kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,476 Commits 2 Branches 14 Tags
5992be3dd33f80850583785da3f77f03f761bd77
Commit Graph

224 Commits

Author SHA1 Message Date
cat f869ff95a1 all: apply modernisers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-06-08 14:58:24 +09:00
cat 575ef307ad container: binfmt registration 
This arranges for binfmt entries to be registered for the container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-05-07 15:55:19 +09:00
cat d4144fcf7f container: optionally map uid/gid 0 as init 
Unfortunately required to work around flawed APIs like binfmt_misc.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-05-07 15:15:47 +09:00
cat bad66facbc container: improve capability handling 
This cleans up preserving caps for expansion and correctly sets privileged caps.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-05-07 14:27:28 +09:00
cat 4aba014eac container: abandon response on termination 
This prevents blocking on early failure.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-05-07 00:58:02 +09:00
cat 779ba994ce container: check capability in test helper 
This makes corresponding nixos tests redundant.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-05-06 21:05:54 +09:00
cat 617ee21647 container/init: mount intermediate before early 
This is usable as scratch space during early.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-05-06 00:55:45 +09:00
cat 09d9f766a9 container: optionally suppress init verbosity 
This change also removes verbose output no longer considered useful.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-05-05 19:59:44 +09:00
cat da11b26ec1 container/initoverlay: configure via fsconfig 
This works around the page size limit at the cost of negligible performance regressions.

Closes #34.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-05-04 02:29:56 +09:00
cat 162265b47e container: reject strings larger than a page 
The vfs stores these values in a page obtained via GFP, and silently stops copying once the page is filled. This check prevents confusing behaviour in such cases.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-05-03 17:30:25 +09:00
cat b390640376 internal/landlock: relocate from package container 
This is not possible to use directly, so remove it from the public API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 23:56:45 +09:00
cat ad2c9f36cd container: unexport PR_SET_NO_NEW_PRIVS wrapper 
This is subtle to use correctly. It also does not make sense as part of the container API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 23:45:51 +09:00
cat 0558032c2d container: do not set static deadline 
This usually ends up in the buffer, or completes well before the deadline, however this can still timeout on a very slow system.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 17:00:20 +09:00
cat c61cdc505f internal/params: relocate from package container 
This does not make sense as part of the public API, so make it internal.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 16:37:44 +09:00
cat 062edb3487 container: remove setup pipe helper 
The API forces use of finalizer to close the read end of the setup pipe, which is no longer considered acceptable. Exporting this as part of package container also imposes unnecessary maintenance burden.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 16:05:33 +09:00
cat e4355279a1 all: optionally forbid degrading in tests 
This enables transparently degradable tests to be forced on in environments known to support them.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 15:22:52 +09:00
cat 289fdebead container: transparently degrade landlock in tests 
Explicitly requiring landlock in tests will be supported in a future change.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 15:03:48 +09:00
cat c758e762bd container: skip landlock on hostnet 
This overlaps with net namespace, so can be skipped without degrading security.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 14:36:44 +09:00
cat 9641805ec2 container/init: ignore finished process 
This is not considered an error, if the process finishes while the signal is being delivered.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-05 00:38:33 +09:00
cat 9e63633fbc container: remove test timeouts 
These timeouts are no longer useful, and causes spurious test failures under load.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-03 10:51:37 +09:00
cat a6600be34a all: use filepath 
This makes package check portable, and removes nonportable behaviour from package pkg, pipewire, and system. All other packages remain nonportable due to their nature. No latency increase was observed due to this change on amd64 and arm64 linux.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-30 18:24:53 +09:00
cat 584e302168 internal/netlink: set receive buffer size 
This is done by both systemd sd-device and AOSP ueventd to improve robustness. Rosa OS will still handle ENOBUFS via coldboot but a big buffer should mitigate this as well.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-30 02:14:47 +09:00
cat 50403e9d60 internal/netlink: wrap netpoll via context 
This removes netpoll boilerplate for the most common use case.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-25 15:39:29 +09:00
cat bac583f89e internal/stub: move from container 
This package solves a very specific stubbing use case, in a less than elegant manner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 16:09:14 +09:00
cat 722989c682 fhs: move from container 
This package is not container-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:56:36 +09:00
cat b852402f67 ext: move syscall wrappers from container 
These are generally useful, and none of them are container-specific. Syscalls subtle to use and requiring container-specific setup remains in container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:48:40 +09:00
cat 6d015a949e check: move from container 
This package is not container specific, and widely used across the project.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:39:03 +09:00
cat e9a72490db vfs: move from container 
This package is not container-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:30:30 +09:00
cat 0a12d456ce container: set CLOEXEC via close_range 
This is guarded behind the close_range build tag for now.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 14:19:00 +09:00
cat 1c2d5f6b57 ext: integer limit values 
For portably using C integers without cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 14:09:38 +09:00
cat faea1f4bd6 all: remove deprecated packages 
Closes #24.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:54:56 +09:00
cat cd5959fe5a ext: isolate from container/std 
These are too general to belong in the container package. This targets the v0.4 release to reduce the wrapper maintenance burden.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:39:26 +09:00
cat 08c35ca24f container: use new netlink implementation 
This is adapted from the container netlink implementation and is much more reusable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-16 23:33:52 +09:00
cat 196b200d0f container: expose priority and SCHED_OTHER policy 
The more explicit API removes the arbitrary limit preventing use of SCHED_OTHER (referred to as SCHED_NORMAL in the kernel). This change also exposes priority value to set.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 01:14:03 +09:00
cat 1e8ac5f68e container: use policy name in log message 
This is more helpful than having the user resolve the integer.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-11 20:20:34 +09:00
cat fd515badff container: move scheduler policy constants to std 
This avoids depending on cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-11 20:03:08 +09:00
cat 48cdf8bf85 go: 1.26 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-10 03:29:19 +09:00
cat 19a2737148 container: sched policy string representation 
This also uses priority obtained via sched_get_priority_min, and improves bounds checking.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-09 18:38:31 +09:00
cat ad8f799703 container/std: rename seccomp types 
Aliases will be kept until 0.4.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-28 20:48:30 +09:00
cat c74c269b66 container: use /proc/self/exe directly 
This is a more reliable form of pathname to self and also cheaper than os.Executable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-28 20:44:44 +09:00
cat cd9b534d6b container: improve documentation 
This change removes inconsistencies collected over time in this package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-28 20:18:30 +09:00
cat a6160cd410 container: set scheduling policy 
This is thread-directed so cannot be done externally. The glibc wrapper exposes this behaviour so most multithreaded programs using this is straight up incorrect.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-26 16:29:47 +09:00
cat 88d9a6163e container/initplace: return nil for createTemp error injection 
This matches os package behaviour, and avoids adding the cleanup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-17 14:16:54 +09:00
cat a3e87dd0ef container: ignore uninterpreted source 
These can be set to anything by the distribution.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:39:39 +09:00
cat 90a38c0708 container: strip host-dependent opts in test cases 
This change also improves plumbing for stripping options.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:35:20 +09:00
cat 39cc8caa93 container: add riscv64 constants 
This target is unlikely to become viable any time soon.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:03:47 +09:00
cat bf14a412e4 container: fix host-dependent test cases 
These are not fully controlled by hakurei and may change depending on host configuration.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-31 10:59:56 +09:00
cat dc96302111 internal/rosa: GNU make artifact 
This compiles GNU make from source. This is unfortunately required by many programs, but is a cure dependency only.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-19 00:40:25 +09:00
cat e1e46504a1 container/check: return error backed by string type 
The struct turned out not necessary during initial implementation but was not unwrapped into its single string field. This change replaces it with the underlying string and removes the indirection.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-11 04:23:55 +09:00
cat ec9343ebd6 container/check: intern absolute pathnames 
This improves performance in heavy users like internal/pkg.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-11 04:18:11 +09:00