maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
454 Commits 2 Branches 12 Tags
88040504b20fb2c0c7bfa71f2c01e88c138c71d8
Commit Graph

454 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ophestra
88040504b2 helper/bwrap: remove fmsg import 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:05:00 +09:00
Ophestra
1fd571d561 cmd/fsu: check parse behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 16:43:55 +09:00
Ophestra
be30e2f11e cmd/fsu: revert offset in error message 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 15:31:39 +09:00
Ophestra
aaebb8f3ab fortify: check print behaviour 
These output are supposed to be deterministic, so checking them is a good way to catch regressions.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 14:44:28 +09:00
Ophestra
1f74b636d3 state/join: use Join method when available 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 14:11:02 +09:00
Ophestra
e431ab3c24 app: check username length against LOGIN_NAME_MAX 
This limit is arbitrary, but it's good to enforce it anyway.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 12:44:55 +09:00
Ophestra
3fba33687b fortify: print line after ps output 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 12:23:20 +09:00
Ophestra
820f48ef94 release: 0.2.13 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:45:54 +09:00
Ophestra
fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
Ophestra
60c2873750 helper/proc: cancel ec on parent ctx 
This allows errors written during a timeout to be received and handled.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:08:28 +09:00
Ophestra
d1d20c06fb helper/seccomp: use sync.Once for closeWrite 
This makes the code much cleaner, and eliminates the intermittent ErrInvalid errors.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:49:16 +09:00
Ophestra
1e6a059668 helper/seccomp: benchmark exporter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:37:51 +09:00
Ophestra
318df0f7e1 nix: test syscall filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 22:01:16 +09:00
Ophestra
58eb8f971d proc/pipe: implement args and stat file 
This is a generic implementation of helper/pipe.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 19:57:24 +09:00
Ophestra
0a1d7c01cd helper/proc: count dispatched errs 
This helps debug implementation errors of [proc.File].

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 19:55:37 +09:00
Ophestra
60ca1c6c55 helper/proc: store file addresses in linked list 
Storing extra files as a slice requires the caller to allocate a large enough slice before initialising any file and never grow the slice.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 17:42:12 +09:00
Ophestra
099da78af5 helper/seccomp: eliminate data race on pfd 
Turns out the doc comment on os.File was lying about its methods being safe for concurrent use. The race detector picked up a data race from concurrent use of Fd and Close.

This change eliminates that by calling Fd in the prepare routine.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 10:40:51 +09:00
Ophestra
18466cfd02 helper/proc: declare generic extra files interface 
Helpers use extra files for various purposes. This provides a generic interface for implementing the fulfillment of these extra files without having to specifically handle them in the process creation code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-11 16:34:47 +09:00
Ophestra
e14923ae53 helper/proc: move package out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-08 13:03:45 +09:00
Ophestra
7aff3ead3a nix: vm test remove unnecessary setup 
This step is no longer required as the NixOS module is responsible for home directory creation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 22:29:56 +09:00
Ophestra
72fb13dccc dbus: lock for read in public args interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:42:29 +09:00
Ophestra
a48386bd56 system/dbus: dump messages on early fault 
In the current app implementation this gets dumped in the wait method after resuming output. Wait is never called in an early fault condition, so any error messages get lost.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:20:56 +09:00
Ophestra
2e52191404 system/dbus: dump method prints msgbuf 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:16:54 +09:00
Ophestra
568d7758d5 helper/seccomp: panic on invalid closeWrite use 
Returning an error here puts exporter in an invalid state. The caller should guard against this condition instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 12:58:20 +09:00
Ophestra
5b7b3fa9a4 helper/seccomp: implement reader interface via pipe 
This also does not require the libc tmpfile call.

BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-03 19:43:03 +09:00
Ophestra
d58fb8c6ee workflows: fix nix store cache 
Prefix does not seem to match correctly, this appears to be a Gitea implementation bug.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-01 21:16:13 +09:00
Ophestra
5808fe61c3 nix: vm test set sway background 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 22:28:04 +09:00
Ophestra
f338d3bb4b nix: update flake lock 2025-01-25 19:46:33 +09:00
Ophestra
8d04dd72f1 nix: mount nvidia devices 
These non-standard paths are required in the sandbox for nvidia drivers to work.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 18:05:18 +09:00
Ophestra
21735a8abe release: 0.2.12 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 13:40:48 +09:00
Ophestra
34272672b1 nix: verify silent output when not running with -v 
This checks behaviour of fmsg and seccomp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 13:38:18 +09:00
Ophestra
7b96cd6ded helper/seccomp: do not call F_println if not verbose 
This (slightly) improves performance.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 13:19:38 +09:00
Ophestra
163f15e93f helper/seccomp: separate seccomp package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:59:11 +09:00
Ophestra
016da20443 nix: expose compat flag in nixos module 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:42:48 +09:00
Ophestra
37780456a7 helper: block more unusual/privileged syscalls 
These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:35:47 +09:00
Ophestra
efacaa40fa nix: set deny_devel correctly 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-24 00:50:35 +09:00
Ophestra
ad6d0ee55f workflows: rename integration test artifact 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-24 00:30:39 +09:00
Ophestra
cf791469d8 workflows: gc store and purge old caches 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-24 00:25:57 +09:00
Ophestra
be14421775 workflows: merge test build job into test 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-24 00:22:44 +09:00
Ophestra
045983d7f4 wl: separate inline C 
Having a huge blurb of inline C hurts readability on web pages and some text editors.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 22:06:29 +09:00
Ophestra
7106b00968 release: 0.2.11 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 20:49:49 +09:00
Ophestra
96d5d8a396 nix: apply shared home config to reserved aid 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 20:48:04 +09:00
Ophestra
8a00a83c71 nix: expose syscall filter policy 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 17:24:42 +09:00
Ophestra
134247b57d nix: configure target users via nixos 
This makes patching home-manager no longer necessary.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 17:04:19 +09:00
Ophestra
b5bb7654da nix: redirect sway output to journal 
This makes swaymsg exec output appear in test output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 16:08:22 +09:00
Ophestra
cc1efa22e2 fst: add missing fields to template 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 12:09:25 +09:00
Ophestra
580128922b cmd/fpkg: expose syscall policy options 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 12:01:30 +09:00
Ophestra
23e1152baa app/share: clean BaseError message 
This removes trailing '\n' in the PulseAudio warning.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 11:54:16 +09:00
Ophestra
8c51012ef5 dbus: enable syscall filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 11:49:23 +09:00
Ophestra
5a64cdaf4f ldd: enable syscall filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 02:00:49 +09:00