kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,062 Commits 2 Branches 14 Tags
b80ea91a42c994b1bcb74d8bcecefc150b899136
Commit Graph

2062 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cat ee41b37606 acl: add tests 
These tests test UpdatePerm correctness by parsing getfacl output.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-16 16:00:31 +09:00
cat e3f1d7ba60 release: 0.2.2 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-07 21:47:22 +09:00
cat 39e3ac3ccd nix: require /etc/userdb nix-daemon 
There seems to be some kind of credential caching in nix-daemon.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-07 21:07:57 +09:00
cat 33c95b80ca cmd/fuserdb: rename home directories 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-07 20:23:46 +09:00
cat 40cc8a68d1 nix: rename home directories 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-07 20:15:37 +09:00
cat f773c92411 system: prevent duplicate Wayland op 
Wayland is implemented as an Op to enforce dependency and cleanup, its implementation does not allow multiple instances on a single sys object, nor would doing that make any sense.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-07 19:45:37 +09:00
cat 16ab734fcd update README document 
A lot of this information is no longer true since fsu. Remove them for now and write up proper documentation later.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 17:04:36 +09:00
cat cc816a1aaa proc: cleaner extra files 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 16:05:04 +09:00
cat b3ef53b193 app: integrate security-context-v1 
Should be able to get rid of XDG_RUNTIME_DIR share after this.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:25:33 +09:00
cat 8d0573405a helper/bwrap: implement sync fd 
This is required by wayland security-context-v1.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:21:37 +09:00
cat 38e92edb8e system/wayland: integrate security-context-v1 
Had to pass the sync fd through sys. The rest are just part of a standard Op.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:20:15 +09:00
cat 2d606b1f4b wl: implement security-context-v1 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:15:13 +09:00
cat 1b5b089c78 fortify: rename --dbus-id to --id 
This value is no longer specific to D-Bus defaults.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 03:26:09 +09:00
cat 6b8ddca7b4 nix: track nixos stable 24.11 
Reduce rebuilds during development on my system.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 00:44:04 +09:00
cat 95668ac998 nix: expose no_new_session in module 
Useful for shells and terminal programs like chat clients.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-28 00:19:06 +09:00
cat b291f0b710 app: add nixos-based config test case 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-21 12:13:21 +09:00
cat 3a20b149ce update README document 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-21 11:22:34 +09:00
cat 30b8bce90a fortify: zsh completion 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-20 01:25:19 +09:00
cat de0d78daae release: 0.2.1 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 21:03:50 +09:00
cat 6bf33ce507 fortify: use resolved username 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 21:03:09 +09:00
cat 9faf3b3596 app: validate username 
This value is used for passwd generation. Bad input can cause very confusing issues. This is not a security issue, however validation will improve user experience.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 21:01:41 +09:00
cat d99c8b1fb4 release: 0.2.0 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 18:15:09 +09:00
cat 6e4870775f update README document 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 18:14:06 +09:00
cat 0a546885e3 nix: update options doc 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 18:12:35 +09:00
cat 653d69da0a nix: module descriptions 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 18:10:57 +09:00
cat f8256137ae nix: separate module options from implementation 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 17:08:22 +09:00
cat 54b47b0315 nix: copy pixmaps directory to share package 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 14:46:08 +09:00
cat ae2628e57a cmd/fshim/ipc: install signal handler on shim start 
Getting killed at this point will result in inconsistent state.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 13:33:46 +09:00
cat c026a4b5dc fortify: permissive defaults resolve home directory from os 
When starting with the permissive defaults "run" command, attempt to resolve home directory from os by default and fall back to /var/empty.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 13:01:07 +09:00
cat 748a0ae2c8 nix: wrap program from libexec 
This avoids renaming the fortify binary.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 12:58:47 +09:00
cat 8f3f0c7bbf nix: integrate dynamic users 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 02:49:48 +09:00
cat 05b7dbf066 app: alternative inner home path 
Support binding home to an alternative path in the mount namespace.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 00:18:21 +09:00
cat 866270ff05 fmsg: add to wg prior to enqueue 
Adding after channel write is racy.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 23:50:02 +09:00
cat c1fad649e8 app/start: check for cleanup and abort condition 
Dirty fix. Will rewrite after fsu integration complete.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 23:41:52 +09:00
cat b5f01ef20b app: append # for ChangeHosts message with numerical uid 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 23:40:37 +09:00
cat 2e23cef7bb cmd/fuserdb: generate group entries 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 23:31:06 +09:00
cat 6a6d30af1f cmd/fuserdb: systemd userdb drop-in entries generator 
This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 02:16:02 +09:00
cat df33123bd7 app: integrate fsu 
This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-16 21:19:45 +09:00
cat 1a09b55bd4 nix: remove portal paths from default 
Despite presenting itself as a generic desktop integration interface, xdg-desktop portal is highly flatpak-centric and only supports flatpak and snap in practice. It is a significant attack surface to begin with as it is a privileged process which accepts input from unprivileged processes, and the lack of support for anything other than fortify also introduces various information leaks when exposed to fortify as it treats fortified programs as unsandboxed, privileged programs in many cases.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-10 22:24:17 +09:00
cat 9a13b311ac app/config: rename map_real_uid from use_real_uid 
This option only changes mapped uid in the user namespace.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-09 12:01:34 +09:00
cat 45fead18c3 cmd/fshim: set no_new_privs flag 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-09 11:50:56 +09:00
cat 431aa32291 nix: remove absolute Exec paths 
Absolute paths set for Exec causes the program to be launched as the privileged user.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-08 02:05:47 +09:00
cat 3962705126 nix: keep fshim and finit names 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 14:59:28 +09:00
cat ad80be721b nix: improve start script 
Zsh store path in shebang. Replace writeShellScript with writeScript since runtimeShell is not overridable.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 14:09:41 +09:00
cat f831948bca release: 0.1.0 
This release significantly changes the command line interface, and updates the NixOS module to finally produce meaningful sandbox configuration.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 04:37:43 +09:00
cat 2e31b3d3a1 update README document 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 04:35:52 +09:00
cat 4d90e73366 nix: generate strict sandbox configuration 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 04:25:15 +09:00
cat 3dfc1fcd56 app: support full /dev access 
Also moved /dev/fortify to /fortify since it is impossible to create new directories in /dev from the init namespace and bind mounting its contents has undesirable side effects.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 03:49:39 +09:00
cat 89bafd0c22 fortify: root check before command handling 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-05 12:57:03 +09:00
cat 861bb1274f fortify: override default usage function 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-05 00:12:31 +09:00