kat/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity

Commit Graph

  • 584732f80a cmd: shim and init into separate binaries cat 2024-11-02 03:03:44 +09:00
  • 4b7b899bb3 add package doc comments cat 2024-10-28 20:57:59 +09:00
  • 563c39c2d9 release: 0.0.10 cat 2024-10-28 20:38:10 +09:00
  • aa1f96eeeb fsu: check parent executable path cat 2024-10-28 18:52:23 +09:00
  • 431dc095e5 app/start: skip cleanup if shim is nil cat 2024-10-28 14:21:15 +09:00
  • 60e91b9b0f shim: expose checkPid in constructor cat 2024-10-27 23:49:37 +09:00
  • d9cb2a9f2b fsu: implement simple setuid user switcher cat 2024-10-27 23:45:52 +09:00
  • 09feda3783 fortify: exit if seal returns error cat 2024-10-27 23:18:16 +09:00
  • 51e84ba8a5 system/dbus: compare sealed value by string cat 2024-10-27 11:56:20 +09:00
  • 7df9d8d01d system: move sd_booted implementation to os abstraction cat 2024-10-27 12:08:17 +09:00
  • 6d8bcb63f2 release: 0.0.9 cat 2024-10-27 01:25:24 +09:00
  • c7b77d6e5e fmsg: initialise dequeue prior to withhold/resume cat 2024-10-27 01:24:30 +09:00
  • 2f34627d37 release: 0.0.8 cat 2024-10-27 00:49:50 +09:00
  • 1d6ea81205 shim: user switcher process management struct cat 2024-10-27 00:46:15 +09:00
  • ae1a102882 fmsg: support temporarily withholding output cat 2024-10-26 23:09:32 +09:00
  • 093e99d062 app: separate nixos test cases from tests cat 2024-10-25 17:44:29 +09:00
  • ad7e389eee app: test app permissive defaults sealing behaviour cat 2024-10-25 17:12:13 +09:00
  • 5b249e4a66 system: print number of ops completed at point of failure cat 2024-10-25 17:08:21 +09:00
  • 2a348c7f91 system: include more info in ACL Stringer cat 2024-10-25 16:23:22 +09:00
  • eb767e7642 app/start: cleaner command not found message cat 2024-10-25 16:12:18 +09:00
  • 3bfe8dbf5d internal: ReadDir wrapper return fs.DirEntry cat 2024-10-25 14:56:29 +09:00
  • 8fa791a2f8 app/seal: symlink /etc entries in permissive default cat 2024-10-25 13:31:57 +09:00
  • b932ac8260 app/config: support creating symlinks within sandbox cat 2024-10-25 13:29:01 +09:00
  • 050ffceb27 helper/bwrap: register generic PermConfig types with gob cat 2024-10-25 13:26:01 +09:00
  • 31350d74e5 shim: kill shim if setup becomes impossible cat 2024-10-25 13:19:37 +09:00
  • 3b82cc55de internal: use fallback paths when XDG_RUNTIME_DIR is not absolute cat 2024-10-25 12:14:57 +09:00
  • 6bc5be7e5a internal: wrap calls to os standard library functions cat 2024-10-23 21:46:21 +09:00
  • e35c5fe3ed system: sys comparison method cat 2024-10-23 14:15:13 +09:00
  • 20195ece47 system: return sys in queueing methods cat 2024-10-23 12:34:16 +09:00
  • cafed5f234 shim: abort setup on failed start and process exit cat 2024-10-21 21:23:56 +09:00
  • 42e0b168e3 fmsg: produce all output through fmsg cat 2024-10-21 20:47:02 +09:00
  • 380d1f4585 app: move wayland mediation to shim package cat 2024-10-20 22:54:47 +09:00
  • 133f23e0de release: 0.0.7 cat 2024-10-20 19:50:59 +09:00
  • 65af1684e3 migrate to git.ophivana.moe/security/fortify cat 2024-10-20 19:50:13 +09:00
  • cdda33555c update README document cat 2024-10-20 00:24:50 +09:00
  • ad0034b09a app: move app ID to app struct cat 2024-10-20 00:07:48 +09:00
  • 1da845d78b workflows: call apt-get without sudo cat 2024-10-18 22:56:49 +09:00
  • 55bb348d5f state: store launch method instead of launcher path cat 2024-10-18 22:25:09 +09:00
  • ecce832d93 release: 0.0.6 cat 2024-10-18 01:26:42 +09:00
  • 65bd7d18db app/share: fix order to ensure SharePath before any of its subdirectories cat 2024-10-18 01:21:58 +09:00
  • 4ebb98649e release: 0.0.5 cat 2024-10-17 20:48:41 +09:00
  • 919e5b5cd5 init: start timeout only if reaped PID is the initial process cat 2024-10-17 20:46:25 +09:00
  • 40161c5938 nix: remove fortify package from default devShell cat 2024-10-17 20:35:10 +09:00
  • 679e719f9e system: tests for all Op implementations except DBus cat 2024-10-17 20:28:55 +09:00
  • 064db9f020 system/mkdir: type label in String method cat 2024-10-17 16:37:23 +09:00
  • 73a698c7cb ldd: run ldd with read-only filesystem and unshared net cat 2024-10-17 15:37:27 +09:00
  • 57c1b3eda6 system: handle invalid enablement in String method cat 2024-10-17 14:31:13 +09:00
  • 5401882ed0 init: post initial process death exit timeout cat 2024-10-17 02:38:24 +09:00
  • dd78728fb3 workflows: test workflow to run tests every commit cat 2024-10-17 00:18:20 +09:00
  • 354c23dd28 workflows: add lines between steps cat 2024-10-17 00:17:40 +09:00
  • c21168a741 system: move enablements from state package cat 2024-10-16 14:38:57 +09:00
  • 084cd84f36 app: port app to use the system package cat 2024-10-16 01:38:59 +09:00
  • 430f1a5b4e system: isolate app/system into generic implementation cat 2024-10-16 01:31:23 +09:00
  • 0fd63e85e7 fmsg/errors: isolate app/error into a separate package cat 2024-10-16 01:29:44 +09:00
  • 33cf0bed54 dbus: various accessors for dbus.Proxy internal fields cat 2024-10-16 01:27:49 +09:00
  • 689f5bed57 release: 0.0.4 cat 2024-10-15 02:56:49 +09:00
  • 184a5f29fa helper/bwrap: add fortify permissive default test case cat 2024-10-15 02:56:13 +09:00
  • 3015266e5a helper/bwrap: sort SetEnv arguments cat 2024-10-15 02:55:48 +09:00
  • aa5dd2313c app: filter /tmp from permissive default cat 2024-10-15 02:54:50 +09:00
  • 2faf510146 helper/bwrap: ordered filesystem args cat 2024-10-15 02:15:55 +09:00
  • a0db19b9ad helper/bwrap: format mode in octal cat 2024-10-14 13:47:50 +09:00
  • aaed5080f4 fortify: move PR_SET_DUMPABLE to the beginning of main cat 2024-10-14 02:48:37 +09:00
  • 41a7eb567e release: 0.0.3 cat 2024-10-14 02:31:11 +09:00
  • 1302bcede0 init: custom init process inside sandbox cat 2024-10-14 02:27:02 +09:00
  • 315c9b8849 fortify: refuse to run as root cat 2024-10-13 20:06:47 +09:00
  • 3739b56504 shim: update payload comment cat 2024-10-13 17:19:50 +09:00
  • 77f2c320a6 shim: re-exec self on startup cat 2024-10-13 16:56:10 +09:00
  • b470941911 shim: get rid of insane launch condition cat 2024-10-13 12:09:38 +09:00
  • e4536b87ad app: generate and replace passwd and group files cat 2024-10-13 02:43:00 +09:00
  • 65a5f8fb08 app/config: map bwrap tmpfs in app config cat 2024-10-13 02:39:27 +09:00
  • aee96b0fdf helper/bwrap: allow pushing generic arguments to the end of argument stream cat 2024-10-13 02:26:01 +09:00
  • 655020eb5d app/config: always use nobody UID within sandbox cat 2024-10-13 00:50:24 +09:00
  • f320dfc2ee fortify: set SUID_DUMP_DISABLE after flag parse cat 2024-10-13 00:09:14 +09:00
  • c818ea649a app/seal: skip /mnt in permissive default cat 2024-10-13 00:07:48 +09:00
  • b091260fd3 update README document cat 2024-10-13 00:07:10 +09:00
  • b9d5fe49cb nix: pass $SHELL for shell interpreter cat 2024-10-12 23:01:06 +09:00
  • d37dcff2fc app/seal: allow GPU access in permissive default when either X11/Wayland is enabled cat 2024-10-12 22:55:53 +09:00
  • 805ef99f9b app: filesystem struct that maps to all bwrap bind options cat 2024-10-12 22:33:04 +09:00
  • 283bcba05b fortify/config: flag to print template config serialised as JSON cat 2024-10-12 19:46:40 +09:00
  • 2e019e48c1 app: supply template config cat 2024-10-12 19:46:07 +09:00
  • d5c26ae593 fortify: move error handling to separate file cat 2024-10-12 02:11:43 +09:00
  • 61b473a06f fortify: clean up config loading cat 2024-10-12 01:51:06 +09:00
  • d2575b6708 fortify: move flag handling to separate files cat 2024-10-12 01:28:22 +09:00
  • 8d82446d97 helper: remove unused bwrap config field cat 2024-10-12 00:55:14 +09:00
  • 0f421644be dbus: improve unsealed behaviour coverage cat 2024-10-12 00:53:08 +09:00
  • 662f2a9d2c app: integrate bwrap into environment setup cat 2024-10-11 04:18:15 +09:00
  • 3ddfd76cdf shim: use bwrap config as it is cat 2024-10-11 04:13:56 +09:00
  • 713872a5cd helper/bwrap: move interfaceArgs before stringArgs cat 2024-10-11 04:12:47 +09:00
  • 6220f7e197 app: migrate to new shim implementation cat 2024-10-11 02:01:03 +09:00
  • b86fa6b4c9 shim: new shim implementation cat 2024-10-11 01:55:33 +09:00
  • 6eb712aec7 verbose: overridable prefix cat 2024-10-11 01:49:11 +09:00
  • 101e49a48b helper/bwrap: proc, dev and mqueue as string arguments cat 2024-10-11 01:30:11 +09:00
  • a3aadd4146 app: tag ACL operations for revert cat 2024-10-10 14:33:58 +09:00
  • 86cb5ac1db app: hardlink sockets to process-specific share local to XDG_RUNTIME_DIR cat 2024-10-10 12:44:08 +09:00
  • 2220055e26 state/simple: prefix store path cat 2024-10-10 11:03:31 +09:00
  • f4c44a9441 release: 0.0.2 cat 2024-10-10 00:13:06 +09:00
  • 8f03ddc3fa app: remove bubblewrap launch method cat 2024-10-10 00:11:04 +09:00
  • d41b9d2d9c ldd: separate Parse from Exec and trim space cat 2024-10-09 23:51:15 +09:00
  • 22dfa73efe release: 0.0.1 cat 2024-10-09 20:48:38 +09:00
  • 753c5191b1 dbus/run: support running xdg-dbus-proxy in a restrictive bubblewrap sandbox cat 2024-10-09 20:41:42 +09:00