dd94818f20
hst/instance: define instance state
...
This is now part of the hst API. This change also improves identifier generation and serialisation.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-23 22:59:02 +09:00
0f8ffee44d
internal/app: test case for hst template
...
This helps with other areas of the test suite as they're all based on hst.Template. This also helps contributors understand the behaviour of internal/app as hst.Template covers almost every aspect of it.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-23 04:46:58 +09:00
6c338b433a
internal/app: reduce test case indentation
...
This improves readability on narrower displays.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-22 07:40:32 +09:00
8accd3b219
internal/app/shim: use syscall dispatcher
...
This enables instrumented testing of the shim.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-22 06:58:45 +09:00
e94acc424c
container/comp: rename from bits
...
This package will also hold syscall lookup tables for seccomp.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-21 20:54:03 +09:00
699c19e972
hst/container: optional runtime and tmpdir sharing
...
Sharing and persisting these directories do not always make sense. Make it optional here.
Closes #16 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-19 04:11:38 +09:00
e47aebb7a0
internal/app/outcome: apply configured filesystems late
...
This enables configured filesystems to cover system mount points.
Closes #8 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-19 01:41:52 +09:00
d4284c109d
internal/app/spruntime: emulate pam_systemd type
...
This sets XDG_SESSION_TYPE to the corresponding values specified in pam_systemd(8) according to enablements.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-18 04:33:04 +09:00
4c647add0d
hst/container: pack boolean options
...
The memory saving is relatively insignificant, however this increases serialisation efficiency.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-14 06:39:00 +09:00
790d77075e
system/dbus: remove builder state leak
...
This enables external testing of system.I state.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-14 01:33:44 +09:00
7638a44fa6
treewide: parallel tests
...
Most tests already had no global state, however parallel was never enabled. This change enables it for all applicable tests.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-13 04:38:48 +09:00
36f312b3ba
internal/app/spcontainer: resolve path through dispatcher
...
This prevents state from os tainting the test data.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-11 20:20:41 +09:00
037144b06e
system/dbus: use well-known address in spec
...
The session bus still performs non-standard formatting since it makes no sense for hakurei to start the session bus.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-11 18:52:06 +09:00
f5a597c406
hst: rename /.hakurei constant
...
This provides disambiguation from fhs.AbsTmp.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-11 14:32:35 +09:00
070e346587
internal/app: relocate params state initialisation
...
This is useful for testing.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-10 22:00:49 +09:00
24de7c50a0
internal/app: relocate state initialisation
...
This is useful for testing.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-10 20:15:58 +09:00
109aaee659
internal/app: copy parts of config to state
...
This is less error-prone than passing the address to the entire hst.Config struct, and reduces the likelihood of accidentally clobbering hst.Config. This also improves ease of testing.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-10 03:19:09 +09:00
22ee5ae151
internal/app: filter ops in implementation
...
This is cleaner and less error-prone, and should also result in negligibly less memory allocation.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-10 02:23:34 +09:00
4246256d78
internal/app: hold config address in state
...
This can be removed eventually as it is barely used.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-10 01:21:01 +09:00
87b5c30ef6
message: relocate from container
...
This package is quite useful. This change allows it to be imported without importing container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-09 05:18:19 +09:00
a40d182706
internal/app: build container state in shim
...
This significantly decreases ipc overhead.
Closes #3 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-08 22:30:40 +09:00
e5baaf416f
internal/app: check transmitted ops
...
This simulates params to shim and this is the last step before params to shim is merged.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-08 20:02:09 +09:00
584ce3da68
container/bits: move bind bits
...
This allows referring to the bits without importing container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 21:38:31 +09:00
5d18af0007
container/fhs: move pathname constants
...
This allows referencing FHS pathnames without importing container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 21:29:16 +09:00
0e6c1a5026
container/check: move absolute pathname
...
This allows use of absolute pathname values without importing container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 20:57:58 +09:00
d23b4dc9e6
hst/dbus: move dbus config struct
...
This allows holding a xdg-dbus-proxy configuration without importing system/dbus.
It also makes more sense in the project structure since the config struct is part of the hst API however the rest of the implementation is not.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 19:03:51 +09:00
3ce63e95d7
container: move seccomp preset bits
...
This allows holding the bits without cgo.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 18:28:20 +09:00
9e48d7f562
hst/config: move container fields from toplevel
...
This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 04:24:45 +09:00
f280994957
internal/app: check nscd socket for path hiding
...
This can seriously break things, and exposes extra host attack surface, so include it here.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 20:47:30 +09:00
a63a372fe0
internal/app: merge static stub
...
These tests now serve as integration tests, and finer grained tests for each op will be added slowly.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 17:15:14 +09:00
8ace214832
system/wayland: hang up security-context-v1 internally
...
This should have been an implementation detail and should not be up to the caller to close.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 03:25:13 +09:00
eb5ee4fece
internal/app: modularise outcome finalise
...
This is the initial effort of splitting up host and container side of finalisation for params to shim. The new layout also enables much finer grained unit testing of each step, as well as partition access to per-app state for each step.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 02:52:50 +09:00
d16da6da8c
system: enforce absolute paths
...
This is less error-prone, and is quite easy to integrate considering internal/app has already migrated to container.Absolute.
Closes #11 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-03 02:26:14 +09:00
44ba7a5f02
hst/enablement: move bits from system
...
This is part of the hst API, should not be in the implementation package.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-29 06:34:29 +09:00
46cd3a28c8
container: remove global msg
...
This frees all container instances of side effects.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-29 06:11:47 +09:00
ae2df2c450
internal: remove sys package
...
This package is replaced by container/stub. Remove and replace it with unexported implementation for the upcoming test suite rewrite.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-25 13:51:54 +09:00
6e3f34f2ec
internal/app: merge finalise test cases
...
This cleans everything up a bit for the upcoming test suite rewrite.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-25 12:11:02 +09:00
1c4f593566
internal/app: unexport outcome, remove app struct
...
The App struct no longer does anything, and the outcome struct is entirely opaque.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-24 18:44:14 +09:00
f876043844
internal/hlog: remove error wrapping
...
This was a stopgap solution that lasted for way too long. This finally removes it and prepares internal/app for some major changes.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-12 06:52:35 +09:00
6f719bc3c1
system: update doc commands and remove mutex
...
The mutex is not really doing anything, none of these methods make sense when called concurrently anyway. The copylocks analysis is still satisfied by the noCopy struct.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-02 04:54:34 +09:00
b14690aa77
internal/app: remove seal interface
...
This further cleans up the package for the restructure.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-28 01:07:51 +09:00
0d7c1a9a43
app: rename app implementation package
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-04-12 10:54:24 +09:00
5c4058d5ac
app: run in native sandbox
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-25 01:52:49 +09:00
c64b8163e7
app: separate instance from process state
...
This works better for the implementation.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-21 16:06:24 +09:00
e0f321b2c4
sys: rename from linux
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-18 18:47:48 +09:00
90cb01b274
system: move out of internal
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-17 19:00:43 +09:00
562f5ed797
fst: hide sockets exposed via Filesystem
...
This is mostly useful for permissive defaults.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-15 10:13:18 +09:00
df6fc298f6
migrate to git.gensokyo.uk/security/fortify
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-20 00:20:02 +09:00
2f676c9d6e
fst: rename from fipc
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-18 15:50:46 +09:00
b752ec4468
fipc: export config struct
...
Also store full config as part of state.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-18 13:45:55 +09:00
