kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
474 Commits 2 Branches 14 Tags
e599b5583dd821ed26bdfc01f7f67d4a317b9843
Commit Graph

19 Commits

Author SHA1 Message Date
cat e599b5583d fmsg: implement suspend in writer 
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 18:51:53 +09:00
cat cc1efa22e2 fst: add missing fields to template 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 12:09:25 +09:00
cat 9a239fa1a5 helper/bwrap: integrate seccomp into helper interface 
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 01:52:57 +09:00
cat dfcdc5ce20 state: store config in separate gob stream 
This enables early serialisation of config.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-21 12:10:58 +09:00
cat 27f5922d5c fst: include syscall filter configuration 
This value is passed through to shim.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-20 21:12:39 +09:00
cat 562f5ed797 fst: hide sockets exposed via Filesystem 
This is mostly useful for permissive defaults.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 10:13:18 +09:00
cat db03565614 fst: move sandbox struct to separate file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 09:42:44 +09:00
cat a1148edd00 fst/config: allocate filesystem slice 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-04 00:16:41 +09:00
cat 35b7142317 fortify: show system info when instance is not specified 
This contains useful information not obtainable by external tools.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-01 19:35:50 +09:00
cat b9e2003d5b app: ensure extra paths 
The primary use case for extra perms is app-specific state directories, which may or may not exist (first run of any app).

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 14:07:49 +09:00
cat 847b667489 app: extra acl entries from configuration 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 13:23:27 +09:00
cat 85e5b097fd fst/config: add template etc entry 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 12:05:32 +09:00
cat fc26659ea1 fst/config: autoetc read custom path 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 18:57:44 +09:00
cat 2fdbd6a4dd fst/config: alternative /etc directory 
This is useful for static /etc directories provided by self-contained application packages, or in cases where autoetc is useful for paths other than /etc.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 18:06:26 +09:00
cat c67b8ab9ac fst/config: improve correctness of comments 
The meanings of many of these fields have changed since they were added.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 00:45:29 +09:00
cat 7a8b625a57 app: rename /fortify to /.fortify 
Also removed the inner share tmpfs mount.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 18:11:32 +09:00
cat df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
cat 5ea7333431 fst: implement app id parser 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 18:19:47 +09:00
cat 2f676c9d6e fst: rename from fipc 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 15:50:46 +09:00