kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
614 Commits 2 Branches 14 Tags
44277dc0f1fd1806f5ceea34246a4c805a06b61b
Commit Graph

50 Commits

Author SHA1 Message Date
cat 44277dc0f1 dbus: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 00:13:14 +09:00
cat 273d97af85 ldd: lib paths resolve function 
This is what always happens right after a ldd call, so implement it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 01:20:09 +09:00
cat 6e7ddb2d2e helper: eliminate commandContext replacement 
This is done more cleanly by modifying Args in cmdF.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 00:01:25 +09:00
cat 10a21ce3ef helper: expose extra files to direct 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 02:27:40 +09:00
cat f9bf20a3c7 helper: rearrange initialisation args 
This improves consistency across two different helper implementations.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 01:06:31 +09:00
cat f443d315ad helper: clean up interface 
The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 00:27:44 +09:00
cat 7c60a4d8e8 helper: embed context on creation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 18:30:22 +09:00
cat 39dc8e7bd8 dbus: set process group id 
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 18:12:41 +09:00
cat 73146ea7fa dbus: remove BwrapStatic method 
This method does not do anything and is not called from anywhere. It also does not make any sense as a public interface since the argument builder is no longer stateless.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:09:59 +09:00
cat fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
cat 72fb13dccc dbus: lock for read in public args interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:42:29 +09:00
cat 8c51012ef5 dbus: enable syscall filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 11:49:23 +09:00
cat 9a239fa1a5 helper/bwrap: integrate seccomp into helper interface 
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 01:52:57 +09:00
cat 2f70506865 helper/bwrap: move sync to helper state 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-19 18:38:13 +09:00
cat 1651eb06df dbus: implement dbus_parse_address 
This parses D-Bus addresses according to spec. It does significantly fewer copies than dbus_parse_address.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-12 23:24:03 +09:00
cat ac543a1ce8 dbus: rename makeTestCases 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-12 23:21:28 +09:00
cat c4d6651cae update reverse-DNS style identifiers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-31 16:16:38 +09:00
cat dc579dc610 dbus/run: bind ldd entry absolute name 
The ld.so entry has an absolute name. They are usually symlinks so binding path does not guarantee ld.so availability under its expected path in the mount namespace.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:36:03 +09:00
cat 614ad86a5b dbus: fail on LookPath error 
An absolute path to xdg-dbus-proxy is required.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:08:48 +09:00
cat df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
cat 4b7b899bb3 add package doc comments 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-28 20:57:59 +09:00
cat 65af1684e3 migrate to git.ophivana.moe/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-20 19:50:13 +09:00
cat 33cf0bed54 dbus: various accessors for dbus.Proxy internal fields 
These values are useful during sandbox setup and exporting them makes more sense than storing them twice.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-16 01:27:49 +09:00
cat 2faf510146 helper/bwrap: ordered filesystem args 
The argument builder was written based on the incorrect assumption that bwrap arguments are unordered. The argument builder is replaced in this commit to correct that mistake.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-15 02:15:55 +09:00
cat 0f421644be dbus: improve unsealed behaviour coverage 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-12 00:53:08 +09:00
cat d41b9d2d9c ldd: separate Parse from Exec and trim space 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 23:51:15 +09:00
cat 753c5191b1 dbus/run: support running xdg-dbus-proxy in a restrictive bubblewrap sandbox 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 20:41:42 +09:00
cat 55a5b6f242 dbus: use name resolved by exec.Command 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 16:55:27 +09:00
cat 85407dd3c0 helper: helper.Helper interface 
For upcoming bwrap implementation of helper.Helper

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 15:37:52 +09:00
cat 9647eb6a6b helper: separate pipes from Helper 
Upcoming bwrap helper implementation requires two sets of pipes to be managed, fd will also no longer be constant.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 12:48:20 +09:00
cat d1415305ae dbus: test child process handling behaviour via helper stub 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-29 15:49:32 +09:00
cat 98f9fdb7cc dbus: configurable xdg-dbus-proxy output 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-29 15:27:29 +09:00
cat dc59f20d7b dbus: toggleable xdg-dbus-proxy output 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-29 15:24:54 +09:00
cat 0e7849fac2 dbus: add more test cases 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-28 19:19:31 +09:00
cat 342c66aae8 dbus: replace test suffix * with + 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-28 17:47:15 +09:00
cat cf182d1fbe dbus: seal test error check for correct error returned 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-28 17:00:20 +09:00
cat 1038af98f0 dbus: add tests 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-28 00:06:16 +09:00
cat aa2be18f47 dbus/config: implement file loading functions 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-27 23:53:08 +09:00
cat 84d8c27b5f dbus: return exported error for nil config 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-27 23:52:38 +09:00
cat ee2f5ed6ac dbus/config: remove unused method 
Null checking is replaced by helper/args while string building is no longer required.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-27 12:04:28 +09:00
cat 8492239cba helper/args: simplify argument parsing and eliminate excess memory copies 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-25 14:00:30 +09:00
cat a8b4b3634b dbus: use generalised helper.Helper for xdg-dbus-proxy 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-25 01:17:38 +09:00
cat be83ad838c dbus: assert fmt.Stringer instead of helper.Args on argument seal 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-24 19:37:50 +09:00
cat b722adc4dd dbus: seal as io.WriterTo interface 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-24 18:03:05 +09:00
cat 000607da5f helper: separate helper args fd builder from dbus 
This method of passing arguments is used in bubblewrap as well as other tools, this commit separates the argument builder/writer to the helper package and generalise it as an interface.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-24 16:11:08 +09:00
cat 8223a9ee66 enable filter in README example 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-11 16:35:23 +09:00
cat 20c0e66d8f dbus/config: seal with session and system bus proxy 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-09 21:13:00 +09:00
cat e5918ba3b3 dbus/config: fix builtin defaults 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-09 19:20:37 +09:00
cat 35d040590b dbus/config: document fields and add --call and --broadcast 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-09 13:27:31 +09:00
cat 357cc4ce4d dbus: implement xdg-dbus-proxy wrapper 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-09 03:11:50 +09:00