maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
1,099 Commits 1 Branch 12 Tags
56beae17fe7b208c144539821a3c34c395870372
Commit Graph

1099 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ophestra
1c692bfb79 container/init: call lockOSThread through dispatcher 
This degrades test performance if not stubbed out.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 22:24:14 +09:00
Ophestra
141a18999f container: move integration test helpers 
With the new instrumentation it is now possible to run init code outside integration tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 22:07:19 +09:00
Ophestra
afe23600d2 container/path: use syscall dispatcher 
This allows path and mount functions to be instrumented.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 22:02:21 +09:00
Ophestra
09d2844981 container/init: wrap syscall helper functions 
This allows tests to stub all kernel behaviour, enabling measurement of all function call arguments and error injection.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-22 19:27:31 +09:00
Ophestra
d500d6e559 system/dbus: share host net ns for abstract 
Host abstract unix sockets are only accessible when also in the init net ns.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-21 21:55:23 +09:00
Ophestra
5b73316ae0 container/syscall: doc comments from manpages 
These are pulled straight from the manpages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-21 00:33:46 +09:00
Ophestra
5d8a2199b6 container/init: op interface valid method 
Check ops early and eliminate duplicate checks.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-21 00:18:50 +09:00
Ophestra
a1482ecdd0 container/inittmpfs: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 20:17:28 +09:00
Ophestra
a07f9ed84c container/initsymlink: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 20:03:02 +09:00
Ophestra
51304b03af container/initremount: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:55:51 +09:00
Ophestra
c6397b941f container/initproc: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:29:45 +09:00
Ophestra
d65e5f817a container/initplace: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 19:19:27 +09:00
Ophestra
696e593898 container/initoverlay: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:33:15 +09:00
Ophestra
97ab24feef container/init: use absolute compare method 
More checks are also added.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:14:36 +09:00
Ophestra
31f0dd36df absolute: efficient equivalence check method 
This is more efficient and makes the call site cleaner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 17:06:38 +09:00
Ophestra
9aec2f46fe container/initdev: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:55:45 +09:00
Ophestra
022cc26b2e container/capability: check CAP_TO_INDEX and CAP_TO_MASK 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:45:00 +09:00
Ophestra
b4c018da8f container/autoetc: do not bypass absolute check 
This can now be done cleanly via path function wrappers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:37:11 +09:00
Ophestra
66f52407d3 container/initmkdir: check path equivalence by value 
Fixes regression introduced while integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:32:22 +09:00
Ophestra
e463faf649 container/initbind: check path equivalence by value 
Same problem as autoroot, never updated the checks after integrating Absolute.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:22:04 +09:00
Ophestra
375acb476d container/autoroot: check host path equivalence by value 
This will never return true otherwise unless the equivalent paths happen to be interned by the caller.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 02:14:39 +09:00
Ophestra
c81c9a9d75 container/init: split setup ops into individual files 
This significantly increases readability.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 01:28:31 +09:00
Ophestra
339e4080dc container/ops: move Op type to init file 
This helps with the eventual separation of all setup ops into individual files.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 01:11:24 +09:00
Ophestra
e0533aaa68 container/autoroot: filter dentry with empty name 
This is unreachable, but nice to have just in case.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 01:03:49 +09:00
Ophestra
13c7083bc0 container: ptrace protection via Yama LSM 
This is only a nice to have feature as the init process has no additional privileges and the monitor process was never reachable anyway.

Closes #4.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-20 00:43:55 +09:00
Ophestra
6947ff04e0 system/dbus/proc: host abstract only when not binding 
The test failure seems to be caused by an unrelated bug in xdg-dbus-proxy.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-19 23:39:14 +09:00
Ophestra
140fe21237 container/params: check setup/receive behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 22:30:34 +09:00
Ophestra
f52d2c7db6 container/path: check create and mountinfo helpers 
These can quite easily be checked within the framework. The scanner fault injection might require updating at some point if the implementation changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 21:30:28 +09:00
Ophestra
3c9e547c4a cmd/hpkg: add deprecation notice 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 17:00:27 +09:00
Ophestra
a3988c1a77 hst: rename net and abstract fields 
This makes more sense and matches the container library.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 16:48:01 +09:00
Clayton Gilmer
5db0714072 container: optionally isolate host abstract UNIX domain sockets via landlock 2025-08-18 16:28:14 +09:00
Ophestra
69a4ab8105 container: move PR_SET_NO_NEW_PRIVS to parent 
This allows some LSM setup in the parent.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 11:46:02 +09:00
Ophestra
22d577ab49 test/sandbox: do not discard stderr getting hash 
This is the first hakurei run in the test, if the container outright fails to start this is often where it happens, so throwing away the output is very unhelpful.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 11:36:13 +09:00
Ophestra
83a1c75f1a app: set up acl on X11 socket 
The socket is typically owned by the priv-user, and inaccessible by the target user, so just allowing access to the directory is not enough. This change fixes this oversight and add checks that will also be useful for merging security/hakurei#1.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 11:30:58 +09:00
Ophestra
0ac6e99818 container: start from locked thread 
This allows setup that relies on per-thread state like securebits and landlock, from the parent side.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 17:42:22 +09:00
Ophestra
f35733810e container: check output helper functions 
The container test suite has always been somewhat inadequate due to the inability of coverage tooling to reach into containers. This has become an excuse for not testing non-container code as well, which lead to the general lack of confidence when working with container code. This change aims to be one of many to address that to some extent.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 02:59:37 +09:00
Ophestra
9c1a5d43ba container: enforce nonrepeatable autoetc and autoroot 
These keep track of some internal state, and they don't make sense to have multiple instances of anyway, so instead of dealing with that, just make them nonrepetable.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 01:43:11 +09:00
Ophestra
8aa65f28c6 container: allow additional state between ops 
This is useful for ops that need to be aware of previous instances of themselves.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 01:32:07 +09:00
Ophestra
f9edec7e41 hst: merge miscellaneous files 
These structs were going to be bigger at some point. They turned out not to be.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-16 02:32:57 +09:00
Ophestra
305c600cf5 hst: move container type to config 
Container state initialisation is no longer implemented in hst so splitting them no longer makes sense.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-16 02:28:36 +09:00
Ophestra
8dd3e1ee5d hst/fs: rename method Target to Path 
This allows adapter structs to use the same field names as Op structs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-16 02:06:41 +09:00
Ophestra
4ffeec3004 hst/enablement: editor friendly enablement adaptor 
Having the bit field value here (in decimal, no less) is unfriendly to text editors. Use a bunch of booleans here to improve ease of use.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-15 05:16:51 +09:00
Ophestra
9ed3ba85ea hst/fs: implement overlay fstype 
This finally exposes overlay mounts in the high level hakurei API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-15 04:00:55 +09:00
Ophestra
4433c993fa nix: check config via hakurei 
This is unfortunately the only feasible way of doing this in nix.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-15 03:27:54 +09:00
Ophestra
430991c39b hst/fs: remove type method 
Having a method that returns the canonical string representation of its type seemed like a much better idea for an implementation that never made it to staging. Remove it here and clean up marshal type assertions.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-15 00:39:02 +09:00
Ophestra
ba3227bf15 container: export overlay escape 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 23:44:11 +09:00
Ophestra
0e543a58b3 hst/fs: valid method on underlying interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 21:36:22 +09:00
Ophestra
c989e7785a hst/info: include extra information 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 19:52:03 +09:00
Ophestra
332d90d6c7 container/path: remove unused path 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 05:00:09 +09:00
Ophestra
99ac96511b hst/fs: interface filesystem config 
This allows mount points to be represented by different underlying structs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 04:52:49 +09:00