hakurei

Author	SHA1	Message	Date
cat	699c19e972	hst/container: optional runtime and tmpdir sharing Sharing and persisting these directories do not always make sense. Make it optional here. Closes #16. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-19 04:11:38 +09:00
cat	1cdc6b4246	test/sandbox: create marker in /var/tmp This prepares the test suite for private TMPDIR. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-09-14 16:45:17 +09:00
cat	d0ddd71934	test/sandbox: bind /var/tmp writable This makes it possible to place markers with private tmpdir. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-09-14 14:59:53 +09:00
cat	acb6931f3e	app/seal: leave $DISPLAY as is on host abstract This helps work around faulty software that misinterprets unix: DISPLAY string. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-27 20:42:03 +09:00
cat	83a1c75f1a	app: set up acl on X11 socket The socket is typically owned by the priv-user, and inaccessible by the target user, so just allowing access to the directory is not enough. This change fixes this oversight and add checks that will also be useful for merging security/hakurei#1. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-18 11:30:58 +09:00
cat	987981df73	test/sandbox: check pd behaviour Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 03:27:02 +09:00
cat	749a2779f5	test/sandbox: add arm64 constants Most of these are differences in qemu. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 05:36:35 +09:00
cat	e574042d76	test/sandbox: verify seccomp on all test cases This change also makes seccomp hashes cross-platform. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 04:21:35 +09:00
cat	87e008d56d	treewide: rename to hakurei Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 04:57:41 +09:00
cat	2ffca6984a	nix: use reverse-DNS style id as unique identifier Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-05-25 20:12:30 +09:00
cat	f30a439bcd	nix: improve common usability Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-05-16 04:40:12 +09:00
cat	807d511c8b	test/sandbox: check device outcome Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 19:55:16 +09:00
cat	8b62e08b44	test: build test program in nixos config Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-29 19:33:17 +09:00
cat	faf59e12c0	test/sandbox: expose test tool Some test elements implemented in the test tool might need to run outside the sandbox. This change allows that to happen. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-28 00:08:47 +09:00
cat	d97a03c7c6	test/sandbox: separate test tool source This improves readability and allows gofmt to format the file. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 23:43:13 +09:00
cat	996b42634d	test/sandbox: invoke check program directly Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 03:11:50 +09:00
cat	61d86c5e10	test/sandbox: fix stdout tty check Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:23:50 +09:00
cat	0eb1bc6301	test/sandbox: verify outcome via mountinfo Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 01:42:38 +09:00
cat	806ce18c0a	test/sandbox: check mapuid outcome Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:56:07 +09:00
cat	b71d2bf534	test/sandbox: check tty outcome This makes no difference currently but has different behaviour in the native sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:28:57 +09:00
cat	d2c329bcea	test: format path aid offsets Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:21:14 +09:00
cat	2d379b5a38	test/sandbox: pass want file as argument This avoids building the check program multiple times. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 15:00:59 +09:00
cat	75e0c5d406	test/sandbox: parse full test case This makes declaring multiple tests much cleaner. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 14:53:50 +09:00

23 Commits