kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,476 Commits 2 Branches 14 Tags
5992be3dd33f80850583785da3f77f03f761bd77
Commit Graph

1538 Commits

Author SHA1 Message Date
cat e9a7cd526f app: improve shim process management 
This ensures a signal gets delivered to the process instead of relying on parent death behaviour.

SIGCONT was chosen as it is the only signal an unprivileged process is allowed to send to processes with different credentials.

A custom signal handler is installed because the Go runtime does not expose signal information other than which signal was received, and shim must check pid to ensure reasonable behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 03:55:17 +09:00
cat 022242a84a app: wayland socket in process share 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-01 00:53:04 +09:00
cat 8aeb06f53c app: share path setup on demand 
This removes the unnecessary creation and destruction of share paths when none of the enablements making use of them are set.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-01 00:47:32 +09:00
cat 4036da3b5c fst: optional configured shell path 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-31 21:27:31 +09:00
cat a102178019 sys: update doc comment 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 22:43:17 +09:00
cat e400862a12 state/multi: fix backend cache population race 
This race is never able to happen since no caller concurrently requests the same aid yet.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 22:37:08 +09:00
cat 605d018be2 app/seal: check for '=' in envv 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 18:25:23 +09:00
cat 300571af47 app: pass through $SHELL 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 01:22:40 +09:00
cat 2dd49c437c app: create XDG_RUNTIME_DIR with perm 0700 
Many programs complain about this.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 02:49:37 +09:00
cat c326c3f97d fst/sandbox: do not create /etc in advance 
This is now handled by the setup op. This also gets rid of the hardcoded /etc path.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 20:00:34 +09:00
cat 61dbfeffe7 sandbox/wl: move into sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 05:26:37 +09:00
cat 532feb4bfa app: merge shim into app package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 05:21:47 +09:00
cat ec5e91b8c9 system: optimise string formatting 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 04:42:30 +09:00
cat 5c4058d5ac app: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 01:52:49 +09:00
cat 7c063833e0 internal/sys: wrap getuid/getgid 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 17:10:03 +09:00
cat 24618ab9a1 sandbox: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:55:36 +09:00
cat 9ce4706a07 sandbox: move params setup functions 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:48:32 +09:00
cat 9a1f8e129f sandbox: wrap fmsg interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:44:07 +09:00
cat ee10860357 seccomp: install output atomically 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 01:10:27 +09:00
cat 48feca800f sandbox: check command function pointer 
Setting default CommandContext on initialisation is somewhat of a footgun.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 23:29:14 +09:00
cat 273d97af85 ldd: lib paths resolve function 
This is what always happens right after a ldd call, so implement it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 01:20:09 +09:00
cat 9f5dad1998 sandbox: return on zero length ops 
This dodges potentially confusing behaviour where init fails due to Ops being clobbered during transfer.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 00:32:36 +09:00
cat bac4e67867 sandbox/init: early params nil check 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 04:03:10 +09:00
cat 4230281194 sandbox: return error on doubled start 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 03:30:14 +09:00
cat e64e7608ca sandbox: expose cancel behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 03:04:27 +09:00
cat 10a21ce3ef helper: expose extra files to direct 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 02:27:40 +09:00
cat f9bf20a3c7 helper: rearrange initialisation args 
This improves consistency across two different helper implementations.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 01:06:31 +09:00
cat f443d315ad helper: clean up interface 
The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 00:27:44 +09:00
cat 9e18d1de77 helper/proc: pass extra files and start 
For integration with native container tooling.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 23:23:57 +09:00
cat 2647a71be1 seccomp: move out of helper 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 22:42:40 +09:00
cat 7c60a4d8e8 helper: embed context on creation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 18:30:22 +09:00
cat 4bb5d9780f ldd: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 17:55:55 +09:00
cat f41fd94628 sandbox: write uid/gid map as init 
This avoids PR_SET_DUMPABLE in the parent process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 17:42:22 +09:00
cat 94895bbacb sandbox: invert seccomp ruleset defaults 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 02:38:32 +09:00
cat f332200ca4 sandbox: mount container /dev 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 02:18:44 +09:00
cat 2eff470091 sandbox/mount: pass custom tmpfs name 
The tmpfs driver allows arbitrary fsname.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 02:12:35 +09:00
cat a092b042ab sandbox: pass params to setup ops 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 02:11:38 +09:00
cat e94b09d337 sandbox/mount: fix source flag path 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 02:10:48 +09:00
cat 5d9e669d97 sandbox: separate tmpfs function from op 
This is useful in the implementation of various other ops.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 00:21:20 +09:00
cat f1002157a5 sandbox: separate bind mount function from op 
This is useful in the implementation of various other ops.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 00:16:41 +09:00
cat 4133b555ba internal/app: rename init to init0 
This makes way for the new container init.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-13 21:57:54 +09:00
cat 9b1a60b5c9 sandbox: native container tooling 
This should eventually replace bwrap.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-13 21:36:26 +09:00
cat e048f31baa internal: pull EINTR loop from stdlib 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-13 00:42:38 +09:00
cat 6af8b8859f sandbox: read overflow ids 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-13 00:41:37 +09:00
cat 61e58aa14d helper/proc: expose setup file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-09 17:22:31 +09:00
cat 9e15898c8f internal/prctl: rename prctl wrappers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-07 22:56:35 +09:00
cat 80f9b62d25 app: print comp values early 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 22:27:55 +09:00
cat 673b648bd3 cmd/fpkg: call app in-process 
Wrapping fortify is slow, painful and error-prone. Start apps in-process instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 19:51:44 +09:00
cat 840ceb615a app: handle RunState errors 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 17:36:14 +09:00
cat d050b3de25 app: define errors in a separate file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 17:12:02 +09:00