makary/bookmarkfs
1
0
Fork 0
mirror of https://git.sr.ht/~cismonx/bookmarkfs synced 2025-06-07 19:58:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

sandbox: remove redundant fusefd arg

Browse source
This commit is contained in:
CismonX 2025-01-03 21:29:16 +08:00
parent 3e325a3934
commit 38e33532f0
No known key found for this signature in database
GPG key ID: 3094873E29A482FB
9 changed files with 6 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/backend.h
View file

@ -117,7 +117,6 @@ typedef int (bookmarkfs_backend_mkfs_func) (
typedef int (bookmarkfs_backend_sandbox_func) ( typedef int (bookmarkfs_backend_sandbox_func) (
void *backend_ctx, void *backend_ctx,
int fusefd,
struct bookmarkfs_backend_init_resp *resp struct bookmarkfs_backend_init_resp *resp
); );

3
src/backend_chromium.c
View file

@ -1820,7 +1820,6 @@ backend_init (
static int static int
backend_sandbox ( backend_sandbox (
void *backend_ctx, void *backend_ctx,
int fusefd,
struct bookmarkfs_backend_init_resp *UNUSED_VAR(resp) struct bookmarkfs_backend_init_resp *UNUSED_VAR(resp)
) { ) {
struct backend_ctx *ctx = backend_ctx; struct backend_ctx *ctx = backend_ctx;
@ -1853,7 +1852,7 @@ backend_sandbox (
if (ctx->flags & BOOKMARKFS_BACKEND_NO_LANDLOCK) { if (ctx->flags & BOOKMARKFS_BACKEND_NO_LANDLOCK) {
sandbox_flags |= SANDBOX_NO_LANDLOCK; sandbox_flags |= SANDBOX_NO_LANDLOCK;
} }
return sandbox_enter(fusefd, ctx->dirfd, sandbox_flags); return sandbox_enter(ctx->dirfd, sandbox_flags);
} }
static int static int

3
src/backend_firefox.c
View file

@ -2841,7 +2841,6 @@ backend_init (
static int static int
backend_sandbox ( backend_sandbox (
void *backend_ctx, void *backend_ctx,
int fusefd,
struct bookmarkfs_backend_init_resp *resp struct bookmarkfs_backend_init_resp *resp
) { ) {
struct backend_ctx *ctx = backend_ctx; struct backend_ctx *ctx = backend_ctx;
@ -2853,7 +2852,7 @@ backend_sandbox (
// Currently there is no way to retrieve the file descriptors of the // Currently there is no way to retrieve the file descriptors of the
// open database/-wal/-shm/... files using the SQLite3 public API, // open database/-wal/-shm/... files using the SQLite3 public API,
// thus we're unable to exert fine-grained control over their capabilities. // thus we're unable to exert fine-grained control over their capabilities.
if (unlikely(0 != sandbox_enter(fusefd, -1, 0))) { if (unlikely(0 != sandbox_enter(-1, 0))) {
return -1; return -1;
} }

2
src/fsck_offline.c
View file

@ -440,7 +440,7 @@ fsck_sandbox (
struct bookmarkfs_backend_init_resp info = { struct bookmarkfs_backend_init_resp info = {
.bookmarks_root_id = UINT64_MAX, .bookmarks_root_id = UINT64_MAX,
}; };
if (0 != BACKEND_CALL(ctx, backend_sandbox, -1, &info)) { if (0 != BACKEND_CALL(ctx, backend_sandbox, &info)) {
return -1; return -1;
} }

2
src/fsck_online.c
View file

@ -423,7 +423,7 @@ fsck_sandbox (
if (ctx->flags & BOOKMARKFS_BACKEND_NO_LANDLOCK) { if (ctx->flags & BOOKMARKFS_BACKEND_NO_LANDLOCK) {
flags |= SANDBOX_NO_LANDLOCK; flags |= SANDBOX_NO_LANDLOCK;
} }
return sandbox_enter(-1, ctx->dir_stack[0].fd, flags); return sandbox_enter(ctx->dir_stack[0].fd, flags);
} }
struct bookmarkfs_fsck_ops const fsck_online_ops = { struct bookmarkfs_fsck_ops const fsck_online_ops = {

4
src/mount.c
View file

@ -115,13 +115,11 @@ enter_sandbox (
return 0; return 0;
} }
void *backend_ctx = ctx->backend_ctx;
int fusefd = fuse_session_fd(ctx->session);
struct bookmarkfs_backend_init_resp resp = { struct bookmarkfs_backend_init_resp resp = {
.bookmarks_root_id = UINT64_MAX, .bookmarks_root_id = UINT64_MAX,
.tags_root_id = UINT64_MAX, .tags_root_id = UINT64_MAX,
}; };
if (0 != ctx->backend_impl->backend_sandbox(backend_ctx, fusefd, &resp)) { if (0 != ctx->backend_impl->backend_sandbox(ctx->backend_ctx, &resp)) {
return -1; return -1;
} }
debug_puts("sandbox entered"); debug_puts("sandbox entered");

12
src/sandbox.c
View file

@ -149,7 +149,6 @@ landlock_restrict_self (
int int
sandbox_enter ( sandbox_enter (
int UNUSED_VAR(fusefd),
int dirfd, int dirfd,
uint32_t flags uint32_t flags
) { ) {
@ -354,7 +353,6 @@ sandbox_enter (
int int
sandbox_enter ( sandbox_enter (
int fusefd,
int dirfd, int dirfd,
uint32_t flags uint32_t flags
) { ) {
@ -373,16 +371,6 @@ sandbox_enter (
return -1; return -1;
} }
if (fusefd >= 0) {
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT);
if (unlikely(0 != cap_rights_limit(fusefd, &rights))) {
log_printf("cap_rights_limit(): %s", xstrerror(errno));
return -1;
}
}
if (dirfd >= 0) { if (dirfd >= 0) {
cap_rights_t rights; cap_rights_t rights;
cap_rights_init(&rights, CAP_LOOKUP, CAP_READ, CAP_FSTAT, CAP_FLOCK, cap_rights_init(&rights, CAP_LOOKUP, CAP_READ, CAP_FSTAT, CAP_FLOCK,

1
src/sandbox.h
View file

@ -31,7 +31,6 @@
int int
sandbox_enter ( sandbox_enter (
int fusefd,
int dirfd, int dirfd,
uint32_t flags uint32_t flags
); );

2
src/watcher.c
View file

@ -303,7 +303,7 @@ worker_loop (
uint32_t sandbox_flags = w->flags >> WATCHER_SANDBOX_FLAGS_OFFSET; uint32_t sandbox_flags = w->flags >> WATCHER_SANDBOX_FLAGS_OFFSET;
if (!(sandbox_flags & SANDBOX_NOOP)) { if (!(sandbox_flags & SANDBOX_NOOP)) {
sandbox_flags |= SANDBOX_READONLY; sandbox_flags |= SANDBOX_READONLY;
if (unlikely(0 != sandbox_enter(-1, w->dirfd, sandbox_flags))) { if (unlikely(0 != sandbox_enter(w->dirfd, sandbox_flags))) {
goto end; goto end;
} }
debug_puts("worker thread enters sandbox"); debug_puts("worker thread enters sandbox");