hakurei

Author	SHA1	Message	Date
cat	9c9e190db9	ldd: remove timeout The program generally never blocks, and it is more flexible to leave it up to the caller to set a timeout. Signed-off-by: Ophestra <cat@gensokyo.uk>	2026-04-07 14:49:20 +09:00
cat	420c721c7d	all: raise timeout defaults This avoids timing out on systems running very slowly. Signed-off-by: Ophestra <cat@gensokyo.uk>	2026-03-17 17:04:06 +09:00
cat	722989c682	fhs: move from container This package is not container-specific. Signed-off-by: Ophestra <cat@gensokyo.uk>	2026-03-17 15:56:36 +09:00
cat	6d015a949e	check: move from container This package is not container specific, and widely used across the project. Signed-off-by: Ophestra <cat@gensokyo.uk>	2026-03-17 15:39:03 +09:00
cat	0cb1007daa	ldd: remove deprecated API Closes #25. Signed-off-by: Ophestra <cat@gensokyo.uk>	2026-03-17 13:53:14 +09:00
cat	4b0cce4db5	ldd: treat nil pathname as self This is a helpful shortcut for examining a test program's ldd output. Signed-off-by: Ophestra <cat@gensokyo.uk>	2026-02-28 20:37:01 +09:00
cat	e1e46504a1	container/check: return error backed by string type The struct turned out not necessary during initial implementation but was not unwrapped into its single string field. This change replaces it with the underlying string and removes the indirection. Signed-off-by: Ophestra <cat@gensokyo.uk>	2026-01-11 04:23:55 +09:00
cat	46fa104419	ldd: require absolute pathname The sandbox which ldd(1) runs in does not inherit parent work directory, so relative pathnames will not work correctly. While it is trivial to support such a use case, the use of relative pathnames is highly error-prone and generally frowned against in this project. The Exec function remains available under the same signature until v0.4.0 where it will be removed. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 21:53:10 +09:00
cat	45953b3d9c	ldd: cancel on decoder error This prevents blocking from failures caused by ldd(1) emitting output that is not anticipated by the decoder. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 21:43:34 +09:00
cat	42759e7a9f	ldd: create musl entry representation This mostly helps with debugging. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 21:38:35 +09:00
cat	8e2d2c8246	ldd: check decoder scan guard This was unreachable via the Parse wrapper. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 18:32:47 +09:00
cat	b7406cc4c4	ldd: update package doc comment This should hopefully deter misuse of this package. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 17:49:01 +09:00
cat	690a0ed0d6	ldd: decode from reader This should reduce memory footprint of the parsing process and allow decoding part of the stream. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-14 08:33:19 +09:00
cat	c1399f5030	std: rename from comp Seccomp lookup tables are going to be relocated here, and PNR constants. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-05 02:47:43 +09:00
cat	e94acc424c	container/comp: rename from bits This package will also hold syscall lookup tables for seccomp. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-21 20:54:03 +09:00
cat	67ec82ae1b	ldd/exec: raise timeout This mostly helps with tests. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-18 18:03:09 +09:00
cat	7638a44fa6	treewide: parallel tests Most tests already had no global state, however parallel was never enabled. This change enables it for all applicable tests. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-13 04:38:48 +09:00
cat	87b5c30ef6	message: relocate from container This package is quite useful. This change allows it to be imported without importing container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-09 05:18:19 +09:00
cat	5d18af0007	container/fhs: move pathname constants This allows referencing FHS pathnames without importing container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-07 21:29:16 +09:00
cat	0e6c1a5026	container/check: move absolute pathname This allows use of absolute pathname values without importing container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-07 20:57:58 +09:00
cat	3ce63e95d7	container: move seccomp preset bits This allows holding the bits without cgo. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-07 18:28:20 +09:00
cat	46cd3a28c8	container: remove global msg This frees all container instances of side effects. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-09-29 06:11:47 +09:00
cat	e99d7affb0	container: use absolute for pathname This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-11 04:56:42 +09:00
cat	41ac2be965	container/absolute: wrap safe stdlib functions These functions do not change the absoluteness of a pathname. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-10 03:11:10 +09:00
cat	02271583fb	container: remove PATH lookup behaviour This is way higher level than the container package and does not even work unless every path is mounted in the exact same location. This behaviour causes nothing but confusion and problems, Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-09 19:08:54 +09:00
cat	c6be82bcf9	container/path: fhs path constants This increases readability since this can help disambiguate absolute paths from similarly named path segments. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-03 21:16:45 +09:00
cat	7b416d47dc	container/ops: merge mqueue and dev Ops There is no reason to mount mqueue anywhere else, and these Ops usually follow each other. This change merges them. This helps decrease IPC overhead and also enables mounting dev readonly. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-03 19:13:46 +09:00
cat	e71ae3b8c5	container: remove custom cmd initialisation This part of the interface is very unintuitive and only used for testing, even in testing it is inelegant and can be done better. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-25 00:45:10 +09:00
cat	d2f9a9b83b	treewide: migrate to hakurei.app Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-03 03:30:39 +09:00
cat	1b5ecd9eaf	container: move out of toplevel This allows slightly easier use of the vanity url. This also provides some disambiguation between low level containers and hakurei app containers. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-03 02:59:43 +09:00
cat	eec021cc4b	hakurei: move container helpers toplevel Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-02 21:31:29 +09:00
cat	a1d98823f8	hakurei: move container toplevel Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-02 21:23:55 +09:00
cat	31aef905fa	sandbox: expose seccomp interface There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-02 04:47:13 +09:00
cat	87e008d56d	treewide: rename to hakurei Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 04:57:41 +09:00
cat	24618ab9a1	sandbox: move out of internal Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 02:55:36 +09:00
cat	bc54db54d2	ldd: always copy stderr Dropping the buffer on success is unhelpful and could hide some useful information. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 00:08:00 +09:00
cat	bf07b7cd9e	ldd: mount /proc in container This covers host /proc. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 00:01:03 +09:00
cat	48feca800f	sandbox: check command function pointer Setting default CommandContext on initialisation is somewhat of a footgun. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 23:29:14 +09:00
cat	273d97af85	ldd: lib paths resolve function This is what always happens right after a ldd call, so implement it here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 01:20:09 +09:00
cat	4bb5d9780f	ldd: run in native sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 17:55:55 +09:00
cat	d22145a392	ldd: handle musl static behaviour Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-12 23:29:43 +09:00
cat	39dc8e7bd8	dbus: set process group id This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-25 18:12:41 +09:00
cat	dccb366608	ldd: handle behaviour on static executable Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-23 18:02:33 +09:00
cat	83c8f0488b	ldd: pass absolute path to bwrap Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-23 17:46:22 +09:00
cat	fe7d208cf7	helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-13 23:34:15 +09:00
cat	5a64cdaf4f	ldd: enable syscall filter Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 02:00:49 +09:00
cat	9a239fa1a5	helper/bwrap: integrate seccomp into helper interface This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 01:52:57 +09:00
cat	2f70506865	helper/bwrap: move sync to helper state Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-19 18:38:13 +09:00
cat	b956ce4052	ldd: trim leading and trailing white spaces from name Glibc emits ldd output with \t prefix for formatting. Remove that here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 16:53:01 +09:00
cat	ade57c39af	ldd: add fhs glibc test case Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 16:33:02 +09:00

1 2

56 Commits