maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
477 Commits 1 Branch 12 Tags
60c10c3f4ae9b3093e75a22d03d6a1d0862a2f25
Commit Graph

477 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ophestra
60c10c3f4a nix: run integration tests with race detector 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 20:58:08 +09:00
Ophestra
468696f611 internal: beforeExit before reachable fatal calls 
These are the only two calls to log.Fatal* reachable during suspended output. Call fmsg.BeforeExit here to catch that.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 19:03:34 +09:00
Ophestra
29c38caac8 app/shim/manager: return error on bad fsu path 
This results in a graceful failure that does not leave garbage behind.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 18:59:45 +09:00
Ophestra
e599b5583d fmsg: implement suspend in writer 
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 18:51:53 +09:00
Ophestra
33a4ab11c2 internal: move shim and init into app 
This structure makes more sense, as both processes are part of an app's lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 16:28:46 +09:00
Ophestra
1fa5e992e4 helper/bwrap: expose address of DataConfig 
This allows the caller to defer fulfilling its payload.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 12:33:59 +09:00
Ophestra
c667b13a00 system: separate link Op implementation 
This Op would still be useful after replacing the Tmpfiles interface, so isolate it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 12:15:26 +09:00
Ophestra
90b86a5531 release: 0.2.14 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 23:05:02 +09:00
Ophestra
f545e154f0 workflows: use native nix runner 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 22:58:04 +09:00
Ophestra
268a90f1a5 app: improve WAYLAND_DISPLAY correctness 
This now has identical behaviour as wayland C library.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 14:45:09 +09:00
Ophestra
3054527ca5 fortify: prevent exit status 0 on app failure 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 14:40:19 +09:00
Ophestra
ddb2f9c11b app: remove wayland socket hard link 
This Op was not doing anything useful.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 10:54:00 +09:00
Ophestra
6ae02e72fa nix: test direct_wayland behaviour 
This should never be used outside tests unless you absolutely know what you're doing or are using GNOME.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 10:45:27 +09:00
Ophestra
989fb5395f nix: remove unused configuration 
User setup no longer depends on userdb.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 10:10:42 +09:00
Ophestra
f955b15b84 system: remove write mode tmpfiles 
This interface is ugly and bug-prone. This change removes its write mode which has been obsoleted by CopyBind.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:22:20 +09:00
Ophestra
0340c67995 app: port passwd and group files to copy 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:19:06 +09:00
Ophestra
72b0160aad helper/bwrap: implement file copy flags 
These are significantly more efficient and less error-prone than mounting an external tmpfile. This should also reduce attack surface as the resulting files are private to its specific sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:13:15 +09:00
Ophestra
ea8d1c07df priv/shim: move /sbin/init setup to app 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:06:10 +09:00
Ophestra
a0062d8275 fmsg: resume on exit 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 02:22:09 +09:00
Ophestra
43d2e4f5d7 nix: sway increase resolution 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 02:21:24 +09:00
Ophestra
be7d944b39 helper/bwrap: PositionalArg implement fmt.Stringer 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 00:11:48 +09:00
Ophestra
ace97952cc helper/bwrap: merge Args and FDArgs 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:13:06 +09:00
Ophestra
73146ea7fa dbus: remove BwrapStatic method 
This method does not do anything and is not called from anywhere. It also does not make any sense as a public interface since the argument builder is no longer stateless.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:09:59 +09:00
Ophestra
88040504b2 helper/bwrap: remove fmsg import 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:05:00 +09:00
Ophestra
1fd571d561 cmd/fsu: check parse behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 16:43:55 +09:00
Ophestra
be30e2f11e cmd/fsu: revert offset in error message 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 15:31:39 +09:00
Ophestra
aaebb8f3ab fortify: check print behaviour 
These output are supposed to be deterministic, so checking them is a good way to catch regressions.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 14:44:28 +09:00
Ophestra
1f74b636d3 state/join: use Join method when available 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 14:11:02 +09:00
Ophestra
e431ab3c24 app: check username length against LOGIN_NAME_MAX 
This limit is arbitrary, but it's good to enforce it anyway.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 12:44:55 +09:00
Ophestra
3fba33687b fortify: print line after ps output 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 12:23:20 +09:00
Ophestra
820f48ef94 release: 0.2.13 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:45:54 +09:00
Ophestra
fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
Ophestra
60c2873750 helper/proc: cancel ec on parent ctx 
This allows errors written during a timeout to be received and handled.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:08:28 +09:00
Ophestra
d1d20c06fb helper/seccomp: use sync.Once for closeWrite 
This makes the code much cleaner, and eliminates the intermittent ErrInvalid errors.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:49:16 +09:00
Ophestra
1e6a059668 helper/seccomp: benchmark exporter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:37:51 +09:00
Ophestra
318df0f7e1 nix: test syscall filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:01:16 +09:00
Ophestra
58eb8f971d proc/pipe: implement args and stat file 
This is a generic implementation of helper/pipe.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 19:57:24 +09:00
Ophestra
0a1d7c01cd helper/proc: count dispatched errs 
This helps debug implementation errors of [proc.File].

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 19:55:37 +09:00
Ophestra
60ca1c6c55 helper/proc: store file addresses in linked list 
Storing extra files as a slice requires the caller to allocate a large enough slice before initialising any file and never grow the slice.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 17:42:12 +09:00
Ophestra
099da78af5 helper/seccomp: eliminate data race on pfd 
Turns out the doc comment on os.File was lying about its methods being safe for concurrent use. The race detector picked up a data race from concurrent use of Fd and Close.

This change eliminates that by calling Fd in the prepare routine.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 10:40:51 +09:00
Ophestra
18466cfd02 helper/proc: declare generic extra files interface 
Helpers use extra files for various purposes. This provides a generic interface for implementing the fulfillment of these extra files without having to specifically handle them in the process creation code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-11 16:34:47 +09:00
Ophestra
e14923ae53 helper/proc: move package out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-08 13:03:45 +09:00
Ophestra
7aff3ead3a nix: vm test remove unnecessary setup 
This step is no longer required as the NixOS module is responsible for home directory creation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 22:29:56 +09:00
Ophestra
72fb13dccc dbus: lock for read in public args interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:42:29 +09:00
Ophestra
a48386bd56 system/dbus: dump messages on early fault 
In the current app implementation this gets dumped in the wait method after resuming output. Wait is never called in an early fault condition, so any error messages get lost.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:20:56 +09:00
Ophestra
2e52191404 system/dbus: dump method prints msgbuf 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:16:54 +09:00
Ophestra
568d7758d5 helper/seccomp: panic on invalid closeWrite use 
Returning an error here puts exporter in an invalid state. The caller should guard against this condition instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 12:58:20 +09:00
Ophestra
5b7b3fa9a4 helper/seccomp: implement reader interface via pipe 
This also does not require the libc tmpfile call.

BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-03 19:43:03 +09:00
Ophestra
d58fb8c6ee workflows: fix nix store cache 
Prefix does not seem to match correctly, this appears to be a Gitea implementation bug.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-01 21:16:13 +09:00
Ophestra
5808fe61c3 nix: vm test set sway background 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 22:28:04 +09:00