maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
473 Commits 2 Branches 12 Tags
33a4ab11c226c736c0d8b2644fbbe27a5ca045e9
Commit Graph

162 Commits

Author SHA1 Message Date
Ophestra
33a4ab11c2 internal: move shim and init into app 
This structure makes more sense, as both processes are part of an app's lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 16:28:46 +09:00
Ophestra
c667b13a00 system: separate link Op implementation 
This Op would still be useful after replacing the Tmpfiles interface, so isolate it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 12:15:26 +09:00
Ophestra
268a90f1a5 app: improve WAYLAND_DISPLAY correctness 
This now has identical behaviour as wayland C library.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 14:45:09 +09:00
Ophestra
ddb2f9c11b app: remove wayland socket hard link 
This Op was not doing anything useful.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 10:54:00 +09:00
Ophestra
f955b15b84 system: remove write mode tmpfiles 
This interface is ugly and bug-prone. This change removes its write mode which has been obsoleted by CopyBind.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:22:20 +09:00
Ophestra
0340c67995 app: port passwd and group files to copy 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:19:06 +09:00
Ophestra
ea8d1c07df priv/shim: move /sbin/init setup to app 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:06:10 +09:00
Ophestra
a0062d8275 fmsg: resume on exit 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 02:22:09 +09:00
Ophestra
1f74b636d3 state/join: use Join method when available 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 14:11:02 +09:00
Ophestra
e431ab3c24 app: check username length against LOGIN_NAME_MAX 
This limit is arbitrary, but it's good to enforce it anyway.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 12:44:55 +09:00
Ophestra
fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
Ophestra
e14923ae53 helper/proc: move package out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-08 13:03:45 +09:00
Ophestra
a48386bd56 system/dbus: dump messages on early fault 
In the current app implementation this gets dumped in the wait method after resuming output. Wait is never called in an early fault condition, so any error messages get lost.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:20:56 +09:00
Ophestra
2e52191404 system/dbus: dump method prints msgbuf 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:16:54 +09:00
Ophestra
163f15e93f helper/seccomp: separate seccomp package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:59:11 +09:00
Ophestra
23e1152baa app/share: clean BaseError message 
This removes trailing '\n' in the PulseAudio warning.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 11:54:16 +09:00
Ophestra
8c51012ef5 dbus: enable syscall filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 11:49:23 +09:00
Ophestra
9a239fa1a5 helper/bwrap: integrate seccomp into helper interface 
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 01:52:57 +09:00
Ophestra
82029948e6 proc: append to ExtraFiles slice pointer 
This is useful for initialising extra files before command.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-21 12:51:39 +09:00
Ophestra
dfcdc5ce20 state: store config in separate gob stream 
This enables early serialisation of config.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-21 12:10:58 +09:00
Ophestra
20a3d4c458 proc/priv/shim: resolve and load seccomp rules 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-20 23:52:56 +09:00
Ophestra
3df344828f proc/priv/shim: seccomp bpf filter via libseccomp 
Rulesets adapted from Flatpak for compatibility.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-20 23:39:47 +09:00
Ophestra
27f5922d5c fst: include syscall filter configuration 
This value is passed through to shim.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-20 21:12:39 +09:00
Ophestra
3c55fc8e86 proc/priv/shim: do not log bwrap args 
This message is very long and does not serve much real purpose. Remove it to de-clutter verbose messages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-20 19:51:28 +09:00
Ophestra
eb0ef2d115 helper/bwrap: generic extra file interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-20 00:20:04 +09:00
Ophestra
2f70506865 helper/bwrap: move sync to helper state 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-19 18:38:13 +09:00
Ophestra
cae567c109 proc/priv/shim: remove unnecessary state 
These values are only used during process creation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-19 18:09:07 +09:00
Ophestra
b31d055e20 proc/priv/init: early init check 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-18 12:33:33 +09:00
Ophestra
7baca66a56 proc: remove duplicate compile-time fortify reference 
This is no longer needed since shim and init are now part of the main program.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-18 11:59:33 +09:00
Ophestra
27d2914286 proc/priv/init: merge init into main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-18 11:47:01 +09:00
Ophestra
ea8f228af3 proc/priv/shim: merge shim into main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-17 23:43:32 +09:00
Ophestra
16db3dabe2 internal: do PR_SET_PDEATHSIG once 
This prctl affects the entire process, doing it on every OS thread is pointless.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-17 23:08:46 +09:00
Ophestra
124743ffd3 app: expose single run method 
App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 23:39:51 +09:00
Ophestra
562f5ed797 fst: hide sockets exposed via Filesystem 
This is mostly useful for permissive defaults.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 10:13:18 +09:00
Ophestra
6acd0d4e88 linux/std: handle fsu exit status 1 
Printing "exit status 1" is confusing. This handles the ExitError and returns EACCES instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-01 21:34:57 +09:00
Ophestra
c4d6651cae update reverse-DNS style identifiers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-31 16:16:38 +09:00
Ophestra
bf8094c6ca internal: include path to fortify main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 12:48:48 +09:00
Ophestra
9b206072fa cmd/fshim: ensure data directory 
Ensuring home directory in shim causes the directory to be owned by the target user.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 14:39:01 +09:00
Ophestra
b9e2003d5b app: ensure extra paths 
The primary use case for extra perms is app-specific state directories, which may or may not exist (first run of any app).

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 14:07:49 +09:00
Ophestra
847b667489 app: extra acl entries from configuration 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 13:23:27 +09:00
Ophestra
0107620d8c app: merge share methods 
This significantly increases readability and makes order of ops more obvious.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 11:12:35 +09:00
Ophestra
1f173a469c system/dbus: fix inverted system bus state 
Debug message and socket cleanup gets missed due to this value being inverted.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 18:38:11 +09:00
Ophestra
f608f28a6a app: mount /dev/kvm in permissive defaults 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-22 12:37:24 +09:00
Ophestra
cb98baa19d fortify: clean up ps formatting code 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 20:34:40 +09:00
Ophestra
7a8b625a57 app: rename /fortify to /.fortify 
Also removed the inner share tmpfs mount.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 18:11:32 +09:00
Ophestra
74fe74e6b5 app: do not fail on missing cookie 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 17:56:21 +09:00
Ophestra
b9cc318314 system: implement Enablements String method 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-20 23:21:19 +09:00
Ophestra
ed10574dea state: store join util 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-20 19:05:39 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
eae3034260 state: expose aids and use instance id as key 
Fortify state store instances was specific to aids due to outdated design decisions carried over from the ego rewrite. That no longer makes sense in the current application, so the interface now enables a single store object to manage all transient state.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 21:36:17 +09:00