maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
1,114 Commits 2 Branches 12 Tags
2442eda8d960681d53e5f463a974a7f44ffe312e
Commit Graph

41 Commits

Author SHA1 Message Date
Ophestra
2442eda8d9 hst/instance: embed config struct 
This makes the resulting json easier to parse since it can now be deserialised into the config struct.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-24 00:42:16 +09:00
Ophestra
b5b30aea2e test: place marker in common path 
This discontinues the dependency on shared tmpdir and xdg_runtime_dir implementation detail, for #16.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-19 03:50:48 +09:00
Ophestra
9e48d7f562 hst/config: move container fields from toplevel 
This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 04:24:45 +09:00
Ophestra
ae2df2c450 internal: remove sys package 
This package is replaced by container/stub. Remove and replace it with unexported implementation for the upcoming test suite rewrite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-25 13:51:54 +09:00
Ophestra
f09133a224 test: check init lingering timeout behaviour 
This checks init timeout on lingering process after initial process termination.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-22 21:56:29 +09:00
Ophestra
a2a291791c internal/sys: separate hsu uid cache 
This begins the effort of the removal of the sys package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-15 02:30:47 +09:00
Ophestra
ca247b8037 internal/app: mount /dev/shm early 
This avoids covering /dev/shm mounts from hst.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 01:49:42 +09:00
Ophestra
92f510a647 cmd/hakurei/command: pd run dbus-verbose nil check 
This otherwise dereferences a nil pointer when dbus-verbose is set and either session or system bus are nil.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-06 00:09:25 +09:00
Ophestra
4cf694d2b3 hst: use hsu userid for share path suffix 
The privileged user is identifier to hakurei through its hsu userid. Using the kernel uid here makes little sense and is a leftover design choice from before hsu was implemented.

Closes #7.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 02:16:33 +09:00
Ophestra
4ffeec3004 hst/enablement: editor friendly enablement adaptor 
Having the bit field value here (in decimal, no less) is unfriendly to text editors. Use a bunch of booleans here to improve ease of use.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-15 05:16:51 +09:00
Ophestra
b43d104680 app: integrate interrupt forwarding 
This significantly increases usability of command line tools running through hakurei.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-29 02:23:06 +09:00
Ophestra
ddf48a6c22 app/shim: implement signal handler outcome in Go 
This needs to be done from the Go side eventually anyway to integrate the signal forwarding behaviour now supported by the container package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-28 23:39:30 +09:00
Ophestra
87e008d56d treewide: rename to hakurei 
Fortify makes little sense for a container tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 04:57:41 +09:00
Ophestra
bf5772bd8a nix: deduplicate home-manager merging 
This becomes a problem when extraHomeConfig defines nixos module options.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-08 01:12:18 +09:00
Ophestra
9a7c81a44e nix: go generate in src derivation 
This saves the generated files in the nix store and exposes them for use by external tools.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-07 03:10:36 +09:00
Ophestra
e587112e63 test: check xdg-dbus-proxy termination 
This process runs outside the application container's pid namespace, so it is a good idea to check whether its lifecycle becomes decoupled from the application.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-15 20:45:31 +09:00
Ophestra
31b7ddd122 fst: improve config 
The config struct more or less "grew" to what it is today. This change moves things around to make more sense and fixes nonsensical comments describing obsolete behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-13 03:30:19 +09:00
Ophestra
e9a7cd526f app: improve shim process management 
This ensures a signal gets delivered to the process instead of relying on parent death behaviour.

SIGCONT was chosen as it is the only signal an unprivileged process is allowed to send to processes with different credentials.

A custom signal handler is installed because the Go runtime does not expose signal information other than which signal was received, and shim must check pid to ensure reasonable behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 03:55:17 +09:00
Ophestra
8aeb06f53c app: share path setup on demand 
This removes the unnecessary creation and destruction of share paths when none of the enablements making use of them are set.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-01 00:47:32 +09:00
Ophestra
297b444dfb test: separate app and sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-30 22:09:46 +09:00
Ophestra
ff3cfbb437 test/sandbox: check seccomp outcome 
This is as ugly as it is because it has to have CAP_SYS_ADMIN and not be in seccomp mode.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-28 02:24:27 +09:00
Ophestra
d613257841 sandbox/init: clear inheritable set 
Inheritable should not be able to affect anything regardless of its value, due to no_new_privs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 07:46:13 +09:00
Ophestra
52fcc48ac1 sandbox/init: drop capabilities 
During development the syscall filter caused me to make an incorrect assumption about SysProcAttr.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 06:32:08 +09:00
Ophestra
4836d570ae test: raise long timeout to 15 seconds 
The race detector really slows down container tooling.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 01:59:05 +09:00
Ophestra
ee51320abf test: check revert type selection 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 04:37:58 +09:00
Ophestra
5c4058d5ac app: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 01:52:49 +09:00
Ophestra
61d86c5e10 test/sandbox: fix stdout tty check 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-24 16:23:50 +09:00
Ophestra
806ce18c0a test/sandbox: check mapuid outcome 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-23 17:56:07 +09:00
Ophestra
b71d2bf534 test/sandbox: check tty outcome 
This makes no difference currently but has different behaviour in the native sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-23 17:28:57 +09:00
Ophestra
d2c329bcea test: format path aid offsets 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-23 17:21:14 +09:00
Ophestra
75e0c5d406 test/sandbox: parse full test case 
This makes declaring multiple tests much cleaner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-23 14:53:50 +09:00
Ophestra
5d3c8dcc92 test: raise timeout 
Native container tooling is severely slowed down by race detector. Raise timeout so it reliably completes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 23:51:17 +09:00
Ophestra
beb3918809 test: run go test under regular user 
By default test vm commands run as root, this causes buildFHSEnv bwrap to cover some parts of /proc, making it impossible to mount proc in a mount namespace created under it. Running as a regular user gets around this issue.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-13 20:56:32 +09:00
Ophestra
2871426df2 test: print output of failed test 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-13 16:40:15 +09:00
Ophestra
61e58aa14d helper/proc: expose setup file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-09 17:22:31 +09:00
Ophestra
d8e9d71f87 test/sandbox: check mount outcome 
Do this at the beginning of the test for early failure.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-28 15:56:15 +09:00
Ophestra
5de28800ad test: verify fsu ppid check 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 16:51:57 +09:00
Ophestra
8e50293ab7 test: remove sway process check 
This eliminates the race where systemd restarts sway too quick.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 13:52:44 +09:00
Ophestra
c62689e17f nix: interrupt via tty 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 18:20:47 +09:00
Ophestra
b4549c72be nix: verify silent signal exit 
This catches errors in the cleanup process initiated by a signal.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 01:22:16 +09:00
Ophestra
b6af8caffe nix: clean up directory structure 
Tests for fpkg is going to be in ./cmd/fpkg, so this central tests directory is no longer necessary.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 18:48:01 +09:00