kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
457 Commits 2 Branches 14 Tags
be7d944b39ed2e6a674c64c39c0f0f093d4d3097
Commit Graph

27 Commits

Author SHA1 Message Date
cat be7d944b39 helper/bwrap: PositionalArg implement fmt.Stringer 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 00:11:48 +09:00
cat ace97952cc helper/bwrap: merge Args and FDArgs 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:13:06 +09:00
cat 88040504b2 helper/bwrap: remove fmsg import 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:05:00 +09:00
cat fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
cat e14923ae53 helper/proc: move package out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-08 13:03:45 +09:00
cat 7b96cd6ded helper/seccomp: do not call F_println if not verbose 
This (slightly) improves performance.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 13:19:38 +09:00
cat 163f15e93f helper/seccomp: separate seccomp package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:59:11 +09:00
cat 37780456a7 helper: block more unusual/privileged syscalls 
These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:35:47 +09:00
cat 9a239fa1a5 helper/bwrap: integrate seccomp into helper interface 
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 01:52:57 +09:00
cat 2f70506865 helper/bwrap: move sync to helper state 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-19 18:38:13 +09:00
cat 3e11ce6868 helper/bwrap: separate sequential/static args 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 13:07:06 +09:00
cat 7d99e45b88 helper/bwrap: register OverlayConfig with gob 
This is required for copying bwrap configurations across processes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-14 12:25:10 +09:00
cat e2489059c1 helper/bwrap: implement overlayfs builder 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-05 20:09:35 +09:00
cat 2e3f6a4c51 helper/bwrap: move test out of bwrap package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-05 19:45:24 +09:00
cat 2162029f46 helper/bwrap: add json struct tag to filesystem 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-05 19:41:04 +09:00
cat aef847b5ae helper/bwrap: fix typo in --dir config builder 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 15:34:43 +09:00
cat 8d0573405a helper/bwrap: implement sync fd 
This is required by wayland security-context-v1.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:21:37 +09:00
cat 050ffceb27 helper/bwrap: register generic PermConfig types with gob 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-25 13:26:01 +09:00
cat 184a5f29fa helper/bwrap: add fortify permissive default test case 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-15 02:56:13 +09:00
cat 3015266e5a helper/bwrap: sort SetEnv arguments 
This guarantees consistency of resulting args.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-15 02:55:48 +09:00
cat 2faf510146 helper/bwrap: ordered filesystem args 
The argument builder was written based on the incorrect assumption that bwrap arguments are unordered. The argument builder is replaced in this commit to correct that mistake.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-15 02:15:55 +09:00
cat a0db19b9ad helper/bwrap: format mode in octal 
Bubblewrap expects an octal representation of mode.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-14 13:47:50 +09:00
cat aee96b0fdf helper/bwrap: allow pushing generic arguments to the end of argument stream 
Bwrap argument order determines the order their corresponding actions are performed. This allows generic arguments like tmpfs to the end of the stream to override bind mounts.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-13 02:26:01 +09:00
cat 713872a5cd helper/bwrap: move interfaceArgs before stringArgs 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-11 04:12:47 +09:00
cat 101e49a48b helper/bwrap: proc, dev and mqueue as string arguments 
These flags do not support --chmod.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-11 01:30:11 +09:00
cat b99ed94386 helper/bwrap: pass --unshare-user when unshare everything 
Bubblewrap apparently requires --unshare-user even when --unshare-all is set to apply --disable-userns. This behaviour is not clearly documented.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 00:22:48 +09:00
cat 6a2802cf30 helper: move bwrap into helper 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 14:40:35 +09:00