kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
1,864 Commits 4 Branches 14 Tags
bac583f89edd1360150143ff51f7264c01aa69ec
Commit Graph

201 Commits

Author SHA1 Message Date
Ophestra
bac583f89e internal/stub: move from container 
This package solves a very specific stubbing use case, in a less than elegant manner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 16:09:14 +09:00
Ophestra
722989c682 fhs: move from container 
This package is not container-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:56:36 +09:00
Ophestra
b852402f67 ext: move syscall wrappers from container 
These are generally useful, and none of them are container-specific. Syscalls subtle to use and requiring container-specific setup remains in container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:48:40 +09:00
Ophestra
6d015a949e check: move from container 
This package is not container specific, and widely used across the project.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:39:03 +09:00
Ophestra
e9a72490db vfs: move from container 
This package is not container-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:30:30 +09:00
Ophestra
0a12d456ce container: set CLOEXEC via close_range 
This is guarded behind the close_range build tag for now.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 14:19:00 +09:00
Ophestra
1c2d5f6b57 ext: integer limit values 
For portably using C integers without cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 14:09:38 +09:00
Ophestra
faea1f4bd6 all: remove deprecated packages 
Closes #24.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:54:56 +09:00
Ophestra
cd5959fe5a ext: isolate from container/std 
These are too general to belong in the container package. This targets the v0.4 release to reduce the wrapper maintenance burden.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:39:26 +09:00
Ophestra
08c35ca24f container: use new netlink implementation 
This is adapted from the container netlink implementation and is much more reusable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-16 23:33:52 +09:00
Ophestra
196b200d0f container: expose priority and SCHED_OTHER policy 
The more explicit API removes the arbitrary limit preventing use of SCHED_OTHER (referred to as SCHED_NORMAL in the kernel). This change also exposes priority value to set.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 01:14:03 +09:00
Ophestra
1e8ac5f68e container: use policy name in log message 
This is more helpful than having the user resolve the integer.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-11 20:20:34 +09:00
Ophestra
fd515badff container: move scheduler policy constants to std 
This avoids depending on cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-11 20:03:08 +09:00
Ophestra
48cdf8bf85 go: 1.26 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-10 03:29:19 +09:00
Ophestra
19a2737148 container: sched policy string representation 
This also uses priority obtained via sched_get_priority_min, and improves bounds checking.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-09 18:38:31 +09:00
Ophestra
ad8f799703 container/std: rename seccomp types 
Aliases will be kept until 0.4.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-28 20:48:30 +09:00
Ophestra
c74c269b66 container: use /proc/self/exe directly 
This is a more reliable form of pathname to self and also cheaper than os.Executable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-28 20:44:44 +09:00
Ophestra
cd9b534d6b container: improve documentation 
This change removes inconsistencies collected over time in this package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-28 20:18:30 +09:00
Ophestra
a6160cd410 container: set scheduling policy 
This is thread-directed so cannot be done externally. The glibc wrapper exposes this behaviour so most multithreaded programs using this is straight up incorrect.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-26 16:29:47 +09:00
Ophestra
88d9a6163e container/initplace: return nil for createTemp error injection 
This matches os package behaviour, and avoids adding the cleanup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-17 14:16:54 +09:00
Ophestra
a3e87dd0ef container: ignore uninterpreted source 
These can be set to anything by the distribution.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:39:39 +09:00
Ophestra
90a38c0708 container: strip host-dependent opts in test cases 
This change also improves plumbing for stripping options.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:35:20 +09:00
Ophestra
39cc8caa93 container: add riscv64 constants 
This target is unlikely to become viable any time soon.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:03:47 +09:00
Ophestra
bf14a412e4 container: fix host-dependent test cases 
These are not fully controlled by hakurei and may change depending on host configuration.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-31 10:59:56 +09:00
Ophestra
dc96302111 internal/rosa: GNU make artifact 
This compiles GNU make from source. This is unfortunately required by many programs, but is a cure dependency only.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-19 00:40:25 +09:00
Ophestra
e1e46504a1 container/check: return error backed by string type 
The struct turned out not necessary during initial implementation but was not unwrapped into its single string field. This change replaces it with the underlying string and removes the indirection.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-11 04:23:55 +09:00
Ophestra
ec9343ebd6 container/check: intern absolute pathnames 
This improves performance in heavy users like internal/pkg.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-11 04:18:11 +09:00
Ophestra
2494ede106 container/init: configure interface lo 
This enables loopback networking when owning the net namespace.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-11 03:36:20 +09:00
Ophestra
3d720ada92 container: optionally allow orphan 
This is required for the typical daemonise use case.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-27 09:12:02 +09:00
Ophestra
fae910a1ad container: sync stubbed wait4 loop after notify 
This ensures consistent state observed by wait4 loop when running against stub.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-14 10:22:48 +09:00
Ophestra
a3fd05765e container: load initial process started before syscall 
This avoids a race between returning from syscall and checking the state.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-09 08:12:22 +09:00
Ophestra
e9fb1d7be5 container/initdaemon: copy wstatus from wait4 loop 
Due to the special nature of the init process, direct use of wait outside the wait4 loop is racy. This change copies the wstatus from wait4 loop state instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:58:42 +09:00
Ophestra
dafe9f8efc container: spin instead of block on wait4 ECHILD 
Blocking prevents further wait4 processing causing ops to never receive their signals.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:56:13 +09:00
Ophestra
96dd7abd80 container: improve error message fallback 
This now falls back to message.Error if no other concrete type is matched.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:45:54 +09:00
Ophestra
462863e290 container: friendlier error message for op timing out 
This includes the string for the failing op which helps with troubleshooting.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:19:03 +09:00
Ophestra
791a1dfa55 container: make wait4 loop available to ops 
Due to the special nature of the init process, regular wait calls are unavailable. This change provides infrastructure to access wait4 loop state from Op.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 21:43:49 +09:00
Ophestra
357cfcddee container: start daemons within container 
This is useful for daemons internal to the container. The only current use case is pipewire-pulse.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 07:21:04 +09:00
Ophestra
6bf245cf1b container: pass context as setup state 
This is useful currently for daemon Op, but could be used for many other things.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 06:06:19 +09:00
Ophestra
5785714b64 container: call op method right before initial process 
This is at a point considered to be already "within" the container. Daemons internal to the container can be started here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 04:57:24 +09:00
Ophestra
b73a789dfe .clang-format: increase indent width 
This significantly increases readability. This patch is pretty big so it is being done after mostly everything has settled.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-16 20:57:29 +09:00
Ophestra
41b49137a8 .clang-format: do not limit line length 
This hard limit destroys readability in some places.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-15 17:06:43 +09:00
Ophestra
47244daefb treewide: migrate ldd callers 
This discontinues use of the deprecated ldd.Exec function for #25.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 21:59:59 +09:00
Ophestra
299685775a container: provide usage example 
This requires cgo so unfortunately will not run in the playground.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 18:25:22 +09:00
Ophestra
6d14bb814f container/fhs: add constant for /dev/shm/ 
This is mounted for the default read-only /dev/ when programs want to use shm_open(3). Defining it here is less error-prone and saves the extra append at runtime.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 01:03:26 +09:00
Ophestra
abeb67964f treewide: document linkname uses 
These provide justification for each use of linkname. Poorly thought out uses of linkname are removed.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-13 07:14:16 +09:00
Ophestra
ac34635890 container: set FD_CLOEXEC on all open files 
While fd created from this side always has the FD_CLOEXEC flag, the same is not true for files left open by the parent. This change prevents those files from leaking into the container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-12 00:18:29 +09:00
Ophestra
9dec9dbc4b container/init: close setup pipe early 
This prevents leaking the setup pipe.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-11 07:31:58 +09:00
Ophestra
2f74adc8bd container/init: close initial process files on termination 
This closes them during the adopt wait delay. This also keeps them alive.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-10 20:35:59 +09:00
Ophestra
38e9128a8c container/std/seccomp: remove ineffectual typecast 
This is no longer necessary since the return type changed.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-07 05:45:51 +09:00
Ophestra
7ee702a44e container/seccomp/presets: add fields to literals 
This keeps composites analysis happy.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-07 05:11:57 +09:00