bunpen: refactor: lift dbus_resources out of restrict/dbus_proxy -> resources

pkgs/by-name/bunpen/resources/resources.ha

@@ -7,6 +7,7 @@ export type resources = struct {
   // user has naturally.
   paths: []path::buffer,
   caps: rt::ext::caps,
+  dbus: dbus_resources,
   // true to allow speaking to other processes in the same IPC namespace
   ipc: bool,
   net: net_resources,
@@ -18,6 +19,13 @@ export type resources = struct {
   try_users: bool,
 };
 
+export type dbus_resources = struct {
+  // list of bus names to allow talking to
+  talk: []str,
+  // list of bus names to allow owning
+  own: []str,
+};
+
 export type net_subset = struct {
   // name of the network device through which traffic should be routed
   dev: str,

pkgs/by-name/bunpen/restrict/dbus_proxy.ha

@@ -65,18 +65,14 @@ use strings;
 use os;
 use os::exec;
 use ps;
+use resources;
 use rt::ext;
 
-export type dbus_resources = struct {
-  talk: []str,
-  own: []str,
-};
-
 // given an existing, unfiltered bus at the fs path `upstream`,
 // proxy the bus into the fs path indicated by `downstream`.
 // clients attaching to the `downstream` path are provided access only to the
 // resources indicated by `dbus`.
-fn dbus_restrict(dbus: dbus_resources, upstream: str, downstream: str) void = {
+fn dbus_restrict(dbus: resources::dbus_resources, upstream: str, downstream: str) void = {
   match (ps::fork_and_die_with_parent()) {
     case let child_pid: os::exec::process =>
       let proxy_args: []str = [