hakurei

Author	SHA1	Message	Date
Ophestra	767f1844d2	test: check shim private dir cleanup This asserts that no shim private dir was left behind after all containers terminate. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-12-15 20:30:19 +09:00
Ophestra	87781c7658	treewide: include PipeWire op and enforce PulseAudio check This fully replaces PulseAudio with PipeWire and enforces the PulseAudio check and error message. The pipewire-pulse daemon is handled in the NixOS module. Closes #26. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-12-08 08:53:04 +09:00
Ophestra	ac34635890	container: set FD_CLOEXEC on all open files While fd created from this side always has the FD_CLOEXEC flag, the same is not true for files left open by the parent. This change prevents those files from leaking into the container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-12 00:18:29 +09:00
Ophestra	9dec9dbc4b	container/init: close setup pipe early This prevents leaking the setup pipe. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-11 07:31:58 +09:00
Ophestra	cb9ebf0e15	hst/grp_pwd: specify new uid format This leaves slots available for additional uid ranges in Rosa OS. This breaks all existing installations! Users are required to fix ownership manually. Closes #18. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-11-04 08:24:41 +09:00
Ophestra	773253fdf5	test/sandbox: raise timeout The integration vm is being very slow for some reason. This change should reduce spurious timeouts. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-09-24 19:41:59 +09:00
Ophestra	1cdc6b4246	test/sandbox: create marker in /var/tmp This prepares the test suite for private TMPDIR. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-09-14 16:45:17 +09:00
Ophestra	4cf694d2b3	hst: use hsu userid for share path suffix The privileged user is identifier to hakurei through its hsu userid. Using the kernel uid here makes little sense and is a leftover design choice from before hsu was implemented. Closes #7. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-26 02:16:33 +09:00
Ophestra	22d577ab49	test/sandbox: do not discard stderr getting hash This is the first hakurei run in the test, if the container outright fails to start this is often where it happens, so throwing away the output is very unhelpful. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-18 11:36:13 +09:00
Ophestra	9ed3ba85ea	hst/fs: implement overlay fstype This finally exposes overlay mounts in the high level hakurei API. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-15 04:00:55 +09:00
Ophestra	987981df73	test/sandbox: check pd behaviour Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 03:27:02 +09:00
Ophestra	e574042d76	test/sandbox: verify seccomp on all test cases This change also makes seccomp hashes cross-platform. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 04:21:35 +09:00
Ophestra	87e008d56d	treewide: rename to hakurei Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 04:57:41 +09:00
Ophestra	807d511c8b	test/sandbox: check device outcome Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 19:55:16 +09:00
Ophestra	297b444dfb	test: separate app and sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-30 22:09:46 +09:00

15 Commits