hakurei

Author	SHA1	Message	Date
cat	972f4006f0	treewide: switch to hakurei.app Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-26 04:01:02 +09:00
cat	aa454b158f	cmd/planterette: remove hsu special case Remove special case and invoke hakurei out of process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 20:50:24 +09:00
cat	87e008d56d	treewide: rename to hakurei Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 04:57:41 +09:00
cat	717771ae80	app: share runtime dir This allows apps with the same identity to access the same runtime dir. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-08 03:24:48 +09:00
cat	15011c4173	app/instance/common: optimise ops allocation Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-13 03:49:07 +09:00
cat	31b7ddd122	fst: improve config The config struct more or less "grew" to what it is today. This change moves things around to make more sense and fixes nonsensical comments describing obsolete behaviour. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-13 03:30:19 +09:00
cat	6309469e93	app/instance: wrap internal implementation This reduces the scope of the fst package, which was growing questionably large. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-12 13:56:41 +09:00
cat	0d7c1a9a43	app: rename app implementation package Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-12 10:54:24 +09:00
cat	9967909460	sandbox: relative autoetc links This allows nested containers to use autoetc, and increases compatibility with other implementations. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 18:54:00 +09:00
cat	c806f43881	sandbox: implement autoetc as setup op This significantly reduces setup op count and the readdir call now happens in the context of the init process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-10 18:54:25 +09:00
cat	584405f7cc	sandbox/seccomp: rename flag type and constants The names are ambiguous. Rename them to make more sense. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-08 01:59:45 +09:00
cat	74ba183256	app: install seccomp filter to shim This does not necessarily reduce attack surface but does not affect functionality or introduce any side effects, so is nice to have. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-07 04:13:08 +09:00
cat	e9a7cd526f	app: improve shim process management This ensures a signal gets delivered to the process instead of relying on parent death behaviour. SIGCONT was chosen as it is the only signal an unprivileged process is allowed to send to processes with different credentials. A custom signal handler is installed because the Go runtime does not expose signal information other than which signal was received, and shim must check pid to ensure reasonable behaviour. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-07 03:55:17 +09:00
cat	022242a84a	app: wayland socket in process share Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-01 00:53:04 +09:00
cat	8aeb06f53c	app: share path setup on demand This removes the unnecessary creation and destruction of share paths when none of the enablements making use of them are set. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-01 00:47:32 +09:00
cat	4036da3b5c	fst: optional configured shell path Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-31 21:27:31 +09:00
cat	a102178019	sys: update doc comment Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 22:43:17 +09:00
cat	e400862a12	state/multi: fix backend cache population race This race is never able to happen since no caller concurrently requests the same aid yet. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 22:37:08 +09:00
cat	605d018be2	app/seal: check for '=' in envv Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 18:25:23 +09:00
cat	300571af47	app: pass through $SHELL Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 01:22:40 +09:00
cat	2dd49c437c	app: create XDG_RUNTIME_DIR with perm 0700 Many programs complain about this. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 02:49:37 +09:00
cat	c326c3f97d	fst/sandbox: do not create /etc in advance This is now handled by the setup op. This also gets rid of the hardcoded /etc path. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 20:00:34 +09:00
cat	61dbfeffe7	sandbox/wl: move into sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 05:26:37 +09:00
cat	532feb4bfa	app: merge shim into app package Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 05:21:47 +09:00
cat	ec5e91b8c9	system: optimise string formatting Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 04:42:30 +09:00
cat	5c4058d5ac	app: run in native sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 01:52:49 +09:00
cat	7c063833e0	internal/sys: wrap getuid/getgid Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 17:10:03 +09:00
cat	24618ab9a1	sandbox: move out of internal Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 02:55:36 +09:00
cat	9ce4706a07	sandbox: move params setup functions Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 02:48:32 +09:00
cat	9a1f8e129f	sandbox: wrap fmsg interface Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 02:44:07 +09:00
cat	ee10860357	seccomp: install output atomically Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 01:10:27 +09:00
cat	48feca800f	sandbox: check command function pointer Setting default CommandContext on initialisation is somewhat of a footgun. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 23:29:14 +09:00
cat	273d97af85	ldd: lib paths resolve function This is what always happens right after a ldd call, so implement it here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 01:20:09 +09:00
cat	9f5dad1998	sandbox: return on zero length ops This dodges potentially confusing behaviour where init fails due to Ops being clobbered during transfer. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 00:32:36 +09:00
cat	bac4e67867	sandbox/init: early params nil check Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 04:03:10 +09:00
cat	4230281194	sandbox: return error on doubled start Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 03:30:14 +09:00
cat	e64e7608ca	sandbox: expose cancel behaviour Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 03:04:27 +09:00
cat	10a21ce3ef	helper: expose extra files to direct Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 02:27:40 +09:00
cat	f9bf20a3c7	helper: rearrange initialisation args This improves consistency across two different helper implementations. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 01:06:31 +09:00
cat	f443d315ad	helper: clean up interface The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 00:27:44 +09:00
cat	9e18d1de77	helper/proc: pass extra files and start For integration with native container tooling. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 23:23:57 +09:00
cat	2647a71be1	seccomp: move out of helper Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 22:42:40 +09:00
cat	7c60a4d8e8	helper: embed context on creation Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 18:30:22 +09:00
cat	4bb5d9780f	ldd: run in native sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 17:55:55 +09:00
cat	f41fd94628	sandbox: write uid/gid map as init This avoids PR_SET_DUMPABLE in the parent process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 17:42:22 +09:00
cat	94895bbacb	sandbox: invert seccomp ruleset defaults Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:38:32 +09:00
cat	f332200ca4	sandbox: mount container /dev Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:18:44 +09:00
cat	2eff470091	sandbox/mount: pass custom tmpfs name The tmpfs driver allows arbitrary fsname. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:12:35 +09:00
cat	a092b042ab	sandbox: pass params to setup ops Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:11:38 +09:00
cat	e94b09d337	sandbox/mount: fix source flag path Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:10:48 +09:00

... 24 25 26 27 28 ...

1500 Commits