kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,449 Commits 2 Branches 14 Tags
140cb3cc477c7c2dc561e4ad0cc3354be0b1c6c8
Commit Graph

223 Commits

Author SHA1 Message Date
cat 51304b03af container/initremount: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:55:51 +09:00
cat c6397b941f container/initproc: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:29:45 +09:00
cat d65e5f817a container/initplace: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:19:27 +09:00
cat 696e593898 container/initoverlay: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:33:15 +09:00
cat 97ab24feef container/init: use absolute compare method 
More checks are also added.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:14:36 +09:00
cat 31f0dd36df absolute: efficient equivalence check method 
This is more efficient and makes the call site cleaner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:06:38 +09:00
cat 9aec2f46fe container/initdev: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:55:45 +09:00
cat 022cc26b2e container/capability: check CAP_TO_INDEX and CAP_TO_MASK 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:45:00 +09:00
cat b4c018da8f container/autoetc: do not bypass absolute check 
This can now be done cleanly via path function wrappers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:37:11 +09:00
cat 66f52407d3 container/initmkdir: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:32:22 +09:00
cat e463faf649 container/initbind: check path equivalence by value 
Same problem as autoroot, never updated the checks after integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:22:04 +09:00
cat 375acb476d container/autoroot: check host path equivalence by value 
This will never return true otherwise unless the equivalent paths happen to be interned by the caller.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:14:39 +09:00
cat c81c9a9d75 container/init: split setup ops into individual files 
This significantly increases readability.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 01:28:31 +09:00
cat 339e4080dc container/ops: move Op type to init file 
This helps with the eventual separation of all setup ops into individual files.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 01:11:24 +09:00
cat e0533aaa68 container/autoroot: filter dentry with empty name 
This is unreachable, but nice to have just in case.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 01:03:49 +09:00
cat 13c7083bc0 container: ptrace protection via Yama LSM 
This is only a nice to have feature as the init process has no additional privileges and the monitor process was never reachable anyway.

Closes #4.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 00:43:55 +09:00
cat 140fe21237 container/params: check setup/receive behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 22:30:34 +09:00
cat f52d2c7db6 container/path: check create and mountinfo helpers 
These can quite easily be checked within the framework. The scanner fault injection might require updating at some point if the implementation changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 21:30:28 +09:00
netadr 5db0714072 container: optionally isolate host abstract UNIX domain sockets via landlock 2025-08-18 16:28:14 +09:00
cat 69a4ab8105 container: move PR_SET_NO_NEW_PRIVS to parent 
This allows some LSM setup in the parent.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 11:46:02 +09:00
cat 0ac6e99818 container: start from locked thread 
This allows setup that relies on per-thread state like securebits and landlock, from the parent side.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 17:42:22 +09:00
cat f35733810e container: check output helper functions 
The container test suite has always been somewhat inadequate due to the inability of coverage tooling to reach into containers. This has become an excuse for not testing non-container code as well, which lead to the general lack of confidence when working with container code. This change aims to be one of many to address that to some extent.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 02:59:37 +09:00
cat 9c1a5d43ba container: enforce nonrepeatable autoetc and autoroot 
These keep track of some internal state, and they don't make sense to have multiple instances of anyway, so instead of dealing with that, just make them nonrepetable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 01:43:11 +09:00
cat 8aa65f28c6 container: allow additional state between ops 
This is useful for ops that need to be aware of previous instances of themselves.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 01:32:07 +09:00
cat ba3227bf15 container: export overlay escape 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 23:44:11 +09:00
cat 332d90d6c7 container/path: remove unused path 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 05:00:09 +09:00
cat e99d7affb0 container: use absolute for pathname 
This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-11 04:56:42 +09:00
cat 41ac2be965 container/absolute: wrap safe stdlib functions 
These functions do not change the absoluteness of a pathname.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-10 03:11:10 +09:00
cat 02271583fb container: remove PATH lookup behaviour 
This is way higher level than the container package and does not even work unless every path is mounted in the exact same location.

This behaviour causes nothing but confusion and problems,

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 19:08:54 +09:00
cat ef54b2cd08 container/absolute: early absolute pathname check 
This is less error-prone, and allows pathname to be checked once.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 18:53:46 +09:00
cat 82608164f6 container/params: remove confusingly named error 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 17:37:46 +09:00
cat edd6f2cfa9 container: document ambient capabilities 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 02:11:55 +09:00
cat acffa76812 container/ops: implement overlay op 
There are significant limitations to using the overlay mount, and the implementation in the kernel is quite quirky. For now the Op is quite robust, however a higher level interface for it has not been decided yet.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 01:54:48 +09:00
cat 8da76483e6 container/path: fix typo "paths" 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 01:32:48 +09:00
cat 534c932906 container: test case runtime initialisation 
This allows for more sophisticated test setup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 01:03:35 +09:00
cat fee10fed4d container: test bypass output buffer on verbose 
This restores verbose behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 00:57:27 +09:00
cat f1a53d6116 container: raise CAP_DAC_OVERRIDE 
This is required for upperdir and workdir checks in overlayfs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 00:43:19 +09:00
cat fde5f1ca64 container: buffer test output 
This further reduces noise on test failure by only passing through output of the failed test.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-07 02:55:58 +09:00
cat 4d0bdd84b5 container: test respect verbose flag 
This reduces noise on test failure.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-07 02:50:00 +09:00
cat 9a25542c6d container/init: use mount string constants 
These literals were missed when the constants were first defined.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-04 04:00:05 +09:00
cat c6be82bcf9 container/path: fhs path constants 
This increases readability since this can help disambiguate absolute paths from similarly named path segments.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 21:16:45 +09:00
cat 38245559dc container/ops: mount dev readonly 
There is usually no good reason to write to /dev. This however doesn't work in internal/app because FilesystemConfig supplied by ContainerConfig might add entries to /dev, so internal/app follows DevWritable with Remount instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 19:18:53 +09:00
cat 7b416d47dc container/ops: merge mqueue and dev Ops 
There is no reason to mount mqueue anywhere else, and these Ops usually follow each other. This change merges them. This helps decrease IPC overhead and also enables mounting dev readonly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 19:13:46 +09:00
cat 15170735ba container/mount: move tmpfs sysroot prefixing to caller 
The mountTmpfs helper is a relatively low level function that is not exposed as part of the API. Prefixing sysroot here not only introduces overhead but is also quite error-prone.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 18:06:41 +09:00
cat 6a3886e9db container/op: unexport bind resolved source field 
This is used for symlink resolution and is only used internally.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 17:57:37 +09:00
cat ff66296378 container/mount: mount data escape helper function 
For formatting user-supplied path strings into overlayfs mount data.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 17:46:14 +09:00
cat 347a79df72 container: improve clone flags readability 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-02 18:19:44 +09:00
cat 0f78864a67 container/mount: export mount string constants 
This improves code readability and should also be useful for callers choosing to preserve CAP_SYS_ADMIN.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-02 17:20:09 +09:00
cat c5d24979f5 container/ops: expose remount as Op 
This is useful for building a filesystem hierarchy then remounting it readonly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-01 23:48:02 +09:00
cat 1dc780bca7 container/mount: separate remount from bind 
Remount turns out to be useful in other places.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-01 23:32:38 +09:00