kossLAN/wry
1
0
Fork 0
forked from wry/wry
Code Pull requests Activity

config: add sandbox client criteria

Browse source
This commit is contained in:
Julian Orth 2025-05-02 17:48:44 +02:00
parent fd2163d658
commit 9bf79bf23c
20 changed files with 465 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

32
src/security_context_acceptor.rs
View file

@ -24,9 +24,7 @@ linear_ids!(AcceptorIds, AcceptorId, u64);
struct Acceptor {
id: AcceptorId,
state: Rc<State>,
sandbox_engine: Option<String>,
app_id: Option<String>,
instance_id: Option<String>,
metadata: Rc<AcceptorMetadata>,
listen_fd: Rc<OwnedFd>,
close_fd: Rc<OwnedFd>,
caps: ClientCaps,
@ -34,6 +32,14 @@ struct Acceptor {
close_future: Cell<Option<SpawnedFuture<()>>>,
}
#[derive(Default)]
pub struct AcceptorMetadata {
pub sandboxed: bool,
pub sandbox_engine: Option<String>,
pub app_id: Option<String>,
pub instance_id: Option<String>,
}
impl SecurityContextAcceptors {
pub fn clear(&self) {
for acceptor in self.acceptors.lock().drain_values() {
@ -54,9 +60,12 @@ impl SecurityContextAcceptors {
let acceptor = Rc::new(Acceptor {
id: self.ids.next(),
state: state.clone(),
sandbox_engine,
app_id,
instance_id,
metadata: Rc::new(AcceptorMetadata {
sandboxed: true,
sandbox_engine,
app_id,
instance_id,
}),
listen_fd: listen_fd.clone(),
close_fd: close_fd.clone(),
caps,
@ -100,7 +109,10 @@ impl Acceptor {
}
};
let id = s.clients.id();
if let Err(e) = s.clients.spawn(id, s, fd, self.caps, self.caps) {
if let Err(e) = s
.clients
.spawn(id, s, fd, self.caps, self.caps, &self.metadata)
{
log::error!("Could not spawn a client: {}", ErrorFmt(e));
break;
}
@ -119,9 +131,9 @@ impl Display for Acceptor {
write!(
f,
"{}/{}/{}",
self.sandbox_engine.as_deref().unwrap_or(""),
self.app_id.as_deref().unwrap_or(""),
self.instance_id.as_deref().unwrap_or(""),
self.metadata.sandbox_engine.as_deref().unwrap_or(""),
self.metadata.app_id.as_deref().unwrap_or(""),
self.metadata.instance_id.as_deref().unwrap_or(""),
)
}
}