maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
1,052 Commits 1 Branch 12 Tags
36f312b3ba45f1bec6341b4f66a1f2e89971bc51
Commit Graph

15 Commits

Author SHA1 Message Date
Ophestra
36f312b3ba internal/app/spcontainer: resolve path through dispatcher 
This prevents state from os tainting the test data.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-11 20:20:41 +09:00
Ophestra
f5a597c406 hst: rename /.hakurei constant 
This provides disambiguation from fhs.AbsTmp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-11 14:32:35 +09:00
Ophestra
f6dd9dab6a internal/app: hold path hiding in op 
This makes no sense to be part of the global state.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 19:56:30 +09:00
Ophestra
776650af01 hst/config: negative WaitDelay bypasses default 
This behaviour might be useful, so do not lock it out. This change also fixes an oversight where the unchecked value is used to determine ForwardCancel.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 05:11:32 +09:00
Ophestra
4246256d78 internal/app: hold config address in state 
This can be removed eventually as it is barely used.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 01:21:01 +09:00
Ophestra
87b5c30ef6 message: relocate from container 
This package is quite useful. This change allows it to be imported without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-09 05:18:19 +09:00
Ophestra
e5baaf416f internal/app: check transmitted ops 
This simulates params to shim and this is the last step before params to shim is merged.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-08 20:02:09 +09:00
Ophestra
12ab7ea3b4 hst/fs: access ops through interface 
This removes the final hakurei.app/container import from hst.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 23:59:48 +09:00
Ophestra
584ce3da68 container/bits: move bind bits 
This allows referring to the bits without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 21:38:31 +09:00
Ophestra
5d18af0007 container/fhs: move pathname constants 
This allows referencing FHS pathnames without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 21:29:16 +09:00
Ophestra
0e6c1a5026 container/check: move absolute pathname 
This allows use of absolute pathname values without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 20:57:58 +09:00
Ophestra
3ce63e95d7 container: move seccomp preset bits 
This allows holding the bits without cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 18:28:20 +09:00
Ophestra
9e48d7f562 hst/config: move container fields from toplevel 
This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 04:24:45 +09:00
Ophestra
f280994957 internal/app: check nscd socket for path hiding 
This can seriously break things, and exposes extra host attack surface, so include it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 20:47:30 +09:00
Ophestra
eb5ee4fece internal/app: modularise outcome finalise 
This is the initial effort of splitting up host and container side of finalisation for params to shim. The new layout also enables much finer grained unit testing of each step, as well as partition access to per-app state for each step.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 02:52:50 +09:00