maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
608 Commits 1 Branch 12 Tags
1576fea8a33a165562deff6b0d8adda35ad62244
Commit Graph

82 Commits

Author SHA1 Message Date
Ophestra
1576fea8a3 helper: raise WaitDelay during tests 
Helper runs very slowly with race detector. This prevents it from timing out.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 02:49:41 +09:00
Ophestra
273d97af85 ldd: lib paths resolve function 
This is what always happens right after a ldd call, so implement it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 01:20:09 +09:00
Ophestra
891316d924 helper/stub: copy args to stderr 
Some helpers are implemented via go test itself in tests, and as a result stdout gets clobbered.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 00:39:42 +09:00
Ophestra
6e7ddb2d2e helper: eliminate commandContext replacement 
This is done more cleanly by modifying Args in cmdF.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 00:01:25 +09:00
Ophestra
10a21ce3ef helper: expose extra files to direct 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 02:27:40 +09:00
Ophestra
0f1f0e4364 helper: combine helper ipc setup 
The two-step args call is no longer necessary since stat is passed on initialisation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 02:10:22 +09:00
Ophestra
f9bf20a3c7 helper: rearrange initialisation args 
This improves consistency across two different helper implementations.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 01:06:31 +09:00
Ophestra
73c1a83032 helper: move process wrapper to direct 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 00:33:25 +09:00
Ophestra
f443d315ad helper: clean up interface 
The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 00:27:44 +09:00
Ophestra
9e18d1de77 helper/proc: pass extra files and start 
For integration with native container tooling.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 23:23:57 +09:00
Ophestra
2647a71be1 seccomp: move out of helper 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 22:42:40 +09:00
Ophestra
7c60a4d8e8 helper: embed context on creation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 18:30:22 +09:00
Ophestra
29c3f8becb helper/seccomp: improve error handling 
This passes both errno and libseccomp return value.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-12 15:52:48 +09:00
Ophestra
be16970e77 helper/seccomp: seccomp_load on negative fd 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-12 15:18:52 +09:00
Ophestra
61e58aa14d helper/proc: expose setup file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-09 17:22:31 +09:00
Ophestra
39dc8e7bd8 dbus: set process group id 
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 18:12:41 +09:00
Ophestra
eda4d612c2 fortify: keep external files alive 
This should eliminate sporadic failures, like the known double close in "seccomp".

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 03:24:37 +09:00
Ophestra
d1f83f40d6 helper/bwrap: rename Write to WriteFile 
In case this might want to be an io.Writer.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-19 00:34:19 +09:00
Ophestra
e599b5583d fmsg: implement suspend in writer 
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 18:51:53 +09:00
Ophestra
1fa5e992e4 helper/bwrap: expose address of DataConfig 
This allows the caller to defer fulfilling its payload.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 12:33:59 +09:00
Ophestra
72b0160aad helper/bwrap: implement file copy flags 
These are significantly more efficient and less error-prone than mounting an external tmpfile. This should also reduce attack surface as the resulting files are private to its specific sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:13:15 +09:00
Ophestra
be7d944b39 helper/bwrap: PositionalArg implement fmt.Stringer 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 00:11:48 +09:00
Ophestra
ace97952cc helper/bwrap: merge Args and FDArgs 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:13:06 +09:00
Ophestra
88040504b2 helper/bwrap: remove fmsg import 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:05:00 +09:00
Ophestra
fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
Ophestra
60c2873750 helper/proc: cancel ec on parent ctx 
This allows errors written during a timeout to be received and handled.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:08:28 +09:00
Ophestra
d1d20c06fb helper/seccomp: use sync.Once for closeWrite 
This makes the code much cleaner, and eliminates the intermittent ErrInvalid errors.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:49:16 +09:00
Ophestra
1e6a059668 helper/seccomp: benchmark exporter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:37:51 +09:00
Ophestra
58eb8f971d proc/pipe: implement args and stat file 
This is a generic implementation of helper/pipe.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 19:57:24 +09:00
Ophestra
0a1d7c01cd helper/proc: count dispatched errs 
This helps debug implementation errors of [proc.File].

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 19:55:37 +09:00
Ophestra
60ca1c6c55 helper/proc: store file addresses in linked list 
Storing extra files as a slice requires the caller to allocate a large enough slice before initialising any file and never grow the slice.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 17:42:12 +09:00
Ophestra
099da78af5 helper/seccomp: eliminate data race on pfd 
Turns out the doc comment on os.File was lying about its methods being safe for concurrent use. The race detector picked up a data race from concurrent use of Fd and Close.

This change eliminates that by calling Fd in the prepare routine.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 10:40:51 +09:00
Ophestra
18466cfd02 helper/proc: declare generic extra files interface 
Helpers use extra files for various purposes. This provides a generic interface for implementing the fulfillment of these extra files without having to specifically handle them in the process creation code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-11 16:34:47 +09:00
Ophestra
e14923ae53 helper/proc: move package out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-08 13:03:45 +09:00
Ophestra
568d7758d5 helper/seccomp: panic on invalid closeWrite use 
Returning an error here puts exporter in an invalid state. The caller should guard against this condition instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 12:58:20 +09:00
Ophestra
5b7b3fa9a4 helper/seccomp: implement reader interface via pipe 
This also does not require the libc tmpfile call.

BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-03 19:43:03 +09:00
Ophestra
7b96cd6ded helper/seccomp: do not call F_println if not verbose 
This (slightly) improves performance.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 13:19:38 +09:00
Ophestra
163f15e93f helper/seccomp: separate seccomp package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:59:11 +09:00
Ophestra
37780456a7 helper: block more unusual/privileged syscalls 
These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:35:47 +09:00
Ophestra
9a239fa1a5 helper/bwrap: integrate seccomp into helper interface 
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 01:52:57 +09:00
Ophestra
eb0ef2d115 helper/bwrap: generic extra file interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-20 00:20:04 +09:00
Ophestra
2f70506865 helper/bwrap: move sync to helper state 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-19 18:38:13 +09:00
Ophestra
715addaccd helper/bwrap: append --sync-fd before -- 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-18 12:30:03 +09:00
Ophestra
3e11ce6868 helper/bwrap: separate sequential/static args 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 13:07:06 +09:00
Ophestra
7d99e45b88 helper/bwrap: register OverlayConfig with gob 
This is required for copying bwrap configurations across processes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-14 12:25:10 +09:00
Ophestra
e2489059c1 helper/bwrap: implement overlayfs builder 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-05 20:09:35 +09:00
Ophestra
2e3f6a4c51 helper/bwrap: move test out of bwrap package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-05 19:45:24 +09:00
Ophestra
2162029f46 helper/bwrap: add json struct tag to filesystem 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-05 19:41:04 +09:00
Ophestra
aef847b5ae helper/bwrap: fix typo in --dir config builder 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 15:34:43 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00