hakurei

Author	SHA1	Message	Date
cat	82608164f6	container/params: remove confusingly named error Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-09 17:37:46 +09:00
cat	edd6f2cfa9	container: document ambient capabilities Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-08 02:11:55 +09:00
cat	acffa76812	container/ops: implement overlay op There are significant limitations to using the overlay mount, and the implementation in the kernel is quite quirky. For now the Op is quite robust, however a higher level interface for it has not been decided yet. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-08 01:54:48 +09:00
cat	8da76483e6	container/path: fix typo "paths" Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-08 01:32:48 +09:00
cat	534c932906	container: test case runtime initialisation This allows for more sophisticated test setup. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-08 01:03:35 +09:00
cat	fee10fed4d	container: test bypass output buffer on verbose This restores verbose behaviour. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-08 00:57:27 +09:00
cat	a4f7e92e1c	test/interactive: helper scripts for tracing The vm state is discarded often, and it is quite cumbersome to set everything up again when the shell history is gone. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-08 00:56:25 +09:00
cat	f1a53d6116	container: raise CAP_DAC_OVERRIDE This is required for upperdir and workdir checks in overlayfs. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-08 00:43:19 +09:00
cat	b353c3deea	nix: make src overlay writable The lowerdir is in the nix store. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-07 18:07:19 +09:00
cat	fde5f1ca64	container: buffer test output This further reduces noise on test failure by only passing through output of the failed test. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-07 02:55:58 +09:00
cat	4d0bdd84b5	container: test respect verbose flag This reduces noise on test failure. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-07 02:50:00 +09:00
cat	72a931a71a	nix: interactive nixos vm This is useful for quickly spinning up an ephemeral hakurei environment for testing changes or reproducing vm test failures. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-07 02:46:04 +09:00
cat	9a25542c6d	container/init: use mount string constants These literals were missed when the constants were first defined. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-04 04:00:05 +09:00
cat	c6be82bcf9	container/path: fhs path constants This increases readability since this can help disambiguate absolute paths from similarly named path segments. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-03 21:16:45 +09:00
cat	38245559dc	container/ops: mount dev readonly There is usually no good reason to write to /dev. This however doesn't work in internal/app because FilesystemConfig supplied by ContainerConfig might add entries to /dev, so internal/app follows DevWritable with Remount instead. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-03 19:18:53 +09:00
cat	7b416d47dc	container/ops: merge mqueue and dev Ops There is no reason to mount mqueue anywhere else, and these Ops usually follow each other. This change merges them. This helps decrease IPC overhead and also enables mounting dev readonly. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-03 19:13:46 +09:00
cat	15170735ba	container/mount: move tmpfs sysroot prefixing to caller The mountTmpfs helper is a relatively low level function that is not exposed as part of the API. Prefixing sysroot here not only introduces overhead but is also quite error-prone. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-03 18:06:41 +09:00
cat	6a3886e9db	container/op: unexport bind resolved source field This is used for symlink resolution and is only used internally. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-03 17:57:37 +09:00
cat	ff66296378	container/mount: mount data escape helper function For formatting user-supplied path strings into overlayfs mount data. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-03 17:46:14 +09:00
cat	347a79df72	container: improve clone flags readability Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-02 18:19:44 +09:00
cat	0f78864a67	container/mount: export mount string constants This improves code readability and should also be useful for callers choosing to preserve CAP_SYS_ADMIN. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-02 17:20:09 +09:00
cat	b32b1975a8	hst/container: remove cover This was never useful, and is now completely replaced by regular FilesystemConfig being able to mount tmpfs. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-02 00:34:52 +09:00
cat	2b1eaa62f1	update github notice Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-02 00:21:16 +09:00
cat	f13dca184c	release: 0.1.3 Signed-off-by: Ophestra <cat@gensokyo.uk> v0.1.3	2025-08-02 00:02:54 +09:00
cat	3b8a3d3b00	app: remount root readonly This does nothing for security, but should help avoid hiding bugs of programs developed in a hakurei container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 23:56:28 +09:00
cat	c5d24979f5	container/ops: expose remount as Op This is useful for building a filesystem hierarchy then remounting it readonly. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 23:48:02 +09:00
cat	1dc780bca7	container/mount: separate remount from bind Remount turns out to be useful in other places. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 23:32:38 +09:00
cat	ec33061c92	nix: remove nscd cover This is a pd workaround that does nothing in the nixos module. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 22:04:58 +09:00
cat	af0899de96	hst/container: mount tmpfs via magic src string There's often good reason to mount tmpfs in the container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 21:23:52 +09:00
cat	547a2adaa4	container/mount: pass tmpfs flags Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 18:59:06 +09:00
cat	c02948e155	cmd/hakurei: print autoroot configuration Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 04:29:01 +09:00
cat	387b86bcdd	app: integrate container autoroot Doing this instead of mounting directly on / because it's impossible to ensure a parent is available for every path hakurei wants to mount to. This situation is similar to autoetc hence the similar name, however a symlink mirror will not work in this case. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 04:21:54 +09:00
cat	4e85643865	container: implement autoroot as setup op This code is useful beyond just pd behaviour, and implementing it this way also reduces IPC overhead. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 04:04:36 +09:00
cat	987981df73	test/sandbox: check pd behaviour Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 03:27:02 +09:00
cat	f14e7255be	container/ops: use correct flags value in bind string Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 00:54:08 +09:00
cat	a8a79a8664	cmd/hpkg: rename from planterette Planterette is now developed in another repository, so rename this proof of concept to avoid confusion. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-31 23:57:11 +09:00
cat	3ae0cec000	test: increase vm memory This hopefully fixes the intermittent failures. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-31 22:08:01 +09:00
cat	4e518f11d8	container/ops: autoetc implementation to separate file This is not a general purpose setup Op. Separate it so it is easier to find. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-31 19:54:03 +09:00
cat	cb513bb1cd	release: 0.1.2 Signed-off-by: Ophestra <cat@gensokyo.uk> v0.1.2	2025-07-29 03:11:33 +09:00
cat	f7bd28118c	hst: configurable wait delay This is useful for programs that take a long time to clean up. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-29 03:06:49 +09:00
cat	940ee00ffe	container/init: configurable lingering process wait delay Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-29 02:38:17 +09:00
cat	b43d104680	app: integrate interrupt forwarding This significantly increases usability of command line tools running through hakurei. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-29 02:23:06 +09:00
cat	ddf48a6c22	app/shim: implement signal handler outcome in Go This needs to be done from the Go side eventually anyway to integrate the signal forwarding behaviour now supported by the container package. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-28 23:39:30 +09:00
cat	a0f499e30a	app/shim: separate signal handler implementation Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-28 21:52:53 +09:00
cat	d6b07f12ff	container: forward context cancellation This allows container processes to exit gracefully. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-28 01:45:38 +09:00
cat	65fe09caf9	container: check cancel signal delivery This change also makes some parts of the test more robust. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-28 01:04:29 +09:00
cat	a1e5f020f4	container: improve doc comments Putting them on the builder methods is more useful. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-27 12:27:42 +09:00
cat	bd3fa53a55	container: access test case by index in helper This is more elegant and allows for much easier extension of the tests. Mountinfo is still serialised however due to libPaths nondeterminism. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-26 18:59:19 +09:00
cat	625632c593	nix: update flake lock Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-26 18:57:54 +09:00
cat	e71ae3b8c5	container: remove custom cmd initialisation This part of the interface is very unintuitive and only used for testing, even in testing it is inelegant and can be done better. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-25 00:45:10 +09:00

... 31 32 33 34 35 ...

2445 Commits