maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
993 Commits 1 Branch 12 Tags
6e3f34f2ecfe0f3cd024a6e73bf6560080feac53
Commit Graph

19 Commits

Author SHA1 Message Date
Ophestra
6e3f34f2ec internal/app: merge finalise test cases 
This cleans everything up a bit for the upcoming test suite rewrite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-25 12:11:02 +09:00
Ophestra
1c4f593566 internal/app: unexport outcome, remove app struct 
The App struct no longer does anything, and the outcome struct is entirely opaque.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 18:44:14 +09:00
Ophestra
f876043844 internal/hlog: remove error wrapping 
This was a stopgap solution that lasted for way too long. This finally removes it and prepares internal/app for some major changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-12 06:52:35 +09:00
Ophestra
6f719bc3c1 system: update doc commands and remove mutex 
The mutex is not really doing anything, none of these methods make sense when called concurrently anyway. The copylocks analysis is still satisfied by the noCopy struct.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-02 04:54:34 +09:00
Ophestra
b14690aa77 internal/app: remove seal interface 
This further cleans up the package for the restructure.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 01:07:51 +09:00
Ophestra
0d7c1a9a43 app: rename app implementation package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-12 10:54:24 +09:00
Ophestra
5c4058d5ac app: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 01:52:49 +09:00
Ophestra
c64b8163e7 app: separate instance from process state 
This works better for the implementation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-21 16:06:24 +09:00
Ophestra
e0f321b2c4 sys: rename from linux 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-18 18:47:48 +09:00
Ophestra
90cb01b274 system: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-17 19:00:43 +09:00
Ophestra
562f5ed797 fst: hide sockets exposed via Filesystem 
This is mostly useful for permissive defaults.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 10:13:18 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
2f676c9d6e fst: rename from fipc 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 15:50:46 +09:00
Ophestra Umiker
b752ec4468 fipc: export config struct 
Also store full config as part of state.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 13:45:55 +09:00
Ophestra Umiker
b291f0b710 app: add nixos-based config test case 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-21 12:13:21 +09:00
Ophestra Umiker
584732f80a cmd: shim and init into separate binaries 
This change also fixes a deadlock when shim fails to connect and complete the setup.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-02 03:13:57 +09:00
Ophestra Umiker
51e84ba8a5 system/dbus: compare sealed value by string 
Stringer method of dbus.Proxy returns a string representation of its args stream when sealed.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-27 12:09:34 +09:00
Ophestra Umiker
093e99d062 app: separate nixos test cases from tests 
Test cases are very long, separating them improves editor performance.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-25 17:44:29 +09:00
Ophestra Umiker
ad7e389eee app: test app permissive defaults sealing behaviour 
This test seals App against a deterministic os stub and checks the resulting sys and bwrap values against known correct ones. The effects of sys and bwrap on the OS and sandbox is deterministic and tested in their own respective packages.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-25 17:12:13 +09:00