maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
1,195 Commits 1 Branch 12 Tags
42759e7a9f4e6c45d2e043a404e444160e6cddba
Commit Graph

47 Commits

Author SHA1 Message Date
Ophestra
42759e7a9f ldd: create musl entry representation 
This mostly helps with debugging.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 21:38:35 +09:00
Ophestra
8e2d2c8246 ldd: check decoder scan guard 
This was unreachable via the Parse wrapper.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 18:32:47 +09:00
Ophestra
b7406cc4c4 ldd: update package doc comment 
This should hopefully deter misuse of this package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 17:49:01 +09:00
Ophestra
690a0ed0d6 ldd: decode from reader 
This should reduce memory footprint of the parsing process and allow decoding part of the stream.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 08:33:19 +09:00
Ophestra
c1399f5030 std: rename from comp 
Seccomp lookup tables are going to be relocated here, and PNR constants.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 02:47:43 +09:00
Ophestra
e94acc424c container/comp: rename from bits 
This package will also hold syscall lookup tables for seccomp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-21 20:54:03 +09:00
Ophestra
67ec82ae1b ldd/exec: raise timeout 
This mostly helps with tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-18 18:03:09 +09:00
Ophestra
7638a44fa6 treewide: parallel tests 
Most tests already had no global state, however parallel was never enabled. This change enables it for all applicable tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-13 04:38:48 +09:00
Ophestra
87b5c30ef6 message: relocate from container 
This package is quite useful. This change allows it to be imported without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-09 05:18:19 +09:00
Ophestra
5d18af0007 container/fhs: move pathname constants 
This allows referencing FHS pathnames without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 21:29:16 +09:00
Ophestra
0e6c1a5026 container/check: move absolute pathname 
This allows use of absolute pathname values without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 20:57:58 +09:00
Ophestra
3ce63e95d7 container: move seccomp preset bits 
This allows holding the bits without cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 18:28:20 +09:00
Ophestra
46cd3a28c8 container: remove global msg 
This frees all container instances of side effects.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 06:11:47 +09:00
Ophestra
e99d7affb0 container: use absolute for pathname 
This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-11 04:56:42 +09:00
Ophestra
41ac2be965 container/absolute: wrap safe stdlib functions 
These functions do not change the absoluteness of a pathname.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-10 03:11:10 +09:00
Ophestra
02271583fb container: remove PATH lookup behaviour 
This is way higher level than the container package and does not even work unless every path is mounted in the exact same location.

This behaviour causes nothing but confusion and problems,

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 19:08:54 +09:00
Ophestra
c6be82bcf9 container/path: fhs path constants 
This increases readability since this can help disambiguate absolute paths from similarly named path segments.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 21:16:45 +09:00
Ophestra
7b416d47dc container/ops: merge mqueue and dev Ops 
There is no reason to mount mqueue anywhere else, and these Ops usually follow each other. This change merges them. This helps decrease IPC overhead and also enables mounting dev readonly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 19:13:46 +09:00
Ophestra
e71ae3b8c5 container: remove custom cmd initialisation 
This part of the interface is very unintuitive and only used for testing, even in testing it is inelegant and can be done better.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-25 00:45:10 +09:00
Ophestra
d2f9a9b83b treewide: migrate to hakurei.app 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-03 03:30:39 +09:00
Ophestra
1b5ecd9eaf container: move out of toplevel 
This allows slightly easier use of the vanity url. This also provides some disambiguation between low level containers and hakurei app containers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-03 02:59:43 +09:00
Ophestra
eec021cc4b hakurei: move container helpers toplevel 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 21:31:29 +09:00
Ophestra
a1d98823f8 hakurei: move container toplevel 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 21:23:55 +09:00
Ophestra
31aef905fa sandbox: expose seccomp interface 
There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 04:47:13 +09:00
Ophestra
87e008d56d treewide: rename to hakurei 
Fortify makes little sense for a container tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 04:57:41 +09:00
Ophestra
24618ab9a1 sandbox: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:55:36 +09:00
Ophestra
bc54db54d2 ldd: always copy stderr 
Dropping the buffer on success is unhelpful and could hide some useful information.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 00:08:00 +09:00
Ophestra
bf07b7cd9e ldd: mount /proc in container 
This covers host /proc.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 00:01:03 +09:00
Ophestra
48feca800f sandbox: check command function pointer 
Setting default CommandContext on initialisation is somewhat of a footgun.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 23:29:14 +09:00
Ophestra
273d97af85 ldd: lib paths resolve function 
This is what always happens right after a ldd call, so implement it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 01:20:09 +09:00
Ophestra
4bb5d9780f ldd: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 17:55:55 +09:00
Ophestra
d22145a392 ldd: handle musl static behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-12 23:29:43 +09:00
Ophestra
39dc8e7bd8 dbus: set process group id 
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 18:12:41 +09:00
Ophestra
dccb366608 ldd: handle behaviour on static executable 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 18:02:33 +09:00
Ophestra
83c8f0488b ldd: pass absolute path to bwrap 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 17:46:22 +09:00
Ophestra
fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
Ophestra
5a64cdaf4f ldd: enable syscall filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 02:00:49 +09:00
Ophestra
9a239fa1a5 helper/bwrap: integrate seccomp into helper interface 
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 01:52:57 +09:00
Ophestra
2f70506865 helper/bwrap: move sync to helper state 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-19 18:38:13 +09:00
Ophestra
b956ce4052 ldd: trim leading and trailing white spaces from name 
Glibc emits ldd output with \t prefix for formatting. Remove that here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:53:01 +09:00
Ophestra
ade57c39af ldd: add fhs glibc test case 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:33:02 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
4b7b899bb3 add package doc comments 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-28 20:57:59 +09:00
Ophestra Umiker
65af1684e3 migrate to git.ophivana.moe/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-20 19:50:13 +09:00
Ophestra Umiker
73a698c7cb ldd: run ldd with read-only filesystem and unshared net 
This is only called on trusted programs, however extra hardening is never a bad idea.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-17 15:37:27 +09:00
Ophestra Umiker
d41b9d2d9c ldd: separate Parse from Exec and trim space 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 23:51:15 +09:00
Ophestra Umiker
6232291cae ldd: implement strict ldd output parser 
Fortify needs to internally resolve helper program sandbox config. They are considered trusted and runs under the privileged UID so ldd output is used to determine libraries they need inside the sandbox environment.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 20:39:27 +09:00