hakurei

Author	SHA1	Message	Date
Ophestra	87e008d56d	treewide: rename to hakurei Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 04:57:41 +09:00
Ophestra	717771ae80	app: share runtime dir This allows apps with the same identity to access the same runtime dir. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-08 03:24:48 +09:00
Ophestra	b7e991de5b	nix: update flake lock Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-05 04:05:39 +09:00
Ophestra	2ffca6984a	nix: use reverse-DNS style id as unique identifier Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-05-25 20:12:30 +09:00
Ophestra	f30a439bcd	nix: improve common usability Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-05-16 04:40:12 +09:00
Ophestra	008e9e7fc5	nix: update flake lock	2025-05-07 21:35:37 +09:00
Ophestra	ae6f5ede19	fst: mount passthrough /dev writable Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 20:01:54 +09:00
Ophestra	807d511c8b	test/sandbox: check device outcome Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 19:55:16 +09:00
Ophestra	9967909460	sandbox: relative autoetc links This allows nested containers to use autoetc, and increases compatibility with other implementations. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 18:54:00 +09:00
Ophestra	297b444dfb	test: separate app and sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-30 22:09:46 +09:00
Ophestra	89a05909a4	test: move test program to sandbox directory This prepares for the separation of app and sandbox tests. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-30 21:09:16 +09:00
Ophestra	f772940768	test/sandbox: treat ESRCH as temporary failure This is an ugly fix that makes various assumptions guaranteed to hold true in the testing vm. The test package is filtered by the build system so some ugliness is tolerable here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-30 03:50:59 +09:00
Ophestra	8886c40974	test/sandbox: separate check filter Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-30 02:15:08 +09:00
Ophestra	8b62e08b44	test: build test program in nixos config Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-29 19:33:17 +09:00
Ophestra	ff3cfbb437	test/sandbox: check seccomp outcome This is as ugly as it is because it has to have CAP_SYS_ADMIN and not be in seccomp mode. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-28 02:24:27 +09:00
Ophestra	389402f955	test/sandbox/ptrace: generic filter block type Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-28 01:47:24 +09:00
Ophestra	660a2898dc	test/sandbox/ptrace: dump seccomp bpf program Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-28 01:35:56 +09:00
Ophestra	faf59e12c0	test/sandbox: expose test tool Some test elements implemented in the test tool might need to run outside the sandbox. This change allows that to happen. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-28 00:08:47 +09:00
Ophestra	d97a03c7c6	test/sandbox: separate test tool source This improves readability and allows gofmt to format the file. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 23:43:13 +09:00
Ophestra	f8502c3ece	test/sandbox: check environment Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 03:16:33 +09:00
Ophestra	996b42634d	test/sandbox: invoke check program directly Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-27 03:11:50 +09:00
Ophestra	2dd49c437c	app: create XDG_RUNTIME_DIR with perm 0700 Many programs complain about this. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 02:49:37 +09:00
Ophestra	371dd5b938	nix: create current-system symlink This is copied at runtime because it appears to be impossible to obtain this path in nix. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 02:06:11 +09:00
Ophestra	67eb28466d	nix: create opengl-driver symlink Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 20:52:20 +09:00
Ophestra	c326c3f97d	fst/sandbox: do not create /etc in advance This is now handled by the setup op. This also gets rid of the hardcoded /etc path. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 20:00:34 +09:00
Ophestra	5c4058d5ac	app: run in native sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 01:52:49 +09:00
Ophestra	3dd4ff29c8	test/sandbox: check mount table length Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:36:53 +09:00
Ophestra	61d86c5e10	test/sandbox: fix stdout tty check Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:23:50 +09:00
Ophestra	d097eaa28f	test/sandbox: unquote fail messages Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:03:53 +09:00
Ophestra	b989a4601a	test/sandbox: fail on mismatched mount entry Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 13:43:32 +09:00
Ophestra	0eb1bc6301	test/sandbox: verify outcome via mountinfo Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 01:42:38 +09:00
Ophestra	1eb837eab8	test/sandbox: warn about misuse in doc comment Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 23:28:28 +09:00
Ophestra	806ce18c0a	test/sandbox: check mapuid outcome Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:56:07 +09:00
Ophestra	b71d2bf534	test/sandbox: check tty outcome This makes no difference currently but has different behaviour in the native sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:28:57 +09:00
Ophestra	46059b1840	test/sandbox: print mismatching file content Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:24:52 +09:00
Ophestra	d2c329bcea	test: format path aid offsets Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:21:14 +09:00
Ophestra	2d379b5a38	test/sandbox: pass want file as argument This avoids building the check program multiple times. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 15:00:59 +09:00
Ophestra	75e0c5d406	test/sandbox: parse full test case This makes declaring multiple tests much cleaner. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 14:53:50 +09:00
Ophestra	632b18addd	test/sandbox: rename misleading bind destination Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 12:56:11 +09:00
Ophestra	a57a7a6a16	test/sandbox: check type handling host_passthrough Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 12:21:08 +09:00
Ophestra	4133b555ba	internal/app: rename init to init0 This makes way for the new container init. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 21:57:54 +09:00
Ophestra	f38ba7e923	test/sandbox: bypass fields A field is bypassed if it contains a single null byte. This will never appear in the text format so is safe to use. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 00:00:58 +09:00
Ophestra	df266527f1	test/sandbox/mount: work around nondeterminism Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-12 15:16:51 +09:00
Ophestra	f7bd6a5a41	test/sandbox: check seccomp outcome Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-04 13:30:16 +09:00
Ophestra	ea853e21d9	test/sandbox: check fs outcome Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-03 01:02:09 +09:00
Ophestra	0bd9b9e8fe	test/sandbox: assert filesystem json Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-02 23:23:04 +09:00
Ophestra	39e32799b3	test/sandbox: compare filesystem hierarchy For checking deterministic aspects of fs outcome. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-02 22:59:04 +09:00
Ophestra	0d3652b793	test/sandbox/assert: wrap printf Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-02 18:37:46 +09:00
Ophestra	d8e9d71f87	test/sandbox: check mount outcome Do this at the beginning of the test for early failure. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-28 15:56:15 +09:00
Ophestra	558974b996	test/sandbox: assert mntent json Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-28 15:40:58 +09:00

1 2

51 Commits