hakurei

Author	SHA1	Message	Date
cat	b651d95e77	workflows: do not duplicate on pulls This condition causes two runs to be created on a pull, as gitea does not check whether a run has already been created for the current commit. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-19 06:59:32 +09:00
cat	aab92ce3c1	internal/wayland: clean up pathname socket This is cleaner than cleaning up in internal/system as it covers the failure paths. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-19 06:37:04 +09:00
cat	a495e09a8f	internal/wayland: do not double close fd These are already closed during securityContextBindPipe on a non-nil error. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-17 22:03:29 +09:00
cat	3afca2bd5b	internal/wayland: expose WAYLAND_VERSION This might be useful troubleshooting information. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-17 01:46:01 +09:00
cat	b73a789dfe	.clang-format: increase indent width This significantly increases readability. This patch is pretty big so it is being done after mostly everything has settled. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-16 20:57:29 +09:00
cat	38b5ff0cec	internal/wayland: check pathname size This avoids passing a truncated pathname to the kernel. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-16 03:34:05 +09:00
cat	3c204b9b40	internal/wayland: increase error detail This includes targeted paths in the returned errors. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-16 02:09:50 +09:00
cat	00771efeb4	internal/wayland: remove fd typecasts These are no longer necessary since RawConn is no longer used. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-16 01:45:37 +09:00
cat	61972d61f6	internal/wayland: reimplement connect/bind code The old implementation is relocated to system/wayland/deprecated.go. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-16 01:23:16 +09:00
cat	fe40af7b7e	internal/wayland: relocate connection struct This interface is getting replaced, so relocating it to the deprecated wrapper package before working on its replacement. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-15 23:25:46 +09:00
cat	12751932d1	internal/wayland: improve error handling Note: wl_registry_add_listener is undocumented everywhere. Its implementation calls wl_proxy_add_listener which returns 0 on success or -1 on failure. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-15 21:26:31 +09:00
cat	41b49137a8	.clang-format: do not limit line length This hard limit destroys readability in some places. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-15 17:06:43 +09:00
cat	c761e1de4d	nix: build with clang Clang is better than gcc in various ways. This also pulls in clang-format which is very helpful. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-15 16:36:36 +09:00
cat	a91920310d	internal: relocate packages Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-15 13:58:34 +09:00
cat	16e674782a	cmd/hakurei: reorder show entries This order semantically makes more sense and generally looks tidier. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 22:14:49 +09:00
cat	47244daefb	treewide: migrate ldd callers This discontinues use of the deprecated ldd.Exec function for #25. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 21:59:59 +09:00
cat	46fa104419	ldd: require absolute pathname The sandbox which ldd(1) runs in does not inherit parent work directory, so relative pathnames will not work correctly. While it is trivial to support such a use case, the use of relative pathnames is highly error-prone and generally frowned against in this project. The Exec function remains available under the same signature until v0.4.0 where it will be removed. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 21:53:10 +09:00
cat	45953b3d9c	ldd: cancel on decoder error This prevents blocking from failures caused by ldd(1) emitting output that is not anticipated by the decoder. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 21:43:34 +09:00
cat	42759e7a9f	ldd: create musl entry representation This mostly helps with debugging. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 21:38:35 +09:00
cat	8e2d2c8246	ldd: check decoder scan guard This was unreachable via the Parse wrapper. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 18:32:47 +09:00
cat	299685775a	container: provide usage example This requires cgo so unfortunately will not run in the playground. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 18:25:22 +09:00
cat	b7406cc4c4	ldd: update package doc comment This should hopefully deter misuse of this package. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 17:49:01 +09:00
cat	690a0ed0d6	ldd: decode from reader This should reduce memory footprint of the parsing process and allow decoding part of the stream. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 08:33:19 +09:00
cat	a9d72a5eb1	internal/outcome: rename run from main The "main.go" name is quite confusing as this is often only present in main packages. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 01:06:14 +09:00
cat	6d14bb814f	container/fhs: add constant for /dev/shm/ This is mounted for the default read-only /dev/ when programs want to use shm_open(3). Defining it here is less error-prone and saves the extra append at runtime. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 01:03:26 +09:00
cat	be0e387ab0	internal/info: relocate from internal This is cleaner and makes more sense. The longer LDFLAGS was never a valid concern since it is always inserted by a script. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-13 07:29:46 +09:00
cat	abeb67964f	treewide: document linkname uses These provide justification for each use of linkname. Poorly thought out uses of linkname are removed. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-13 07:14:16 +09:00
cat	bf5d10743f	treewide: import internal/system For #24. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-13 01:22:47 +09:00
cat	4e7aab07d5	internal/system: relocate from system These packages are highly specific to hakurei and are difficult to use safely from other pieces of code. Their exported symbols are made available until v0.4.0 where they will be removed for #24. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-13 01:17:47 +09:00
cat	15a66a2b31	treewide: import internal/helper For #24. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-12 23:19:34 +09:00
cat	f347d44c22	internal/helper: relocate from helper This package is ugly and is pending removal only kept alive by xdg-dbus-proxy. Its exported symbols are made available until v0.4.0 where it will be removed for #24. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-12 23:16:13 +09:00
cat	b5630f6883	test: move package sandbox internal This should never be used outside vm tests. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-12 23:03:22 +09:00
cat	17ffdb2dcf	release: 0.3.1 Signed-off-by: Ophestra <cat@gensokyo.uk> v0.3.1	2025-11-12 00:53:14 +09:00
cat	ac34635890	container: set FD_CLOEXEC on all open files While fd created from this side always has the FD_CLOEXEC flag, the same is not true for files left open by the parent. This change prevents those files from leaking into the container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-12 00:18:29 +09:00
cat	9dec9dbc4b	container/init: close setup pipe early This prevents leaking the setup pipe. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-11 07:31:58 +09:00
cat	2f74adc8bd	container/init: close initial process files on termination This closes them during the adopt wait delay. This also keeps them alive. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-10 20:35:59 +09:00
cat	d7e0104ae4	treewide: reject impossible user-supplied fd These are all trusted user input, however this check reduces the likelihood of hard to debug errors. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-10 20:31:26 +09:00
cat	bb92e3ada9	cmd/hakurei: expose current instance identifier This writes the 16-byte instance identifier to file descriptor specified by --identifier-fd if set, and closes the file. This enables safely obtaining the new instance's identifier. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-10 07:52:35 +09:00
cat	fad419c2a2	internal/outcome: handle group lookup message This results in slightly less messy error reporting. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-09 02:15:48 +09:00
cat	b1a1e73238	nix: update names to reflect new terminology These are terminology from way early days. Update them now to be less confusing. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-09 01:48:31 +09:00
cat	38e9128a8c	container/std/seccomp: remove ineffectual typecast This is no longer necessary since the return type changed. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-07 05:45:51 +09:00
cat	7ee702a44e	container/seccomp/presets: add fields to literals This keeps composites analysis happy. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-07 05:11:57 +09:00
cat	3d188ef884	std: separate seccomp constants This avoids inadvertently using PNRs as syscall numbers. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-07 04:30:06 +09:00
cat	34ccda84b2	release: 0.3.0 Signed-off-by: Ophestra <cat@gensokyo.uk> v0.3.0	2025-11-06 01:37:15 +09:00
cat	042013bb04	container/std: syscall JSON adapter This provides cross-platform JSON adapter for syscall number. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-06 00:57:53 +09:00
cat	5c2b63a7f1	container: add 386 constants While it is unlikely a use case for hakurei on i686 exists, it does not hurt to have this support. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-05 20:21:14 +09:00
cat	9fd97e71d0	treewide: fit test untyped int literals in 32-bit This enables hakurei test suite to run on 32-bit targets. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-05 20:13:19 +09:00
cat	fba201c995	container/std: relocate rule types This enables its use in hst for #15. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-05 06:00:39 +09:00
cat	7f27a6dc51	container/seccomp: use native types This prepares NativeRule for relocation to std for #15. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-05 05:48:59 +09:00
cat	b65aba9446	container/seccomp: alias libseccomp types This enables tests to refer to these types and check its size. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-05 05:21:43 +09:00

... 8 9 10 11 12 ...

1663 Commits