This is yet another remnant of Ego, as Ego unconditionally shares these resources and the absence of them are ignored and warned about in verbose logging. In our case they are individually opt-in so silently dropping them while the enablement is still set makes very little sense.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
The -state flag now outputs state of all users. The old behaviour can be accessed via the -state-current flag, user is selected via -u.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
In the past Wayland, X and PulseAudio are shared unconditionally. This can unnecessarily increase attack surface as some of these resources might not be needed at all. This commit moves all environment preparation code to the internal app package and selectively call them based on flags.
An "enablements" bitfield is introduced tracking all enabled shares. This value is registered after successful child process launch and stored in launcher states.
Code responsible for running the child process is isolated to its own app/run file and cleaned up. Launch method selection is also extensively cleaned up.
The internal state/track readLaunchers function now takes uid as an argument. Launcher state is now printed using text/tabwriter and argv is only emitted when verbose.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
X11 hosts and ACL rules are no longer necessary after all launcher processes exit. This reverts all changes to the system made during setup when no launchers remain. State information is also saved in runDir which can be tracked externally.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
There is no way to have machinectl pass part of its argv to the child, and formatting the string for a shell is highly error-prone and complex, so the argv slice is encoded and passed to a launcher process launched by machinectl which then calls execve(2) to start the final process.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
According to manpage acl_get_qualifier(3) the void * returned by this function could be allocated on the heap.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
Since we link libxcb as well now this is needed in the dev shell for it to build properly without impure.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
Even though many pure Go libxcb implementations exist, it is at least as complex and unreadable as libxcb, if not more. Since well known libraries like SDL, qt and gtk uses libxcb, and they somehow understand how to use it, I can only assume these people have read enough code to make sure it's correct enough. Call it wishful thinking. I don't care anymore.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
Manpage provided by systemd states that the sd_booted function internally "checks whether the directory /run/systemd/system/ exists", as well as that "a simple check like this can also be implemented trivially in shell or any other language". This implies the behaviour of this function can be expected to be stable.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
The library is simple and should be easy to port to Go, however correctness matters more in this case and overhead from cgo is negligible for our usage scenario.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
Copy all flags from upstream. The machinectl flag is dropped as it does nothing. the flag package is used to reduce complexity since we do not care about compatibility with upstream.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>