kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,429 Commits 2 Branches 14 Tags
fbd2329d50a9ef2b15c0a6b62e9aa24635c2662a
Commit Graph

2429 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cat 0d7c1a9a43 app: rename app implementation package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-12 10:54:24 +09:00
cat ae6f5ede19 fst: mount passthrough /dev writable 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-11 20:01:54 +09:00
cat 807d511c8b test/sandbox: check device outcome 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-11 19:55:16 +09:00
cat 2f4f21fb18 fst: rename device field 
Dev is very ambiguous. Rename it here alongside upcoming config changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-11 19:32:15 +09:00
cat 9967909460 sandbox: relative autoetc links 
This allows nested containers to use autoetc, and increases compatibility with other implementations.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-11 18:54:00 +09:00
cat c806f43881 sandbox: implement autoetc as setup op 
This significantly reduces setup op count and the readdir call now happens in the context of the init process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-10 18:54:25 +09:00
cat 584405f7cc sandbox/seccomp: rename flag type and constants 
The names are ambiguous. Rename them to make more sense.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-08 01:59:45 +09:00
cat 50127ed5f9 fortify: print synthesised id in ps 
This is not the full synthesised id so it does not get too long.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 21:55:07 +09:00
cat b5eff27c40 fortify: check fst id string length 
This should never be a problem, however in case it happens printing a warning message is better than relying on the runtime to panic.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 21:39:46 +09:00
cat 74ba183256 app: install seccomp filter to shim 
This does not necessarily reduce attack surface but does not affect functionality or introduce any side effects, so is nice to have.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 04:13:08 +09:00
cat f885dede9b sandbox/seccomp: unexport println wrapper 
This is an implementation detail that was exported for the bwrap argument builder. The removal of that package allows it to be unexported.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 04:07:20 +09:00
cat e9a7cd526f app: improve shim process management 
This ensures a signal gets delivered to the process instead of relying on parent death behaviour.

SIGCONT was chosen as it is the only signal an unprivileged process is allowed to send to processes with different credentials.

A custom signal handler is installed because the Go runtime does not expose signal information other than which signal was received, and shim must check pid to ensure reasonable behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 03:55:17 +09:00
cat 12be7bc78e release: 0.3.3 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-01 01:42:10 +09:00
cat 0ba8be659f sandbox: document less obvious parts of setup 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-01 01:21:04 +09:00
cat 022242a84a app: wayland socket in process share 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-01 00:53:04 +09:00
cat 8aeb06f53c app: share path setup on demand 
This removes the unnecessary creation and destruction of share paths when none of the enablements making use of them are set.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-01 00:47:32 +09:00
cat 4036da3b5c fst: optional configured shell path 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-31 21:27:31 +09:00
cat 986105958c fortify: update show output 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-31 04:54:10 +09:00
cat ecdd4d8202 fortify: clean ps output 
This format never changed ever since it was added. It used to show everything there is in a process state but that is no longer true for a long time. This change cleans it up in favour of `fortify show` displaying extra information.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-31 04:41:08 +09:00
cat bdee0c3921 nix: update flake lock 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-30 23:15:18 +09:00
cat 48f634d046 release: 0.3.2 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-30 23:05:57 +09:00
cat 2a46f5bb12 sandbox/seccomp: update doc comment 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-30 23:00:20 +09:00
cat 7f2c0af5ad fst: set multiarch bit 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-30 22:55:00 +09:00
cat 297b444dfb test: separate app and sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-30 22:09:46 +09:00
cat 89a05909a4 test: move test program to sandbox directory 
This prepares for the separation of app and sandbox tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-30 21:09:16 +09:00
cat f772940768 test/sandbox: treat ESRCH as temporary failure 
This is an ugly fix that makes various assumptions guaranteed to hold true in the testing vm. The test package is filtered by the build system so some ugliness is tolerable here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-30 03:50:59 +09:00
cat 8886c40974 test/sandbox: separate check filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-30 02:15:08 +09:00
cat 8b62e08b44 test: build test program in nixos config 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-29 19:33:17 +09:00
cat 72c59f9229 nix: check share/applications in share package 
This allows share directories without share/applications/ to build correctly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-29 19:28:20 +09:00
cat ff3cfbb437 test/sandbox: check seccomp outcome 
This is as ugly as it is because it has to have CAP_SYS_ADMIN and not be in seccomp mode.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-28 02:24:27 +09:00
cat c13eb70d7d sandbox/seccomp: add fortify default sample 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-28 02:02:02 +09:00
cat 389402f955 test/sandbox/ptrace: generic filter block type 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-28 01:47:24 +09:00
cat 660a2898dc test/sandbox/ptrace: dump seccomp bpf program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-28 01:35:56 +09:00
cat faf59e12c0 test/sandbox: expose test tool 
Some test elements implemented in the test tool might need to run outside the sandbox. This change allows that to happen.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-28 00:08:47 +09:00
cat d97a03c7c6 test/sandbox: separate test tool source 
This improves readability and allows gofmt to format the file.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 23:43:13 +09:00
cat a102178019 sys: update doc comment 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 22:43:17 +09:00
cat e400862a12 state/multi: fix backend cache population race 
This race is never able to happen since no caller concurrently requests the same aid yet.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 22:37:08 +09:00
cat 184e9db2b2 sandbox: support privileged container 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 19:40:19 +09:00
cat 605d018be2 app/seal: check for '=' in envv 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 18:25:23 +09:00
cat 78aaae7ee0 helper/args: copy args on wt creation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 18:22:07 +09:00
cat 5c82f1ed3e helper/stub: output to stdout 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 17:25:10 +09:00
cat f8502c3ece test/sandbox: check environment 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 03:16:33 +09:00
cat 996b42634d test/sandbox: invoke check program directly 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 03:11:50 +09:00
cat 300571af47 app: pass through $SHELL 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 01:22:40 +09:00
cat 32c90ef4e7 nix: pass through exec arguments 
This is useful for when a wrapper script is unnecessary.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 03:04:46 +09:00
cat 2a4e2724a3 release: 0.3.1 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 07:48:50 +09:00
cat d613257841 sandbox/init: clear inheritable set 
Inheritable should not be able to affect anything regardless of its value, due to no_new_privs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 07:46:13 +09:00
cat 18644d90be sandbox: wrap capset syscall 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 07:44:07 +09:00
cat 52fcc48ac1 sandbox/init: drop capabilities 
During development the syscall filter caused me to make an incorrect assumption about SysProcAttr.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 06:32:08 +09:00
cat 8b69bcd215 sandbox: cache kernel.cap_last_cap value 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 06:19:19 +09:00