maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,099 Commits 7 Branches 12 Tags
33c461aa6729b1fb8f0b337b68aa9ec35b22b46b
Commit Graph

214 Commits

Author SHA1 Message Date
cat b390640376 internal/landlock: relocate from package container 
This is not possible to use directly, so remove it from the public API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 23:56:45 +09:00
cat ad2c9f36cd container: unexport PR_SET_NO_NEW_PRIVS wrapper 
This is subtle to use correctly. It also does not make sense as part of the container API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-10 23:45:51 +09:00
cat 0558032c2d container: do not set static deadline 
This usually ends up in the buffer, or completes well before the deadline, however this can still timeout on a very slow system.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 17:00:20 +09:00
cat c61cdc505f internal/params: relocate from package container 
This does not make sense as part of the public API, so make it internal.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 16:37:44 +09:00
cat 062edb3487 container: remove setup pipe helper 
The API forces use of finalizer to close the read end of the setup pipe, which is no longer considered acceptable. Exporting this as part of package container also imposes unnecessary maintenance burden.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 16:05:33 +09:00
cat e4355279a1 all: optionally forbid degrading in tests 
This enables transparently degradable tests to be forced on in environments known to support them.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 15:22:52 +09:00
cat 289fdebead container: transparently degrade landlock in tests 
Explicitly requiring landlock in tests will be supported in a future change.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 15:03:48 +09:00
cat c758e762bd container: skip landlock on hostnet 
This overlaps with net namespace, so can be skipped without degrading security.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 14:36:44 +09:00
cat 9641805ec2 container/init: ignore finished process 
This is not considered an error, if the process finishes while the signal is being delivered.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-05 00:38:33 +09:00
cat 9e63633fbc container: remove test timeouts 
These timeouts are no longer useful, and causes spurious test failures under load.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-03 10:51:37 +09:00
cat a6600be34a all: use filepath 
This makes package check portable, and removes nonportable behaviour from package pkg, pipewire, and system. All other packages remain nonportable due to their nature. No latency increase was observed due to this change on amd64 and arm64 linux.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-30 18:24:53 +09:00
cat 584e302168 internal/netlink: set receive buffer size 
This is done by both systemd sd-device and AOSP ueventd to improve robustness. Rosa OS will still handle ENOBUFS via coldboot but a big buffer should mitigate this as well.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-30 02:14:47 +09:00
cat 50403e9d60 internal/netlink: wrap netpoll via context 
This removes netpoll boilerplate for the most common use case.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-25 15:39:29 +09:00
cat bac583f89e internal/stub: move from container 
This package solves a very specific stubbing use case, in a less than elegant manner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 16:09:14 +09:00
cat 722989c682 fhs: move from container 
This package is not container-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:56:36 +09:00
cat b852402f67 ext: move syscall wrappers from container 
These are generally useful, and none of them are container-specific. Syscalls subtle to use and requiring container-specific setup remains in container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:48:40 +09:00
cat 6d015a949e check: move from container 
This package is not container specific, and widely used across the project.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:39:03 +09:00
cat e9a72490db vfs: move from container 
This package is not container-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 15:30:30 +09:00
cat 0a12d456ce container: set CLOEXEC via close_range 
This is guarded behind the close_range build tag for now.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 14:19:00 +09:00
cat 1c2d5f6b57 ext: integer limit values 
For portably using C integers without cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 14:09:38 +09:00
cat faea1f4bd6 all: remove deprecated packages 
Closes #24.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:54:56 +09:00
cat cd5959fe5a ext: isolate from container/std 
These are too general to belong in the container package. This targets the v0.4 release to reduce the wrapper maintenance burden.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-17 13:39:26 +09:00
cat 08c35ca24f container: use new netlink implementation 
This is adapted from the container netlink implementation and is much more reusable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-16 23:33:52 +09:00
cat 196b200d0f container: expose priority and SCHED_OTHER policy 
The more explicit API removes the arbitrary limit preventing use of SCHED_OTHER (referred to as SCHED_NORMAL in the kernel). This change also exposes priority value to set.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 01:14:03 +09:00
cat 1e8ac5f68e container: use policy name in log message 
This is more helpful than having the user resolve the integer.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-11 20:20:34 +09:00
cat fd515badff container: move scheduler policy constants to std 
This avoids depending on cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-11 20:03:08 +09:00
cat 48cdf8bf85 go: 1.26 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-10 03:29:19 +09:00
cat 19a2737148 container: sched policy string representation 
This also uses priority obtained via sched_get_priority_min, and improves bounds checking.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-09 18:38:31 +09:00
cat ad8f799703 container/std: rename seccomp types 
Aliases will be kept until 0.4.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-28 20:48:30 +09:00
cat c74c269b66 container: use /proc/self/exe directly 
This is a more reliable form of pathname to self and also cheaper than os.Executable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-28 20:44:44 +09:00
cat cd9b534d6b container: improve documentation 
This change removes inconsistencies collected over time in this package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-28 20:18:30 +09:00
cat a6160cd410 container: set scheduling policy 
This is thread-directed so cannot be done externally. The glibc wrapper exposes this behaviour so most multithreaded programs using this is straight up incorrect.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-26 16:29:47 +09:00
cat 88d9a6163e container/initplace: return nil for createTemp error injection 
This matches os package behaviour, and avoids adding the cleanup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-17 14:16:54 +09:00
cat a3e87dd0ef container: ignore uninterpreted source 
These can be set to anything by the distribution.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:39:39 +09:00
cat 90a38c0708 container: strip host-dependent opts in test cases 
This change also improves plumbing for stripping options.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:35:20 +09:00
cat 39cc8caa93 container: add riscv64 constants 
This target is unlikely to become viable any time soon.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-08 19:03:47 +09:00
cat bf14a412e4 container: fix host-dependent test cases 
These are not fully controlled by hakurei and may change depending on host configuration.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-31 10:59:56 +09:00
cat dc96302111 internal/rosa: GNU make artifact 
This compiles GNU make from source. This is unfortunately required by many programs, but is a cure dependency only.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-19 00:40:25 +09:00
cat e1e46504a1 container/check: return error backed by string type 
The struct turned out not necessary during initial implementation but was not unwrapped into its single string field. This change replaces it with the underlying string and removes the indirection.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-11 04:23:55 +09:00
cat ec9343ebd6 container/check: intern absolute pathnames 
This improves performance in heavy users like internal/pkg.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-11 04:18:11 +09:00
cat 2494ede106 container/init: configure interface lo 
This enables loopback networking when owning the net namespace.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-01-11 03:36:20 +09:00
cat 3d720ada92 container: optionally allow orphan 
This is required for the typical daemonise use case.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-27 09:12:02 +09:00
cat fae910a1ad container: sync stubbed wait4 loop after notify 
This ensures consistent state observed by wait4 loop when running against stub.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-14 10:22:48 +09:00
cat a3fd05765e container: load initial process started before syscall 
This avoids a race between returning from syscall and checking the state.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-09 08:12:22 +09:00
cat e9fb1d7be5 container/initdaemon: copy wstatus from wait4 loop 
Due to the special nature of the init process, direct use of wait outside the wait4 loop is racy. This change copies the wstatus from wait4 loop state instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:58:42 +09:00
cat dafe9f8efc container: spin instead of block on wait4 ECHILD 
Blocking prevents further wait4 processing causing ops to never receive their signals.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:56:13 +09:00
cat 96dd7abd80 container: improve error message fallback 
This now falls back to message.Error if no other concrete type is matched.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:45:54 +09:00
cat 462863e290 container: friendlier error message for op timing out 
This includes the string for the failing op which helps with troubleshooting.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:19:03 +09:00
cat 791a1dfa55 container: make wait4 loop available to ops 
Due to the special nature of the init process, regular wait calls are unavailable. This change provides infrastructure to access wait4 loop state from Op.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 21:43:49 +09:00
cat 357cfcddee container: start daemons within container 
This is useful for daemons internal to the container. The only current use case is pipewire-pulse.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 07:21:04 +09:00