hakurei

Author	SHA1	Message	Date
cat	9d932d1039	release: 0.2.1 Signed-off-by: Ophestra <cat@gensokyo.uk> v0.2.1	2025-08-26 03:33:45 +09:00
cat	9bc8532d56	container/initdev: mount tmpfs on shm for ro dev Programs expect /dev/shm to be a writable tmpfs. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-26 03:27:07 +09:00
cat	07194c74cb	release: 0.2.0 Signed-off-by: Ophestra <cat@gensokyo.uk> v0.2.0	2025-08-26 02:23:59 +09:00
cat	4cf694d2b3	hst: use hsu userid for share path suffix The privileged user is identifier to hakurei through its hsu userid. Using the kernel uid here makes little sense and is a leftover design choice from before hsu was implemented. Closes #7. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-26 02:16:33 +09:00
cat	c9facb746b	hst/config: remove data field, rename dir to home There is no reason to give the home directory special treatment, as this behaviour can be quite confusing. The home directory also does not necessarily require its own mount point, it could be provided by a parent or simply be ephemeral. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-26 00:56:10 +09:00
cat	878b66022e	hst/fsbind: optional ensure source This exposes the BindEnsure flag of BindMountOp. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-26 00:50:23 +09:00
cat	2e0a4795f6	container/initbind: optional ensure host directory This is used for ensuring persistent data directories specific to the container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-26 00:44:45 +09:00
cat	c328b584c0	hst/fslink: improve string representation This shortens the representation of most common use cases and generally improves readability. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 22:52:48 +09:00
cat	9585b35d5b	hst/config: remove symlink field Closes #6. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 22:23:54 +09:00
cat	26cafe3e80	hst/fs: implement link fstype Symlinks do not require special treatment, and doing this allows placing links in order. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 21:57:38 +09:00
cat	125f150784	hst/fs: update doc comments The Type method no longer exists on the interface. Update doc comments to reflect that. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 21:11:39 +09:00
cat	0dcac55a0c	hst/config: remove container etc field This no longer needs special treatment since it can be specified as a generic filesystem entry. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 19:24:33 +09:00
cat	6d202d73b4	hst/fsbind: optional autoetc behaviour This generalises the special field allowing any special behaviour to be matched from target. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 18:38:19 +09:00
cat	1438096339	hst/config: handle filesystem entry targeting root This allows any fstype supported by hst to be directly mounted on sysroot. A special case in internal/app applies the matching entry early and excludes it from path hiding. Closes #5. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 17:52:57 +09:00
cat	059164d4fa	hst/fsbind: optional autoroot behaviour This allows autoroot to be configured via Filesystem. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 17:44:12 +09:00
cat	8db906ee64	container/dispatcher: remove exit stub test log Turns out testing.T does not like being called in defer. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 17:33:35 +09:00
cat	cedfceded5	container/autoroot: remove prefix field This field has been a noop for a long time. Remove it to prevent further confusion. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 03:39:20 +09:00
cat	33d2dcce1b	container/initoverlay: internal bypass sysroot prefix This is for supporting overlay mounts for autoroot. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-25 02:42:22 +09:00
cat	2baa2d7063	container/init: measure init behaviour This used to be entirely done via integration tests, with almost no hope of error injection and coverage profile. These tests significantly increase confidence of future work in this area. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-24 04:52:32 +09:00
cat	0166833431	container/dispatcher: start goroutine in dispatcher This allows instrumentation of calls from goroutine without relying on finalizers. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-23 21:58:40 +09:00
cat	b3da3da525	container/init: avoid multiple lastcap calls This reduces the size of []kexpect in the test suite. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-23 11:09:11 +09:00
cat	1b3902df78	container/dispatcher: instrument each goroutine individually Scheduler nondeterminism cannot be accounted for, so do this instead. There should not be any performance penalty as these calls are optimised out for direct. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-23 11:07:16 +09:00
cat	ea1e3ebae9	container/params: pass fd instead of file The file is very difficult to stub. Pass fd instead as it is the value that is actually useful. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-23 00:16:46 +09:00
cat	1c692bfb79	container/init: call lockOSThread through dispatcher This degrades test performance if not stubbed out. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-22 22:24:14 +09:00
cat	141a18999f	container: move integration test helpers With the new instrumentation it is now possible to run init code outside integration tests. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-22 22:07:19 +09:00
cat	afe23600d2	container/path: use syscall dispatcher This allows path and mount functions to be instrumented. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-22 22:02:21 +09:00
cat	09d2844981	container/init: wrap syscall helper functions This allows tests to stub all kernel behaviour, enabling measurement of all function call arguments and error injection. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-22 19:27:31 +09:00
cat	d500d6e559	system/dbus: share host net ns for abstract Host abstract unix sockets are only accessible when also in the init net ns. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-21 21:55:23 +09:00
cat	5b73316ae0	container/syscall: doc comments from manpages These are pulled straight from the manpages. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-21 00:33:46 +09:00
cat	5d8a2199b6	container/init: op interface valid method Check ops early and eliminate duplicate checks. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-21 00:18:50 +09:00
cat	a1482ecdd0	container/inittmpfs: check path equivalence by value Fixes regression introduced while integrating Absolute. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 20:17:28 +09:00
cat	a07f9ed84c	container/initsymlink: check path equivalence by value Fixes regression introduced while integrating Absolute. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 20:03:02 +09:00
cat	51304b03af	container/initremount: check path equivalence by value Fixes regression introduced while integrating Absolute. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 19:55:51 +09:00
cat	c6397b941f	container/initproc: check path equivalence by value Fixes regression introduced while integrating Absolute. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 19:29:45 +09:00
cat	d65e5f817a	container/initplace: check path equivalence by value Fixes regression introduced while integrating Absolute. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 19:19:27 +09:00
cat	696e593898	container/initoverlay: check path equivalence by value Fixes regression introduced while integrating Absolute. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 17:33:15 +09:00
cat	97ab24feef	container/init: use absolute compare method More checks are also added. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 17:14:36 +09:00
cat	31f0dd36df	absolute: efficient equivalence check method This is more efficient and makes the call site cleaner. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 17:06:38 +09:00
cat	9aec2f46fe	container/initdev: check path equivalence by value Fixes regression introduced while integrating Absolute. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 02:55:45 +09:00
cat	022cc26b2e	container/capability: check CAP_TO_INDEX and CAP_TO_MASK Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 02:45:00 +09:00
cat	b4c018da8f	container/autoetc: do not bypass absolute check This can now be done cleanly via path function wrappers. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 02:37:11 +09:00
cat	66f52407d3	container/initmkdir: check path equivalence by value Fixes regression introduced while integrating Absolute. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 02:32:22 +09:00
cat	e463faf649	container/initbind: check path equivalence by value Same problem as autoroot, never updated the checks after integrating Absolute. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 02:22:04 +09:00
cat	375acb476d	container/autoroot: check host path equivalence by value This will never return true otherwise unless the equivalent paths happen to be interned by the caller. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 02:14:39 +09:00
cat	c81c9a9d75	container/init: split setup ops into individual files This significantly increases readability. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 01:28:31 +09:00
cat	339e4080dc	container/ops: move Op type to init file This helps with the eventual separation of all setup ops into individual files. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 01:11:24 +09:00
cat	e0533aaa68	container/autoroot: filter dentry with empty name This is unreachable, but nice to have just in case. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 01:03:49 +09:00
cat	13c7083bc0	container: ptrace protection via Yama LSM This is only a nice to have feature as the init process has no additional privileges and the monitor process was never reachable anyway. Closes #4. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-20 00:43:55 +09:00
cat	6947ff04e0	system/dbus/proc: host abstract only when not binding The test failure seems to be caused by an unrelated bug in xdg-dbus-proxy. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-19 23:39:14 +09:00
cat	140fe21237	container/params: check setup/receive behaviour Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-18 22:30:34 +09:00

... 21 22 23 24 25 ...

2022 Commits