maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
993 Commits 2 Branches 12 Tags
6e3f34f2ecfe0f3cd024a6e73bf6560080feac53
Commit Graph

16 Commits

Author SHA1 Message Date
Ophestra
1c4f593566 internal/app: unexport outcome, remove app struct 
The App struct no longer does anything, and the outcome struct is entirely opaque.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 18:44:14 +09:00
Ophestra
6f719bc3c1 system: update doc commands and remove mutex 
The mutex is not really doing anything, none of these methods make sense when called concurrently anyway. The copylocks analysis is still satisfied by the noCopy struct.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-02 04:54:34 +09:00
Ophestra
b14690aa77 internal/app: remove seal interface 
This further cleans up the package for the restructure.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-28 01:07:51 +09:00
Ophestra
0d7c1a9a43 app: rename app implementation package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-12 10:54:24 +09:00
Ophestra
5c4058d5ac app: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 01:52:49 +09:00
Ophestra
c64b8163e7 app: separate instance from process state 
This works better for the implementation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-21 16:06:24 +09:00
Ophestra
dfd9467523 app: merge seal with sys 
The existence of the appSealSys struct was an implementation detail obsolete since system.I was integrated in 084cd84f36.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-19 01:36:29 +09:00
Ophestra
53571f030e app: embed appSeal in app struct 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-19 01:10:37 +09:00
Ophestra
a748d40745 app: store values with string representation 
Improves code readability without changing memory layout.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-19 00:25:00 +09:00
Ophestra
648e1d641a app: separate interface from implementation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-18 23:07:28 +09:00
Ophestra
e0f321b2c4 sys: rename from linux 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-18 18:47:48 +09:00
Ophestra
90cb01b274 system: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-17 19:00:43 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
2f676c9d6e fst: rename from fipc 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 15:50:46 +09:00
Ophestra Umiker
584732f80a cmd: shim and init into separate binaries 
This change also fixes a deadlock when shim fails to connect and complete the setup.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-02 03:13:57 +09:00
Ophestra Umiker
ad7e389eee app: test app permissive defaults sealing behaviour 
This test seals App against a deterministic os stub and checks the resulting sys and bwrap values against known correct ones. The effects of sys and bwrap on the OS and sandbox is deterministic and tested in their own respective packages.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-25 17:12:13 +09:00