kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity

ext: move syscall wrappers from container

Browse Source 
These are generally useful, and none of them are container-specific. Syscalls subtle to use and requiring container-specific setup remains in container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2026-03-17 15:48:40 +09:00
parent 6d015a949e
commit b852402f67
11 changed files with 103 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/hakurei/main.go
View File

@@ -13,6 +13,7 @@ import (
"syscall"
"hakurei.app/container"
"hakurei.app/ext"
"hakurei.app/message"
)
@@ -35,8 +36,8 @@ func main() {
msg := message.New(log.Default())
early := earlyHardeningErrs{
yamaLSM: container.SetPtracer(0),
dumpable: container.SetDumpable(container.SUID_DUMP_DISABLE),
yamaLSM: ext.SetPtracer(0),
dumpable: ext.SetDumpable(ext.SUID_DUMP_DISABLE),
}
if os.Geteuid() == 0 {

3
cmd/mbf/main.go
View File

@@ -24,6 +24,7 @@ import (
"hakurei.app/container/fhs"
"hakurei.app/container/seccomp"
"hakurei.app/container/std"
"hakurei.app/ext"
"hakurei.app/internal/pkg"
"hakurei.app/internal/rosa"
"hakurei.app/message"
@@ -271,7 +272,7 @@ func main() {
return errors.New("report requires 1 argument")
}
if container.Isatty(int(w.Fd())) {
if ext.Isatty(int(w.Fd())) {
return errors.New("output appears to be a terminal")
}
return rosa.WriteReport(msg, w, cache)