kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,464 Commits 2 Branches 14 Tags
9344f694c7d8ec02f118bffa6f556f5b1cc7395c
Commit Graph

2464 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cat 0c5409aec7 sandbox/seccomp: native rule type alias 
This makes it easier to keep API stable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 00:00:08 +09:00
cat 1a8840bebc sandbox/seccomp: resolve rules natively 
This enables loading syscall filter policies from external cross-platform config files.

This also removes a significant amount of C code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-01 22:11:32 +09:00
cat 1fb453dffe sandbox/seccomp: extra constants 
These all resolve to pseudo syscall numbers in libseccomp, but are necessary anyway for other platforms.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-01 20:15:42 +09:00
cat e03d702d08 sandbox/seccomp: implement syscall lookup 
This uses the Go map and is verified against libseccomp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-01 00:35:27 +09:00
cat 241dc964a6 sandbox/seccomp: wire extra syscall 
These values are only useful for libseccomp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-01 00:32:08 +09:00
cat 8ef71e14d5 sandbox/seccomp: emit syscall constants 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-30 20:34:33 +09:00
cat 972f4006f0 treewide: switch to hakurei.app 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-26 04:01:02 +09:00
cat 9a8a047908 sandbox/seccomp: syscall name lookup table 
The script is from Go source of same name. The result is checked against libseccomp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-26 03:49:07 +09:00
cat 863bf69ad3 treewide: reapply clang-format 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 23:43:42 +09:00
cat 0e957cc9c1 release: 0.0.2 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 21:11:11 +09:00
cat aa454b158f cmd/planterette: remove hsu special case 
Remove special case and invoke hakurei out of process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 20:50:24 +09:00
cat 7007bd6a1c workflows: port release workflow to github 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 20:17:53 +09:00
cat 00efc95ee7 workflows: port test workflow to github 
This is a much less useful port of the test workflow and runs much slower due to runner limitations.

Still better than nothing though.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 19:37:45 +09:00
cat b380bb248c release: 0.0.1 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 05:05:06 +09:00
cat 87e008d56d treewide: rename to hakurei 
Fortify makes little sense for a container tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 04:57:41 +09:00
cat 3992073212 dist: move comp to dist 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-18 17:01:16 +09:00
cat ef80b19f2f treewide: switch to clang-format 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-18 13:45:34 +09:00
cat 717771ae80 app: share runtime dir 
This allows apps with the same identity to access the same runtime dir.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-08 03:24:48 +09:00
cat bf5772bd8a nix: deduplicate home-manager merging 
This becomes a problem when extraHomeConfig defines nixos module options.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-08 01:12:18 +09:00
cat 9a7c81a44e nix: go generate in src derivation 
This saves the generated files in the nix store and exposes them for use by external tools.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-07 03:10:36 +09:00
cat b7e991de5b nix: update flake lock 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-05 04:05:39 +09:00
cat 6c1205106d release: 0.4.1 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-05-26 02:55:19 +09:00
cat 2ffca6984a nix: use reverse-DNS style id as unique identifier 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-05-25 20:12:30 +09:00
cat dde2516304 dbus: handle bizarre dbus proxy behaviour 
There is a strange behaviour in xdg-dbus-proxy where if any interface string when stripped of a single ".*" suffix does not contain a '.' byte anywhere, the program will exit with code 1 without any output. This checks for such conditions to make the failure less confusing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-05-25 19:50:06 +09:00
cat f30a439bcd nix: improve common usability 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-05-16 04:40:12 +09:00
cat 008e9e7fc5 nix: update flake lock 2025-05-07 21:35:37 +09:00
cat 23aefcd759 fortify: update help strings 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-05-07 19:06:36 +09:00
cat cb8b886446 nix: update flake lock 2025-04-22 22:23:21 +09:00
cat 5979d8b1e0 dbus: clean up wrapper implementation 
The dbus proxy wrapper haven't been updated much ever since the helper interface was introduced.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-16 23:35:17 +09:00
cat e587112e63 test: check xdg-dbus-proxy termination 
This process runs outside the application container's pid namespace, so it is a good idea to check whether its lifecycle becomes decoupled from the application.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-15 20:45:31 +09:00
cat d6cf736abf release: 0.4.0 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-13 11:10:45 +09:00
cat 15011c4173 app/instance/common: optimise ops allocation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-13 03:49:07 +09:00
cat 31b7ddd122 fst: improve config 
The config struct more or less "grew" to what it is today. This change moves things around to make more sense and fixes nonsensical comments describing obsolete behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-13 03:30:19 +09:00
cat c460892cbd fst: check template 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-12 18:00:25 +09:00
cat 6309469e93 app/instance: wrap internal implementation 
This reduces the scope of the fst package, which was growing questionably large.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-12 13:56:41 +09:00
cat 0d7c1a9a43 app: rename app implementation package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-12 10:54:24 +09:00
cat ae6f5ede19 fst: mount passthrough /dev writable 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-11 20:01:54 +09:00
cat 807d511c8b test/sandbox: check device outcome 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-11 19:55:16 +09:00
cat 2f4f21fb18 fst: rename device field 
Dev is very ambiguous. Rename it here alongside upcoming config changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-11 19:32:15 +09:00
cat 9967909460 sandbox: relative autoetc links 
This allows nested containers to use autoetc, and increases compatibility with other implementations.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-11 18:54:00 +09:00
cat c806f43881 sandbox: implement autoetc as setup op 
This significantly reduces setup op count and the readdir call now happens in the context of the init process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-10 18:54:25 +09:00
cat 584405f7cc sandbox/seccomp: rename flag type and constants 
The names are ambiguous. Rename them to make more sense.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-08 01:59:45 +09:00
cat 50127ed5f9 fortify: print synthesised id in ps 
This is not the full synthesised id so it does not get too long.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 21:55:07 +09:00
cat b5eff27c40 fortify: check fst id string length 
This should never be a problem, however in case it happens printing a warning message is better than relying on the runtime to panic.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 21:39:46 +09:00
cat 74ba183256 app: install seccomp filter to shim 
This does not necessarily reduce attack surface but does not affect functionality or introduce any side effects, so is nice to have.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 04:13:08 +09:00
cat f885dede9b sandbox/seccomp: unexport println wrapper 
This is an implementation detail that was exported for the bwrap argument builder. The removal of that package allows it to be unexported.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 04:07:20 +09:00
cat e9a7cd526f app: improve shim process management 
This ensures a signal gets delivered to the process instead of relying on parent death behaviour.

SIGCONT was chosen as it is the only signal an unprivileged process is allowed to send to processes with different credentials.

A custom signal handler is installed because the Go runtime does not expose signal information other than which signal was received, and shim must check pid to ensure reasonable behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 03:55:17 +09:00
cat 12be7bc78e release: 0.3.3 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-01 01:42:10 +09:00
cat 0ba8be659f sandbox: document less obvious parts of setup 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-01 01:21:04 +09:00
cat 022242a84a app: wayland socket in process share 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-01 00:53:04 +09:00