maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,084 Commits 7 Branches 12 Tags
06894e21040696bb278e7dd71b9b9d40b7b46fca
Commit Graph

2084 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cat eb3385d490 container/initsymlink: unwrap mount errors 
The mount function now wraps its own errors in a much more descriptive type with proper message formatting. Wrapping them no longer makes any sense.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-29 01:46:54 +09:00
cat b8669338da container/initsymlink: unwrap absolute error 
This is now handled properly by the init.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-29 01:43:11 +09:00
cat f24dd4ab8c container/init: handle unwrapped errors 
This is much cleaner from both the return statement and the error handling.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-29 01:37:13 +09:00
cat a462341a0a container: repeat and impossible state types 
This moves repeated Op errors and impossible internal state errors off of msg.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-29 01:12:02 +09:00
cat 84ad9791e2 container: wrap mount syscall errno 
This is the first step to deprecating the generalised error wrapping error message pattern.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-29 01:06:12 +09:00
cat b14690aa77 internal/app: remove seal interface 
This further cleans up the package for the restructure.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 01:07:51 +09:00
cat d0b6852cd7 internal/app: remove app interface 
It is very clear at this point that there will not be multiple implementations of App, and the internal/app package will never move out of internal due to hsu.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 00:54:44 +09:00
cat da0459aca1 internal/app: update doc comments 
A lot of these comments are quite old and have not been updated to reflect changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 00:45:57 +09:00
cat 1be8de6f5c internal/app: less strict username regex 
Use the default value of NAME_REGEX from adduser. Should not hurt compatibility while being less strict.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 00:22:55 +09:00
cat 0f41d96671 internal: move sysconf wrapper to app 
This should not be used and is not useful in other packages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 00:04:58 +09:00
cat 92f510a647 cmd/hakurei/command: pd run dbus-verbose nil check 
This otherwise dereferences a nil pointer when dbus-verbose is set and either session or system bus are nil.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-06 00:09:25 +09:00
cat acb6931f3e app/seal: leave $DISPLAY as is on host abstract 
This helps work around faulty software that misinterprets unix: DISPLAY string.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-27 20:42:03 +09:00
cat 9d932d1039 release: 0.2.1 
Signed-off-by: Ophestra <cat@gensokyo.uk>
v0.2.1 		2025-08-26 03:33:45 +09:00
cat 9bc8532d56 container/initdev: mount tmpfs on shm for ro dev 
Programs expect /dev/shm to be a writable tmpfs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 03:27:07 +09:00
cat 07194c74cb release: 0.2.0 
Signed-off-by: Ophestra <cat@gensokyo.uk>
v0.2.0 		2025-08-26 02:23:59 +09:00
cat 4cf694d2b3 hst: use hsu userid for share path suffix 
The privileged user is identifier to hakurei through its hsu userid. Using the kernel uid here makes little sense and is a leftover design choice from before hsu was implemented.

Closes #7.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 02:16:33 +09:00
cat c9facb746b hst/config: remove data field, rename dir to home 
There is no reason to give the home directory special treatment, as this behaviour can be quite confusing. The home directory also does not necessarily require its own mount point, it could be provided by a parent or simply be ephemeral.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 00:56:10 +09:00
cat 878b66022e hst/fsbind: optional ensure source 
This exposes the BindEnsure flag of BindMountOp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 00:50:23 +09:00
cat 2e0a4795f6 container/initbind: optional ensure host directory 
This is used for ensuring persistent data directories specific to the container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 00:44:45 +09:00
cat c328b584c0 hst/fslink: improve string representation 
This shortens the representation of most common use cases and generally improves readability.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 22:52:48 +09:00
cat 9585b35d5b hst/config: remove symlink field 
Closes #6.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 22:23:54 +09:00
cat 26cafe3e80 hst/fs: implement link fstype 
Symlinks do not require special treatment, and doing this allows placing links in order.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 21:57:38 +09:00
cat 125f150784 hst/fs: update doc comments 
The Type method no longer exists on the interface. Update doc comments to reflect that.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 21:11:39 +09:00
cat 0dcac55a0c hst/config: remove container etc field 
This no longer needs special treatment since it can be specified as a generic filesystem entry.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 19:24:33 +09:00
cat 6d202d73b4 hst/fsbind: optional autoetc behaviour 
This generalises the special field allowing any special behaviour to be matched from target.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 18:38:19 +09:00
cat 1438096339 hst/config: handle filesystem entry targeting root 
This allows any fstype supported by hst to be directly mounted on sysroot. A special case in internal/app applies the matching entry early and excludes it from path hiding.

Closes #5.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 17:52:57 +09:00
cat 059164d4fa hst/fsbind: optional autoroot behaviour 
This allows autoroot to be configured via Filesystem.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 17:44:12 +09:00
cat 8db906ee64 container/dispatcher: remove exit stub test log 
Turns out testing.T does not like being called in defer.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 17:33:35 +09:00
cat cedfceded5 container/autoroot: remove prefix field 
This field has been a noop for a long time. Remove it to prevent further confusion.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 03:39:20 +09:00
cat 33d2dcce1b container/initoverlay: internal bypass sysroot prefix 
This is for supporting overlay mounts for autoroot.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 02:42:22 +09:00
cat 2baa2d7063 container/init: measure init behaviour 
This used to be entirely done via integration tests, with almost no hope of error injection and coverage profile. These tests significantly increase confidence of future work in this area.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-24 04:52:32 +09:00
cat 0166833431 container/dispatcher: start goroutine in dispatcher 
This allows instrumentation of calls from goroutine without relying on finalizers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-23 21:58:40 +09:00
cat b3da3da525 container/init: avoid multiple lastcap calls 
This reduces the size of []kexpect in the test suite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-23 11:09:11 +09:00
cat 1b3902df78 container/dispatcher: instrument each goroutine individually 
Scheduler nondeterminism cannot be accounted for, so do this instead.

There should not be any performance penalty as these calls are optimised out for direct.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-23 11:07:16 +09:00
cat ea1e3ebae9 container/params: pass fd instead of file 
The file is very difficult to stub. Pass fd instead as it is the value that is actually useful.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-23 00:16:46 +09:00
cat 1c692bfb79 container/init: call lockOSThread through dispatcher 
This degrades test performance if not stubbed out.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 22:24:14 +09:00
cat 141a18999f container: move integration test helpers 
With the new instrumentation it is now possible to run init code outside integration tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 22:07:19 +09:00
cat afe23600d2 container/path: use syscall dispatcher 
This allows path and mount functions to be instrumented.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 22:02:21 +09:00
cat 09d2844981 container/init: wrap syscall helper functions 
This allows tests to stub all kernel behaviour, enabling measurement of all function call arguments and error injection.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 19:27:31 +09:00
cat d500d6e559 system/dbus: share host net ns for abstract 
Host abstract unix sockets are only accessible when also in the init net ns.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-21 21:55:23 +09:00
cat 5b73316ae0 container/syscall: doc comments from manpages 
These are pulled straight from the manpages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-21 00:33:46 +09:00
cat 5d8a2199b6 container/init: op interface valid method 
Check ops early and eliminate duplicate checks.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-21 00:18:50 +09:00
cat a1482ecdd0 container/inittmpfs: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 20:17:28 +09:00
cat a07f9ed84c container/initsymlink: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 20:03:02 +09:00
cat 51304b03af container/initremount: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:55:51 +09:00
cat c6397b941f container/initproc: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:29:45 +09:00
cat d65e5f817a container/initplace: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:19:27 +09:00
cat 696e593898 container/initoverlay: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:33:15 +09:00
cat 97ab24feef container/init: use absolute compare method 
More checks are also added.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:14:36 +09:00
cat 31f0dd36df absolute: efficient equivalence check method 
This is more efficient and makes the call site cleaner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:06:38 +09:00