hakurei

Author	SHA1	Message	Date
Ophestra	31aef905fa	sandbox: expose seccomp interface There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-02 04:47:13 +09:00
Ophestra	1a8840bebc	sandbox/seccomp: resolve rules natively This enables loading syscall filter policies from external cross-platform config files. This also removes a significant amount of C code. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-01 22:11:32 +09:00
Ophestra	87e008d56d	treewide: rename to hakurei Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 04:57:41 +09:00
Ophestra	15011c4173	app/instance/common: optimise ops allocation Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-13 03:49:07 +09:00
Ophestra	31b7ddd122	fst: improve config The config struct more or less "grew" to what it is today. This change moves things around to make more sense and fixes nonsensical comments describing obsolete behaviour. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-13 03:30:19 +09:00
Ophestra	6309469e93	app/instance: wrap internal implementation This reduces the scope of the fst package, which was growing questionably large. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-12 13:56:41 +09:00