kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,062 Commits 2 Branches 14 Tags
b80ea91a42c994b1bcb74d8bcecefc150b899136
Commit Graph

2062 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cat 0340c67995 app: port passwd and group files to copy 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:19:06 +09:00
cat 72b0160aad helper/bwrap: implement file copy flags 
These are significantly more efficient and less error-prone than mounting an external tmpfile. This should also reduce attack surface as the resulting files are private to its specific sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:13:15 +09:00
cat ea8d1c07df priv/shim: move /sbin/init setup to app 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:06:10 +09:00
cat a0062d8275 fmsg: resume on exit 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 02:22:09 +09:00
cat 43d2e4f5d7 nix: sway increase resolution 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 02:21:24 +09:00
cat be7d944b39 helper/bwrap: PositionalArg implement fmt.Stringer 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 00:11:48 +09:00
cat ace97952cc helper/bwrap: merge Args and FDArgs 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:13:06 +09:00
cat 73146ea7fa dbus: remove BwrapStatic method 
This method does not do anything and is not called from anywhere. It also does not make any sense as a public interface since the argument builder is no longer stateless.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:09:59 +09:00
cat 88040504b2 helper/bwrap: remove fmsg import 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:05:00 +09:00
cat 1fd571d561 cmd/fsu: check parse behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 16:43:55 +09:00
cat be30e2f11e cmd/fsu: revert offset in error message 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 15:31:39 +09:00
cat aaebb8f3ab fortify: check print behaviour 
These output are supposed to be deterministic, so checking them is a good way to catch regressions.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 14:44:28 +09:00
cat 1f74b636d3 state/join: use Join method when available 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 14:11:02 +09:00
cat e431ab3c24 app: check username length against LOGIN_NAME_MAX 
This limit is arbitrary, but it's good to enforce it anyway.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 12:44:55 +09:00
cat 3fba33687b fortify: print line after ps output 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 12:23:20 +09:00
cat 820f48ef94 release: 0.2.13 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:45:54 +09:00
cat fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
cat 60c2873750 helper/proc: cancel ec on parent ctx 
This allows errors written during a timeout to be received and handled.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:08:28 +09:00
cat d1d20c06fb helper/seccomp: use sync.Once for closeWrite 
This makes the code much cleaner, and eliminates the intermittent ErrInvalid errors.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:49:16 +09:00
cat 1e6a059668 helper/seccomp: benchmark exporter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:37:51 +09:00
cat 318df0f7e1 nix: test syscall filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:01:16 +09:00
cat 58eb8f971d proc/pipe: implement args and stat file 
This is a generic implementation of helper/pipe.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 19:57:24 +09:00
cat 0a1d7c01cd helper/proc: count dispatched errs 
This helps debug implementation errors of [proc.File].

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 19:55:37 +09:00
cat 60ca1c6c55 helper/proc: store file addresses in linked list 
Storing extra files as a slice requires the caller to allocate a large enough slice before initialising any file and never grow the slice.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 17:42:12 +09:00
cat 099da78af5 helper/seccomp: eliminate data race on pfd 
Turns out the doc comment on os.File was lying about its methods being safe for concurrent use. The race detector picked up a data race from concurrent use of Fd and Close.

This change eliminates that by calling Fd in the prepare routine.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 10:40:51 +09:00
cat 18466cfd02 helper/proc: declare generic extra files interface 
Helpers use extra files for various purposes. This provides a generic interface for implementing the fulfillment of these extra files without having to specifically handle them in the process creation code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-11 16:34:47 +09:00
cat e14923ae53 helper/proc: move package out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-08 13:03:45 +09:00
cat 7aff3ead3a nix: vm test remove unnecessary setup 
This step is no longer required as the NixOS module is responsible for home directory creation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 22:29:56 +09:00
cat 72fb13dccc dbus: lock for read in public args interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:42:29 +09:00
cat a48386bd56 system/dbus: dump messages on early fault 
In the current app implementation this gets dumped in the wait method after resuming output. Wait is never called in an early fault condition, so any error messages get lost.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:20:56 +09:00
cat 2e52191404 system/dbus: dump method prints msgbuf 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:16:54 +09:00
cat 568d7758d5 helper/seccomp: panic on invalid closeWrite use 
Returning an error here puts exporter in an invalid state. The caller should guard against this condition instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 12:58:20 +09:00
cat 5b7b3fa9a4 helper/seccomp: implement reader interface via pipe 
This also does not require the libc tmpfile call.

BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-03 19:43:03 +09:00
cat d58fb8c6ee workflows: fix nix store cache 
Prefix does not seem to match correctly, this appears to be a Gitea implementation bug.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-01 21:16:13 +09:00
cat 5808fe61c3 nix: vm test set sway background 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 22:28:04 +09:00
cat f338d3bb4b nix: update flake lock 2025-01-25 19:46:33 +09:00
cat 8d04dd72f1 nix: mount nvidia devices 
These non-standard paths are required in the sandbox for nvidia drivers to work.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 18:05:18 +09:00
cat 21735a8abe release: 0.2.12 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 13:40:48 +09:00
cat 34272672b1 nix: verify silent output when not running with -v 
This checks behaviour of fmsg and seccomp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 13:38:18 +09:00
cat 7b96cd6ded helper/seccomp: do not call F_println if not verbose 
This (slightly) improves performance.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 13:19:38 +09:00
cat 163f15e93f helper/seccomp: separate seccomp package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:59:11 +09:00
cat 016da20443 nix: expose compat flag in nixos module 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:42:48 +09:00
cat 37780456a7 helper: block more unusual/privileged syscalls 
These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:35:47 +09:00
cat efacaa40fa nix: set deny_devel correctly 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-24 00:50:35 +09:00
cat ad6d0ee55f workflows: rename integration test artifact 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-24 00:30:39 +09:00
cat cf791469d8 workflows: gc store and purge old caches 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-24 00:25:57 +09:00
cat be14421775 workflows: merge test build job into test 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-24 00:22:44 +09:00
cat 045983d7f4 wl: separate inline C 
Having a huge blurb of inline C hurts readability on web pages and some text editors.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 22:06:29 +09:00
cat 7106b00968 release: 0.2.11 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 20:49:49 +09:00
cat 96d5d8a396 nix: apply shared home config to reserved aid 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 20:48:04 +09:00