher states.

Code responsible for running the child process is isolated to its own app/run file and cleaned up. Launch method selection is also extensively cleaned up.

The internal state/track readLaunchers function now takes uid as an argument. Launcher state is now printed using text/tabwriter and argv is only emitted when verbose.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-08 02:24:01 +09:00
..
acl rename to fortify and restructure 2024-09-04 01:20:12 +09:00
app clean up setup/launcher code and enable better control over shares 2024-09-08 02:24:01 +09:00
state clean up setup/launcher code and enable better control over shares 2024-09-08 02:24:01 +09:00
system clean up setup/launcher code and enable better control over shares 2024-09-08 02:24:01 +09:00
util rename to fortify and restructure 2024-09-04 01:20:12 +09:00
xcb rename to fortify and restructure 2024-09-04 01:20:12 +09:00