kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity

cmd/hakurei: rename app to run

Browse Source 
The run command was a legacy holdover from very early days and is only useful for testing and demonstration these days. This change also renames it to exec.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2026-03-28 16:43:02 +09:00
parent 2c254c70b8
commit b1ea3b4acf
8 changed files with 50 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/sandbox/configuration.nix
View File

@@ -30,7 +30,7 @@ in
# For checking pd outcome:
(pkgs.writeShellScriptBin "check-sandbox-pd" ''
hakurei -v run hakurei-test \
hakurei -v exec hakurei-test \
-p "/var/tmp/.hakurei-check-ok.0" \
-t ${toString (builtins.toFile "hakurei-pd-want.json" (builtins.toJSON testCases.pd.want))} \
-s ${testCases.pd.expectedFilter.${pkgs.stdenv.hostPlatform.system}} "$@"

18
test/sandbox/test.py
View File

@@ -42,23 +42,23 @@ machine.wait_for_file("/run/user/1000/wayland-1")
machine.wait_for_file("/tmp/sway-ipc.sock")
# Check pd seccomp outcome:
swaymsg("exec hakurei run cat")
swaymsg("exec hakurei exec cat")
check_filter(0, "pdlike", "cat")
# Check fd leak:
swaymsg("exec exec 127</proc/cmdline && hakurei -v run sleep infinity")
swaymsg("exec exec 127</proc/cmdline && hakurei -v exec sleep infinity")
pd_identity0_sleep_pid = int(machine.wait_until_succeeds("pgrep -U 10000 -x sleep", timeout=60))
print(machine.succeed(f"hakurei-test fd {pd_identity0_sleep_pid}"))
machine.succeed(f"kill -INT {pd_identity0_sleep_pid}")
# Verify capabilities/securebits in user namespace:
print(machine.succeed("sudo -u alice -i hakurei run capsh --print"))
print(machine.succeed("sudo -u alice -i hakurei run capsh --has-no-new-privs"))
print(machine.fail("sudo -u alice -i hakurei run capsh --has-a=CAP_SYS_ADMIN"))
print(machine.fail("sudo -u alice -i hakurei run capsh --has-b=CAP_SYS_ADMIN"))
print(machine.fail("sudo -u alice -i hakurei run capsh --has-i=CAP_SYS_ADMIN"))
print(machine.fail("sudo -u alice -i hakurei run capsh --has-p=CAP_SYS_ADMIN"))
print(machine.fail("sudo -u alice -i hakurei run umount -R /dev"))
print(machine.succeed("sudo -u alice -i hakurei exec capsh --print"))
print(machine.succeed("sudo -u alice -i hakurei exec capsh --has-no-new-privs"))
print(machine.fail("sudo -u alice -i hakurei exec capsh --has-a=CAP_SYS_ADMIN"))
print(machine.fail("sudo -u alice -i hakurei exec capsh --has-b=CAP_SYS_ADMIN"))
print(machine.fail("sudo -u alice -i hakurei exec capsh --has-i=CAP_SYS_ADMIN"))
print(machine.fail("sudo -u alice -i hakurei exec capsh --has-p=CAP_SYS_ADMIN"))
print(machine.fail("sudo -u alice -i hakurei exec umount -R /dev"))
# Check sandbox outcome:
machine.succeed("install -dm0777 /tmp/.hakurei-store-rw/{upper,work}")