maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,105 Commits 7 Branches 12 Tags
6f5b7964f4fa24a5ea26cbbd5227e7c4d41eb06c
Commit Graph

153 Commits

Author SHA1 Message Date
cat 28ebf973d6 nix: add sharefs supplementary group 
This works around vfs inode file attribute race.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-11 23:28:18 +09:00
cat b0ba165107 cmd/sharefs: group-accessible permission bits 
This works around the race in vfs via supplementary group.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-08 16:14:47 +09:00
cat 351d6c5a35 cmd/sharefs: reproduce vfs inode file attribute race 
This happens in the vfs permissions check only and stale data appears to never reach userspace.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-08 15:51:36 +09:00
cat e4355279a1 all: optionally forbid degrading in tests 
This enables transparently degradable tests to be forced on in environments known to support them.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-04-07 15:22:52 +09:00
cat a6600be34a all: use filepath 
This makes package check portable, and removes nonportable behaviour from package pkg, pipewire, and system. All other packages remain nonportable due to their nature. No latency increase was observed due to this change on amd64 and arm64 linux.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-30 18:24:53 +09:00
cat b1ea3b4acf cmd/hakurei: rename app to run 
The run command was a legacy holdover from very early days and is only useful for testing and demonstration these days. This change also renames it to exec.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-28 16:48:26 +09:00
cat 620062cca9 hst: expose scheduling priority 
This is useful when limits are configured to allow it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 02:15:14 +09:00
cat 196b200d0f container: expose priority and SCHED_OTHER policy 
The more explicit API removes the arbitrary limit preventing use of SCHED_OTHER (referred to as SCHED_NORMAL in the kernel). This change also exposes priority value to set.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 01:14:03 +09:00
cat 04e6bc3c5c hst: expose scheduling policy 
This is primarily useful for poorly written music players for now.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-12 00:52:18 +09:00
cat 48cdf8bf85 go: 1.26 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-03-10 03:29:19 +09:00
cat 1df3bcc3b9 nix: mount tmpfs on /tmp 
This hopefully eliminates spurious test failures caused by /tmp running out of space.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2026-02-16 18:22:29 +09:00
cat 7bfbd59810 cmd/sharefs: implement shared filesystem 
This is for passing files between applications, similar to android /sdcard.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-25 05:13:02 +09:00
cat 767f1844d2 test: check shim private dir cleanup 
This asserts that no shim private dir was left behind after all containers terminate.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-15 20:30:19 +09:00
cat 54610aaddc internal/outcome: expose pipewire via pipewire-pulse 
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst.

Closes #29.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-15 12:57:06 +09:00
cat ebc67bb8ad nix: update flake lock 
NixOS 25.11 introduces a crash in cage and an intermittent crash in foot.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-12 08:39:55 +09:00
cat e9fb1d7be5 container/initdaemon: copy wstatus from wait4 loop 
Due to the special nature of the init process, direct use of wait outside the wait4 loop is racy. This change copies the wstatus from wait4 loop state instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:58:42 +09:00
cat d5fb179012 cmd/hakurei: exec instead of fork/exec from shell 
There is no reason to keep the shell process around.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:29:41 +09:00
cat 2786611b88 test/interactive: add app with bad daemon 
This is useful for testing daemon error handling behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 22:12:07 +09:00
cat 87781c7658 treewide: include PipeWire op and enforce PulseAudio check 
This fully replaces PulseAudio with PipeWire and enforces the PulseAudio check and error message. The pipewire-pulse daemon is handled in the NixOS module.

Closes #26.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 08:53:04 +09:00
cat 422efcf258 hst: check for insecure PulseAudio enablement 
This is currently still a noop, but required for #26.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 03:13:02 +09:00
cat c761e1de4d nix: build with clang 
Clang is better than gcc in various ways. This also pulls in clang-format which is very helpful.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-15 16:36:36 +09:00
cat b5630f6883 test: move package sandbox internal 
This should never be used outside vm tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-12 23:03:22 +09:00
cat ac34635890 container: set FD_CLOEXEC on all open files 
While fd created from this side always has the FD_CLOEXEC flag, the same is not true for files left open by the parent. This change prevents those files from leaking into the container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-12 00:18:29 +09:00
cat 9dec9dbc4b container/init: close setup pipe early 
This prevents leaking the setup pipe.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-11 07:31:58 +09:00
cat bb92e3ada9 cmd/hakurei: expose current instance identifier 
This writes the 16-byte instance identifier to file descriptor specified by --identifier-fd if set, and closes the file.

This enables safely obtaining the new instance's identifier.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-10 07:52:35 +09:00
cat 5c2b63a7f1 container: add 386 constants 
While it is unlikely a use case for hakurei on i686 exists, it does not hurt to have this support.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 20:21:14 +09:00
cat cb9ebf0e15 hst/grp_pwd: specify new uid format 
This leaves slots available for additional uid ranges in Rosa OS.

This breaks all existing installations! Users are required to fix ownership manually.

Closes #18.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-04 08:24:41 +09:00
cat 0edcb7c1d3 test: print share directory 
This is more useful now that state is tracked here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-02 17:00:59 +09:00
cat 0e5ca74b98 cmd/hakurei/print: serialise array for ps 
Wanted to do this for a long time, since the key is redundant. This also makes it easier to migrate to the new store interface.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-02 16:37:08 +09:00
cat 2442eda8d9 hst/instance: embed config struct 
This makes the resulting json easier to parse since it can now be deserialised into the config struct.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-24 00:42:16 +09:00
cat 56beae17fe test: assert hst CGO_ENABLED=0 
The hst package only deals with data serialisation, however since many parts of hakurei make use of C libraries in some way it can be easy to inadvertently depend on cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-21 19:49:04 +09:00
cat fbd1638e7f test/interactive/trace: update nix attribute 
Updated according to evaluation warning.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-21 06:03:09 +09:00
cat 699c19e972 hst/container: optional runtime and tmpdir sharing 
Sharing and persisting these directories do not always make sense. Make it optional here.

Closes #16.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-19 04:11:38 +09:00
cat b5b30aea2e test: place marker in common path 
This discontinues the dependency on shared tmpdir and xdg_runtime_dir implementation detail, for #16.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-19 03:50:48 +09:00
cat e47aebb7a0 internal/app/outcome: apply configured filesystems late 
This enables configured filesystems to cover system mount points.

Closes #8.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-19 01:41:52 +09:00
cat d4284c109d internal/app/spruntime: emulate pam_systemd type 
This sets XDG_SESSION_TYPE to the corresponding values specified in pam_systemd(8) according to enablements.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-18 04:33:04 +09:00
cat 52e3324ef4 test/sandbox: ignore nondeterministic mount point 
No idea what systemd is doing with this to cause its options to change.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-14 07:08:39 +09:00
cat 9e48d7f562 hst/config: move container fields from toplevel 
This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 04:24:45 +09:00
cat f280994957 internal/app: check nscd socket for path hiding 
This can seriously break things, and exposes extra host attack surface, so include it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 20:47:30 +09:00
cat ae2df2c450 internal: remove sys package 
This package is replaced by container/stub. Remove and replace it with unexported implementation for the upcoming test suite rewrite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-25 13:51:54 +09:00
cat 773253fdf5 test/sandbox: raise timeout 
The integration vm is being very slow for some reason. This change should reduce spurious timeouts.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 19:41:59 +09:00
cat f09133a224 test: check init lingering timeout behaviour 
This checks init timeout on lingering process after initial process termination.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-22 21:56:29 +09:00
cat a2a291791c internal/sys: separate hsu uid cache 
This begins the effort of the removal of the sys package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-15 02:30:47 +09:00
cat 1cdc6b4246 test/sandbox: create marker in /var/tmp 
This prepares the test suite for private TMPDIR.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 16:45:17 +09:00
cat 56aad8dc11 test/sandbox/tool: marker pathname from flag 
Since this is going to be placed in a shared directory, it needs to be unique to the identity. Instead of trying to figure out identity from mountinfo, just have the test script pass hardcoded values.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 15:57:41 +09:00
cat 83c4f8b767 test/sandbox: check extra writable paths 
This is not always obvious from mountinfo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 15:12:51 +09:00
cat d0ddd71934 test/sandbox: bind /var/tmp writable 
This makes it possible to place markers with private tmpdir.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 14:59:53 +09:00
cat ca247b8037 internal/app: mount /dev/shm early 
This avoids covering /dev/shm mounts from hst.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-14 01:49:42 +09:00
cat 92f510a647 cmd/hakurei/command: pd run dbus-verbose nil check 
This otherwise dereferences a nil pointer when dbus-verbose is set and either session or system bus are nil.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-06 00:09:25 +09:00
cat acb6931f3e app/seal: leave $DISPLAY as is on host abstract 
This helps work around faulty software that misinterprets unix: DISPLAY string.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-27 20:42:03 +09:00