maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
664 Commits 1 Branch 12 Tags
5c4058d5ac7e7944973ca8216c258fc50c194e22
Commit Graph

30 Commits

Author SHA1 Message Date
Ophestra
5c4058d5ac app: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 01:52:49 +09:00
Ophestra
7c063833e0 internal/sys: wrap getuid/getgid 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 17:10:03 +09:00
Ophestra
ff30a5ab5d fst: remove empty file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-21 19:27:08 +09:00
Ophestra
c64b8163e7 app: separate instance from process state 
This works better for the implementation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-21 16:06:24 +09:00
Ophestra
3c80fd2b0f app: defer system.I revert 
Just returning an error after a successful call of commit will leave garbage behind with no way for the caller to clean them. This change ensures revert is always called after successful commit with at least per-process state enabled.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-19 21:12:11 +09:00
Ophestra
ef81828e0c app: remove share method 
This is yet another implementation detail from before system.I, getting rid of this vastly cuts down on redundant seal state.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-19 16:20:25 +09:00
Ophestra
648e1d641a app: separate interface from implementation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-18 23:07:28 +09:00
Ophestra
3c327084d3 fst: declare wrappers for sandbox config 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-18 23:04:13 +09:00
Ophestra
bf95127332 fst: move App interface declaration 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-18 22:36:45 +09:00
Ophestra
e0f321b2c4 sys: rename from linux 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-18 18:47:48 +09:00
Ophestra
90cb01b274 system: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-17 19:00:43 +09:00
Ophestra
e599b5583d fmsg: implement suspend in writer 
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 18:51:53 +09:00
Ophestra
cc1efa22e2 fst: add missing fields to template 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 12:09:25 +09:00
Ophestra
9a239fa1a5 helper/bwrap: integrate seccomp into helper interface 
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 01:52:57 +09:00
Ophestra
dfcdc5ce20 state: store config in separate gob stream 
This enables early serialisation of config.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-21 12:10:58 +09:00
Ophestra
27f5922d5c fst: include syscall filter configuration 
This value is passed through to shim.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-20 21:12:39 +09:00
Ophestra
562f5ed797 fst: hide sockets exposed via Filesystem 
This is mostly useful for permissive defaults.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 10:13:18 +09:00
Ophestra
db03565614 fst: move sandbox struct to separate file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 09:42:44 +09:00
Ophestra
a1148edd00 fst/config: allocate filesystem slice 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-04 00:16:41 +09:00
Ophestra
35b7142317 fortify: show system info when instance is not specified 
This contains useful information not obtainable by external tools.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-01 19:35:50 +09:00
Ophestra
b9e2003d5b app: ensure extra paths 
The primary use case for extra perms is app-specific state directories, which may or may not exist (first run of any app).

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 14:07:49 +09:00
Ophestra
847b667489 app: extra acl entries from configuration 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 13:23:27 +09:00
Ophestra
85e5b097fd fst/config: add template etc entry 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 12:05:32 +09:00
Ophestra
fc26659ea1 fst/config: autoetc read custom path 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 18:57:44 +09:00
Ophestra
2fdbd6a4dd fst/config: alternative /etc directory 
This is useful for static /etc directories provided by self-contained application packages, or in cases where autoetc is useful for paths other than /etc.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 18:06:26 +09:00
Ophestra
c67b8ab9ac fst/config: improve correctness of comments 
The meanings of many of these fields have changed since they were added.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 00:45:29 +09:00
Ophestra
7a8b625a57 app: rename /fortify to /.fortify 
Also removed the inner share tmpfs mount.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-21 18:11:32 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
5ea7333431 fst: implement app id parser 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 18:19:47 +09:00
Ophestra Umiker
2f676c9d6e fst: rename from fipc 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 15:50:46 +09:00