maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,462 Commits 7 Branches 12 Tags
22e508fe17cdf6be6240e6b73ac5b90bc6bfd77e
Commit Graph

1527 Commits

Author SHA1 Message Date
cat 9e48d7f562 hst/config: move container fields from toplevel 
This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 04:24:45 +09:00
cat f280994957 internal/app: check nscd socket for path hiding 
This can seriously break things, and exposes extra host attack surface, so include it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 20:47:30 +09:00
cat ae7b343cde hst: reword and move constants 
These values are considered part of the stable, exported API, so move them to hst.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 17:40:32 +09:00
cat a63a372fe0 internal/app: merge static stub 
These tests now serve as integration tests, and finer grained tests for each op will be added slowly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 17:15:14 +09:00
cat 80ad2e4e23 internal/app: do not offset base value 
This value is applied to the shim, it is incorrect to offset the base value as well.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 03:59:52 +09:00
cat 92b83bd599 internal/app: apply pd behaviour to outcomeState 
This avoids needlessly clobbering hst.Config.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 03:53:23 +09:00
cat 8ace214832 system/wayland: hang up security-context-v1 internally 
This should have been an implementation detail and should not be up to the caller to close.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 03:25:13 +09:00
cat eb5ee4fece internal/app: modularise outcome finalise 
This is the initial effort of splitting up host and container side of finalisation for params to shim. The new layout also enables much finer grained unit testing of each step, as well as partition access to per-app state for each step.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 02:52:50 +09:00
cat 9462af08f3 system/dbus: dump buffer internally 
This should have been an implementation detail and should not be up to the caller to call it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-04 20:31:14 +09:00
cat a5f0aa3f30 internal/app: declutter and merge small files 
This should make internal/app easier to work with for the upcoming params to shim.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-03 16:59:29 +09:00
cat dd0bb0a391 internal/app: check username validation 
This stuff should be hardcoded in libc, but check it anyway.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-03 16:42:42 +09:00
cat d16da6da8c system: enforce absolute paths 
This is less error-prone, and is quite easy to integrate considering internal/app has already migrated to container.Absolute.

Closes #11.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-03 02:26:14 +09:00
cat e58181a930 internal/app/paths: defer extra formatting 
This reduces payload size for params to shim.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-30 00:21:26 +09:00
cat 71e70b7b5f internal/app/paths: do not print messages 
This change was missed while merging the rest of the logging changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 09:30:57 +09:00
cat 1ba1cb8865 hst/config: remove seccomp bit fields 
These serve little purpose and are not friendly for use from other languages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 07:07:16 +09:00
cat 44ba7a5f02 hst/enablement: move bits from system 
This is part of the hst API, should not be in the implementation package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 06:34:29 +09:00
cat dc467493d8 internal: remove hlog 
This package has been fully replaced by container.Msg.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 06:21:04 +09:00
cat 46cd3a28c8 container: remove global msg 
This frees all container instances of side effects.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 06:11:47 +09:00
cat e906cae9ee container/output: export suspendable writer 
This is quite useful for other packages as well. This change prepares internal/hlog for removal.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-27 19:46:35 +09:00
cat ae2df2c450 internal: remove sys package 
This package is replaced by container/stub. Remove and replace it with unexported implementation for the upcoming test suite rewrite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-25 13:51:54 +09:00
cat 6e3f34f2ec internal/app: merge finalise test cases 
This cleans everything up a bit for the upcoming test suite rewrite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-25 12:11:02 +09:00
cat 65a0bb9729 internal/sys/hsu: expose hsurc identifier 
This maintains a compatible interface for now, to ease merging of the upcoming changes to internal/app.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 21:17:04 +09:00
cat afa7a0800d cmd/hsu: return hsurc id 
The uid format is stable, this value is what caller has to obtain through hsu.

Closes #14.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 21:10:13 +09:00
cat 409ed172c8 internal/app: handle LookupGroup error 
This could return errnos from the cgo calls.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 19:36:55 +09:00
cat 1c4f593566 internal/app: unexport outcome, remove app struct 
The App struct no longer does anything, and the outcome struct is entirely opaque.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 18:44:14 +09:00
cat b99c63337d internal/app: do not return from shim start 
The whole RunState ugliness and the other horrendous error handling conditions for internal/app come from an old design proposal for maintaining all app containers under the same daemon process for a user. The proposal was ultimately rejected but the implementation remained. It is removed here to alleviate internal/app from much of its ugliness and unreadability.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 13:37:38 +09:00
cat 16409b37a2 internal/app: compensate shim timeout 
This catches cases where the shim has somehow locked up, so it should wait out the full shim WaitDelay as well.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-16 02:23:19 +09:00
cat a2a291791c internal/sys: separate hsu uid cache 
This begins the effort of the removal of the sys package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-15 02:30:47 +09:00
cat 8690419c2d hst: replace internal/app error 
This turns out to still be quite useful across internal/app and its relatives. Perhaps a cleaner replacement for baseError.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-15 01:44:43 +09:00
cat ca247b8037 internal/app: mount /dev/shm early 
This avoids covering /dev/shm mounts from hst.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 01:49:42 +09:00
cat f876043844 internal/hlog: remove error wrapping 
This was a stopgap solution that lasted for way too long. This finally removes it and prepares internal/app for some major changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-12 06:52:35 +09:00
cat 6f719bc3c1 system: update doc commands and remove mutex 
The mutex is not really doing anything, none of these methods make sense when called concurrently anyway. The copylocks analysis is still satisfied by the noCopy struct.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-02 04:54:34 +09:00
cat 1b5d20a39b container/dispatcher: stub.Call initialisation helper function 
This keeps composites analysis happy without making the test cases (too) bloated.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-02 04:44:08 +09:00
cat 712cfc06d7 container: wrap container init start errors 
This helps indicate the exact origin and nature of the error. This eliminates generic WrapErr from container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-30 23:44:48 +09:00
cat b14690aa77 internal/app: remove seal interface 
This further cleans up the package for the restructure.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 01:07:51 +09:00
cat d0b6852cd7 internal/app: remove app interface 
It is very clear at this point that there will not be multiple implementations of App, and the internal/app package will never move out of internal due to hsu.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 00:54:44 +09:00
cat da0459aca1 internal/app: update doc comments 
A lot of these comments are quite old and have not been updated to reflect changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 00:45:57 +09:00
cat 1be8de6f5c internal/app: less strict username regex 
Use the default value of NAME_REGEX from adduser. Should not hurt compatibility while being less strict.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 00:22:55 +09:00
cat 0f41d96671 internal: move sysconf wrapper to app 
This should not be used and is not useful in other packages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 00:04:58 +09:00
cat acb6931f3e app/seal: leave $DISPLAY as is on host abstract 
This helps work around faulty software that misinterprets unix: DISPLAY string.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-27 20:42:03 +09:00
cat 9bc8532d56 container/initdev: mount tmpfs on shm for ro dev 
Programs expect /dev/shm to be a writable tmpfs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 03:27:07 +09:00
cat 4cf694d2b3 hst: use hsu userid for share path suffix 
The privileged user is identifier to hakurei through its hsu userid. Using the kernel uid here makes little sense and is a leftover design choice from before hsu was implemented.

Closes #7.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 02:16:33 +09:00
cat c9facb746b hst/config: remove data field, rename dir to home 
There is no reason to give the home directory special treatment, as this behaviour can be quite confusing. The home directory also does not necessarily require its own mount point, it could be provided by a parent or simply be ephemeral.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 00:56:10 +09:00
cat 9585b35d5b hst/config: remove symlink field 
Closes #6.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 22:23:54 +09:00
cat 0dcac55a0c hst/config: remove container etc field 
This no longer needs special treatment since it can be specified as a generic filesystem entry.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 19:24:33 +09:00
cat 6d202d73b4 hst/fsbind: optional autoetc behaviour 
This generalises the special field allowing any special behaviour to be matched from target.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 18:38:19 +09:00
cat 1438096339 hst/config: handle filesystem entry targeting root 
This allows any fstype supported by hst to be directly mounted on sysroot. A special case in internal/app applies the matching entry early and excludes it from path hiding.

Closes #5.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 17:52:57 +09:00
cat cedfceded5 container/autoroot: remove prefix field 
This field has been a noop for a long time. Remove it to prevent further confusion.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 03:39:20 +09:00
cat a3988c1a77 hst: rename net and abstract fields 
This makes more sense and matches the container library.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 16:48:01 +09:00
netadr 5db0714072 container: optionally isolate host abstract UNIX domain sockets via landlock 2025-08-18 16:28:14 +09:00