kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
1,991 Commits 6 Branches 14 Tags
3d8b89e1ab890b153ad345226fc27868767d8462
Commit Graph

51 Commits

Author SHA1 Message Date
Ophestra
c61cdc505f internal/params: relocate from package container 
This does not make sense as part of the public API, so make it internal.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 16:37:44 +09:00
Ophestra
e4355279a1 all: optionally forbid degrading in tests 
This enables transparently degradable tests to be forced on in environments known to support them.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 15:22:52 +09:00
Ophestra
289fdebead container: transparently degrade landlock in tests 
Explicitly requiring landlock in tests will be supported in a future change.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 15:03:48 +09:00
Ophestra
9e63633fbc container: remove test timeouts 
These timeouts are no longer useful, and causes spurious test failures under load.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-03 10:51:37 +09:00
Ophestra
722989c682 fhs: move from container 
This package is not container-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:56:36 +09:00
Ophestra
6d015a949e check: move from container 
This package is not container specific, and widely used across the project.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:39:03 +09:00
Ophestra
e9a72490db vfs: move from container 
This package is not container-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:30:30 +09:00
Ophestra
cd5959fe5a ext: isolate from container/std 
These are too general to belong in the container package. This targets the v0.4 release to reduce the wrapper maintenance burden.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:39:26 +09:00
Ophestra
c74c269b66 container: use /proc/self/exe directly 
This is a more reliable form of pathname to self and also cheaper than os.Executable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-28 20:44:44 +09:00
Ophestra
a3e87dd0ef container: ignore uninterpreted source 
These can be set to anything by the distribution.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:39:39 +09:00
Ophestra
90a38c0708 container: strip host-dependent opts in test cases 
This change also improves plumbing for stripping options.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:35:20 +09:00
Ophestra
bf14a412e4 container: fix host-dependent test cases 
These are not fully controlled by hakurei and may change depending on host configuration.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-31 10:59:56 +09:00
Ophestra
47244daefb treewide: migrate ldd callers 
This discontinues use of the deprecated ldd.Exec function for #25.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 21:59:59 +09:00
Ophestra
299685775a container: provide usage example 
This requires cgo so unfortunately will not run in the playground.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 18:25:22 +09:00
Ophestra
ac34635890 container: set FD_CLOEXEC on all open files 
While fd created from this side always has the FD_CLOEXEC flag, the same is not true for files left open by the parent. This change prevents those files from leaking into the container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-12 00:18:29 +09:00
Ophestra
2f74adc8bd container/init: close initial process files on termination 
This closes them during the adopt wait delay. This also keeps them alive.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-10 20:35:59 +09:00
Ophestra
fba201c995 container/std: relocate rule types 
This enables its use in hst for #15.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 06:00:39 +09:00
Ophestra
c1399f5030 std: rename from comp 
Seccomp lookup tables are going to be relocated here, and PNR constants.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 02:47:43 +09:00
Ophestra
ae66b3d2fb message: rename NewMsg to New 
Should have done this when relocating this from container. Now is a good time to rename it before v0.3.x.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-03 01:49:27 +09:00
Ophestra
e94acc424c container/comp: rename from bits 
This package will also hold syscall lookup tables for seccomp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-21 20:54:03 +09:00
Ophestra
e5ff40e7d3 container: synchronise after notify 
This should eliminate intermittent failures in the forward test.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-13 19:17:19 +09:00
Ophestra
7638a44fa6 treewide: parallel tests 
Most tests already had no global state, however parallel was never enabled. This change enables it for all applicable tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-13 04:38:48 +09:00
Ophestra
f5a597c406 hst: rename /.hakurei constant 
This provides disambiguation from fhs.AbsTmp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-11 14:32:35 +09:00
Ophestra
87b5c30ef6 message: relocate from container 
This package is quite useful. This change allows it to be imported without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-09 05:18:19 +09:00
Ophestra
0e6c1a5026 container/check: move absolute pathname 
This allows use of absolute pathname values without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 20:57:58 +09:00
Ophestra
3ce63e95d7 container: move seccomp preset bits 
This allows holding the bits without cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 18:28:20 +09:00
Ophestra
46cd3a28c8 container: remove global msg 
This frees all container instances of side effects.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 06:11:47 +09:00
Ophestra
1b5d20a39b container/dispatcher: stub.Call initialisation helper function 
This keeps composites analysis happy without making the test cases (too) bloated.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-02 04:44:08 +09:00
Ophestra
780e3e5465 container/msg: optionally provide error messages 
This makes handling of fatal errors a lot less squirmy.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-31 11:57:59 +09:00
Ophestra
712cfc06d7 container: wrap container init start errors 
This helps indicate the exact origin and nature of the error. This eliminates generic WrapErr from container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-30 23:44:48 +09:00
Ophestra
9bc8532d56 container/initdev: mount tmpfs on shm for ro dev 
Programs expect /dev/shm to be a writable tmpfs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 03:27:07 +09:00
Ophestra
141a18999f container: move integration test helpers 
With the new instrumentation it is now possible to run init code outside integration tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 22:07:19 +09:00
Ophestra
f35733810e container: check output helper functions 
The container test suite has always been somewhat inadequate due to the inability of coverage tooling to reach into containers. This has become an excuse for not testing non-container code as well, which lead to the general lack of confidence when working with container code. This change aims to be one of many to address that to some extent.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 02:59:37 +09:00
Ophestra
e99d7affb0 container: use absolute for pathname 
This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-11 04:56:42 +09:00
Ophestra
02271583fb container: remove PATH lookup behaviour 
This is way higher level than the container package and does not even work unless every path is mounted in the exact same location.

This behaviour causes nothing but confusion and problems,

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 19:08:54 +09:00
Ophestra
acffa76812 container/ops: implement overlay op 
There are significant limitations to using the overlay mount, and the implementation in the kernel is quite quirky. For now the Op is quite robust, however a higher level interface for it has not been decided yet.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 01:54:48 +09:00
Ophestra
534c932906 container: test case runtime initialisation 
This allows for more sophisticated test setup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 01:03:35 +09:00
Ophestra
fee10fed4d container: test bypass output buffer on verbose 
This restores verbose behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 00:57:27 +09:00
Ophestra
fde5f1ca64 container: buffer test output 
This further reduces noise on test failure by only passing through output of the failed test.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-07 02:55:58 +09:00
Ophestra
4d0bdd84b5 container: test respect verbose flag 
This reduces noise on test failure.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-07 02:50:00 +09:00
Ophestra
38245559dc container/ops: mount dev readonly 
There is usually no good reason to write to /dev. This however doesn't work in internal/app because FilesystemConfig supplied by ContainerConfig might add entries to /dev, so internal/app follows DevWritable with Remount instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 19:18:53 +09:00
Ophestra
7b416d47dc container/ops: merge mqueue and dev Ops 
There is no reason to mount mqueue anywhere else, and these Ops usually follow each other. This change merges them. This helps decrease IPC overhead and also enables mounting dev readonly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 19:13:46 +09:00
Ophestra
347a79df72 container: improve clone flags readability 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-02 18:19:44 +09:00
Ophestra
c5d24979f5 container/ops: expose remount as Op 
This is useful for building a filesystem hierarchy then remounting it readonly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-01 23:48:02 +09:00
Ophestra
547a2adaa4 container/mount: pass tmpfs flags 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-01 18:59:06 +09:00
Ophestra
d6b07f12ff container: forward context cancellation 
This allows container processes to exit gracefully.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-28 01:45:38 +09:00
Ophestra
65fe09caf9 container: check cancel signal delivery 
This change also makes some parts of the test more robust.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-28 01:04:29 +09:00
Ophestra
bd3fa53a55 container: access test case by index in helper 
This is more elegant and allows for much easier extension of the tests. Mountinfo is still serialised however due to libPaths nondeterminism.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-26 18:59:19 +09:00
Ophestra
e71ae3b8c5 container: remove custom cmd initialisation 
This part of the interface is very unintuitive and only used for testing, even in testing it is inelegant and can be done better.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-25 00:45:10 +09:00
Ophestra
d2f9a9b83b treewide: migrate to hakurei.app 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-03 03:30:39 +09:00