maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
1,821 Commits 7 Branches 12 Tags
52a4e5b87d7bccd3bd43b6e1c64af8e573c86b37
Commit Graph

188 Commits

Author SHA1 Message Date
cat cedfceded5 container/autoroot: remove prefix field 
This field has been a noop for a long time. Remove it to prevent further confusion.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 03:39:20 +09:00
cat 33d2dcce1b container/initoverlay: internal bypass sysroot prefix 
This is for supporting overlay mounts for autoroot.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 02:42:22 +09:00
cat 2baa2d7063 container/init: measure init behaviour 
This used to be entirely done via integration tests, with almost no hope of error injection and coverage profile. These tests significantly increase confidence of future work in this area.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-24 04:52:32 +09:00
cat 0166833431 container/dispatcher: start goroutine in dispatcher 
This allows instrumentation of calls from goroutine without relying on finalizers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-23 21:58:40 +09:00
cat b3da3da525 container/init: avoid multiple lastcap calls 
This reduces the size of []kexpect in the test suite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-23 11:09:11 +09:00
cat 1b3902df78 container/dispatcher: instrument each goroutine individually 
Scheduler nondeterminism cannot be accounted for, so do this instead.

There should not be any performance penalty as these calls are optimised out for direct.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-23 11:07:16 +09:00
cat ea1e3ebae9 container/params: pass fd instead of file 
The file is very difficult to stub. Pass fd instead as it is the value that is actually useful.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-23 00:16:46 +09:00
cat 1c692bfb79 container/init: call lockOSThread through dispatcher 
This degrades test performance if not stubbed out.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 22:24:14 +09:00
cat 141a18999f container: move integration test helpers 
With the new instrumentation it is now possible to run init code outside integration tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 22:07:19 +09:00
cat afe23600d2 container/path: use syscall dispatcher 
This allows path and mount functions to be instrumented.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 22:02:21 +09:00
cat 09d2844981 container/init: wrap syscall helper functions 
This allows tests to stub all kernel behaviour, enabling measurement of all function call arguments and error injection.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 19:27:31 +09:00
cat 5b73316ae0 container/syscall: doc comments from manpages 
These are pulled straight from the manpages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-21 00:33:46 +09:00
cat 5d8a2199b6 container/init: op interface valid method 
Check ops early and eliminate duplicate checks.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-21 00:18:50 +09:00
cat a1482ecdd0 container/inittmpfs: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 20:17:28 +09:00
cat a07f9ed84c container/initsymlink: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 20:03:02 +09:00
cat 51304b03af container/initremount: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:55:51 +09:00
cat c6397b941f container/initproc: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:29:45 +09:00
cat d65e5f817a container/initplace: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:19:27 +09:00
cat 696e593898 container/initoverlay: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:33:15 +09:00
cat 97ab24feef container/init: use absolute compare method 
More checks are also added.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:14:36 +09:00
cat 31f0dd36df absolute: efficient equivalence check method 
This is more efficient and makes the call site cleaner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:06:38 +09:00
cat 9aec2f46fe container/initdev: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:55:45 +09:00
cat 022cc26b2e container/capability: check CAP_TO_INDEX and CAP_TO_MASK 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:45:00 +09:00
cat b4c018da8f container/autoetc: do not bypass absolute check 
This can now be done cleanly via path function wrappers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:37:11 +09:00
cat 66f52407d3 container/initmkdir: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:32:22 +09:00
cat e463faf649 container/initbind: check path equivalence by value 
Same problem as autoroot, never updated the checks after integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:22:04 +09:00
cat 375acb476d container/autoroot: check host path equivalence by value 
This will never return true otherwise unless the equivalent paths happen to be interned by the caller.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:14:39 +09:00
cat c81c9a9d75 container/init: split setup ops into individual files 
This significantly increases readability.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 01:28:31 +09:00
cat 339e4080dc container/ops: move Op type to init file 
This helps with the eventual separation of all setup ops into individual files.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 01:11:24 +09:00
cat e0533aaa68 container/autoroot: filter dentry with empty name 
This is unreachable, but nice to have just in case.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 01:03:49 +09:00
cat 13c7083bc0 container: ptrace protection via Yama LSM 
This is only a nice to have feature as the init process has no additional privileges and the monitor process was never reachable anyway.

Closes #4.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 00:43:55 +09:00
cat 140fe21237 container/params: check setup/receive behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 22:30:34 +09:00
cat f52d2c7db6 container/path: check create and mountinfo helpers 
These can quite easily be checked within the framework. The scanner fault injection might require updating at some point if the implementation changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 21:30:28 +09:00
netadr 5db0714072 container: optionally isolate host abstract UNIX domain sockets via landlock 2025-08-18 16:28:14 +09:00
cat 69a4ab8105 container: move PR_SET_NO_NEW_PRIVS to parent 
This allows some LSM setup in the parent.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 11:46:02 +09:00
cat 0ac6e99818 container: start from locked thread 
This allows setup that relies on per-thread state like securebits and landlock, from the parent side.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 17:42:22 +09:00
cat f35733810e container: check output helper functions 
The container test suite has always been somewhat inadequate due to the inability of coverage tooling to reach into containers. This has become an excuse for not testing non-container code as well, which lead to the general lack of confidence when working with container code. This change aims to be one of many to address that to some extent.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 02:59:37 +09:00
cat 9c1a5d43ba container: enforce nonrepeatable autoetc and autoroot 
These keep track of some internal state, and they don't make sense to have multiple instances of anyway, so instead of dealing with that, just make them nonrepetable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 01:43:11 +09:00
cat 8aa65f28c6 container: allow additional state between ops 
This is useful for ops that need to be aware of previous instances of themselves.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 01:32:07 +09:00
cat ba3227bf15 container: export overlay escape 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 23:44:11 +09:00
cat 332d90d6c7 container/path: remove unused path 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 05:00:09 +09:00
cat e99d7affb0 container: use absolute for pathname 
This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-11 04:56:42 +09:00
cat 41ac2be965 container/absolute: wrap safe stdlib functions 
These functions do not change the absoluteness of a pathname.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-10 03:11:10 +09:00
cat 02271583fb container: remove PATH lookup behaviour 
This is way higher level than the container package and does not even work unless every path is mounted in the exact same location.

This behaviour causes nothing but confusion and problems,

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 19:08:54 +09:00
cat ef54b2cd08 container/absolute: early absolute pathname check 
This is less error-prone, and allows pathname to be checked once.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 18:53:46 +09:00
cat 82608164f6 container/params: remove confusingly named error 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 17:37:46 +09:00
cat edd6f2cfa9 container: document ambient capabilities 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 02:11:55 +09:00
cat acffa76812 container/ops: implement overlay op 
There are significant limitations to using the overlay mount, and the implementation in the kernel is quite quirky. For now the Op is quite robust, however a higher level interface for it has not been decided yet.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 01:54:48 +09:00
cat 8da76483e6 container/path: fix typo "paths" 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 01:32:48 +09:00
cat 534c932906 container: test case runtime initialisation 
This allows for more sophisticated test setup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-08 01:03:35 +09:00