maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,056 Commits 7 Branches 12 Tags
90369861568d38737001f1d7e1304e6914675359
Commit Graph

296 Commits

Author SHA1 Message Date
cat e6cd2bb2a8 cmd/fpkg: integrate command handler 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 23:25:12 +09:00
cat 0fb72e5d99 cmd/fpkg/build: prepend extra nix flags 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 20:21:09 +09:00
cat 8bf162820b nix: separate fsu from package 
This appears to be the only way to build them with different configuration. This enables static linking in the main package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 18:13:37 +09:00
cat eb0c16dd8c cmd/fpkg: rename buildPackage file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-21 18:13:34 +09:00
cat 4fa1e97026 cmd/fpkg: rename shell to shellPath 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-21 17:50:20 +09:00
cat 90cb01b274 system: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-17 19:00:43 +09:00
cat e599b5583d fmsg: implement suspend in writer 
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 18:51:53 +09:00
cat 1fd571d561 cmd/fsu: check parse behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 16:43:55 +09:00
cat be30e2f11e cmd/fsu: revert offset in error message 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 15:31:39 +09:00
cat 134247b57d nix: configure target users via nixos 
This makes patching home-manager no longer necessary.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 17:04:19 +09:00
cat 580128922b cmd/fpkg: expose syscall policy options 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 12:01:30 +09:00
cat 7baca66a56 proc: remove duplicate compile-time fortify reference 
This is no longer needed since shim and init are now part of the main program.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-18 11:59:33 +09:00
cat 27d2914286 proc/priv/init: merge init into main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-18 11:47:01 +09:00
cat ea8f228af3 proc/priv/shim: merge shim into main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-17 23:43:32 +09:00
cat 124743ffd3 app: expose single run method 
App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 23:39:51 +09:00
cat 22a4b99674 cmd/fpkg/install: deduplicate nix store 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-30 02:25:04 +09:00
cat 1464ef774b cmd/fpkg: expose nixGL wrappers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-30 02:02:20 +09:00
cat 66ba4cea5c cmd/fpkg: remove workDir acl from activation 
Activation does not require access to workDir, and by this point all information is available in dataHome.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 23:48:45 +09:00
cat f8d0786509 cmd/fpkg: include nixGL source in inner store 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 23:37:11 +09:00
cat aff80b6b00 cmd/fpkg: optional network access when invoking with nix daemon 
This is useful for building nixGL.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 18:32:44 +09:00
cat a98a176907 cmd/fpkg: bind and document more gpu devices 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 18:25:26 +09:00
cat 5302879b88 cmd/fpkg: improve readability of fortify invocations 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 17:55:56 +09:00
cat 891b3cbde7 cmd/fpkg: compare all three store paths 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 17:10:41 +09:00
cat c795293f36 cmd/fpkg: clean up broken links before activation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 15:21:40 +09:00
cat c1a459a0b1 cmd/fpkg/start: correct drop to shell wording 
Activation no longer happens during application startup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 00:56:14 +09:00
cat e0e2f40e84 cmd/fpkg: app bundle helper 
This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 13:21:49 +09:00
cat 9b206072fa cmd/fshim: ensure data directory 
Ensuring home directory in shim causes the directory to be owned by the target user.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 14:39:01 +09:00
cat 0a2aa5823b cmd/fshim: bind finit inside sandbox 
The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 14:44:57 +09:00
cat df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
cat 52f21a19f3 cmd/fshim: switch to setup pipe 
The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 19:39:25 +09:00
cat 7be53a2438 cmd/fshim: switch to generic setup func 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 17:20:31 +09:00
cat f69e8e753e cmd/finit: switch to generic receive func 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 16:49:19 +09:00
cat b453f70ca2 cmd/fsu: check uid range before syscall 
This limits potential exploits to the fortify uid range.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 13:01:36 +09:00
cat 33c95b80ca cmd/fuserdb: rename home directories 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-07 20:23:46 +09:00
cat cc816a1aaa proc: cleaner extra files 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 16:05:04 +09:00
cat b3ef53b193 app: integrate security-context-v1 
Should be able to get rid of XDG_RUNTIME_DIR share after this.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:25:33 +09:00
cat ae2628e57a cmd/fshim/ipc: install signal handler on shim start 
Getting killed at this point will result in inconsistent state.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 13:33:46 +09:00
cat 2e23cef7bb cmd/fuserdb: generate group entries 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 23:31:06 +09:00
cat 6a6d30af1f cmd/fuserdb: systemd userdb drop-in entries generator 
This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 02:16:02 +09:00
cat df33123bd7 app: integrate fsu 
This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-16 21:19:45 +09:00
cat 45fead18c3 cmd/fshim: set no_new_privs flag 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-09 11:50:56 +09:00
cat 88abcbe0b2 cmd/fsu: remove import of internal package 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-04 12:32:14 +09:00
cat 8cd3651bb6 cmd/fshim/ipc: friendly setup timeout message 
This message eventually gets returned by the app's Start method, so they should be wrapped to provide a friendly message.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-03 02:03:30 +09:00
cat 584732f80a cmd: shim and init into separate binaries 
This change also fixes a deadlock when shim fails to connect and complete the setup.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-02 03:13:57 +09:00
cat aa1f96eeeb fsu: check parent executable path 
Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-28 18:52:23 +09:00
cat d9cb2a9f2b fsu: implement simple setuid user switcher 
Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-28 00:02:34 +09:00