maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
1,046 Commits 2 Branches 12 Tags
9290748761b9c91c9e379ff2774fefa58bd1b533
Commit Graph

350 Commits

Author SHA1 Message Date
Ophestra
9290748761 internal/app/spaccount: check behaviour 
This begins the effort of fully covering internal/app.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-11 00:54:04 +09:00
Ophestra
23084888a0 internal/app/spaccount: apply default in shim 
The original code clobbers hst.Config, and was not changed when being ported over.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-11 00:38:06 +09:00
Ophestra
070e346587 internal/app: relocate params state initialisation 
This is useful for testing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 22:00:49 +09:00
Ophestra
24de7c50a0 internal/app: relocate state initialisation 
This is useful for testing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 20:15:58 +09:00
Ophestra
f6dd9dab6a internal/app: hold path hiding in op 
This makes no sense to be part of the global state.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 19:56:30 +09:00
Ophestra
776650af01 hst/config: negative WaitDelay bypasses default 
This behaviour might be useful, so do not lock it out. This change also fixes an oversight where the unchecked value is used to determine ForwardCancel.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 05:11:32 +09:00
Ophestra
109aaee659 internal/app: copy parts of config to state 
This is less error-prone than passing the address to the entire hst.Config struct, and reduces the likelihood of accidentally clobbering hst.Config. This also improves ease of testing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 03:19:09 +09:00
Ophestra
22ee5ae151 internal/app: filter ops in implementation 
This is cleaner and less error-prone, and should also result in negligibly less memory allocation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 02:23:34 +09:00
Ophestra
4246256d78 internal/app: hold config address in state 
This can be removed eventually as it is barely used.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 01:21:01 +09:00
Ophestra
87b5c30ef6 message: relocate from container 
This package is quite useful. This change allows it to be imported without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-09 05:18:19 +09:00
Ophestra
df9b77b077 internal/app: do not encode config early 
Finalise no longer clobbers hst.Config.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-09 04:38:54 +09:00
Ophestra
a40d182706 internal/app: build container state in shim 
This significantly decreases ipc overhead.

Closes #3.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-08 22:30:40 +09:00
Ophestra
e5baaf416f internal/app: check transmitted ops 
This simulates params to shim and this is the last step before params to shim is merged.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-08 20:02:09 +09:00
Ophestra
ee6c471fe6 internal/app: relocate ops condition 
This allows reuse and finer grained testing of fromConfig.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-08 19:39:00 +09:00
Ophestra
16bf3178d3 internal/app: relocate dynamic exported state 
This allows reuse of the populateEarly method in test instrumentation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-08 18:34:17 +09:00
Ophestra
034c59a26a internal/app: relocate late sys/params outcome 
This will end up merged with another op after reordering. For now relocate it into its dedicated op for test instrumentation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-08 18:26:50 +09:00
Ophestra
12ab7ea3b4 hst/fs: access ops through interface 
This removes the final hakurei.app/container import from hst.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 23:59:48 +09:00
Ophestra
584ce3da68 container/bits: move bind bits 
This allows referring to the bits without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 21:38:31 +09:00
Ophestra
5d18af0007 container/fhs: move pathname constants 
This allows referencing FHS pathnames without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 21:29:16 +09:00
Ophestra
0e6c1a5026 container/check: move absolute pathname 
This allows use of absolute pathname values without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 20:57:58 +09:00
Ophestra
d23b4dc9e6 hst/dbus: move dbus config struct 
This allows holding a xdg-dbus-proxy configuration without importing system/dbus.

It also makes more sense in the project structure since the config struct is part of the hst API however the rest of the implementation is not.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 19:03:51 +09:00
Ophestra
3ce63e95d7 container: move seccomp preset bits 
This allows holding the bits without cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 18:28:20 +09:00
Ophestra
2489766efe hst/config: identity bounds check early 
This makes sense to do here instead of in internal/app.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 17:58:28 +09:00
Ophestra
9e48d7f562 hst/config: move container fields from toplevel 
This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 04:24:45 +09:00
Ophestra
f280994957 internal/app: check nscd socket for path hiding 
This can seriously break things, and exposes extra host attack surface, so include it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 20:47:30 +09:00
Ophestra
ae7b343cde hst: reword and move constants 
These values are considered part of the stable, exported API, so move them to hst.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 17:40:32 +09:00
Ophestra
a63a372fe0 internal/app: merge static stub 
These tests now serve as integration tests, and finer grained tests for each op will be added slowly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 17:15:14 +09:00
Ophestra
80ad2e4e23 internal/app: do not offset base value 
This value is applied to the shim, it is incorrect to offset the base value as well.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 03:59:52 +09:00
Ophestra
92b83bd599 internal/app: apply pd behaviour to outcomeState 
This avoids needlessly clobbering hst.Config.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 03:53:23 +09:00
Ophestra
8ace214832 system/wayland: hang up security-context-v1 internally 
This should have been an implementation detail and should not be up to the caller to close.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 03:25:13 +09:00
Ophestra
eb5ee4fece internal/app: modularise outcome finalise 
This is the initial effort of splitting up host and container side of finalisation for params to shim. The new layout also enables much finer grained unit testing of each step, as well as partition access to per-app state for each step.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 02:52:50 +09:00
Ophestra
9462af08f3 system/dbus: dump buffer internally 
This should have been an implementation detail and should not be up to the caller to call it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-04 20:31:14 +09:00
Ophestra
a5f0aa3f30 internal/app: declutter and merge small files 
This should make internal/app easier to work with for the upcoming params to shim.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-03 16:59:29 +09:00
Ophestra
dd0bb0a391 internal/app: check username validation 
This stuff should be hardcoded in libc, but check it anyway.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-03 16:42:42 +09:00
Ophestra
d16da6da8c system: enforce absolute paths 
This is less error-prone, and is quite easy to integrate considering internal/app has already migrated to container.Absolute.

Closes #11.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-03 02:26:14 +09:00
Ophestra
e58181a930 internal/app/paths: defer extra formatting 
This reduces payload size for params to shim.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-30 00:21:26 +09:00
Ophestra
71e70b7b5f internal/app/paths: do not print messages 
This change was missed while merging the rest of the logging changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 09:30:57 +09:00
Ophestra
1ba1cb8865 hst/config: remove seccomp bit fields 
These serve little purpose and are not friendly for use from other languages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 07:07:16 +09:00
Ophestra
44ba7a5f02 hst/enablement: move bits from system 
This is part of the hst API, should not be in the implementation package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 06:34:29 +09:00
Ophestra
dc467493d8 internal: remove hlog 
This package has been fully replaced by container.Msg.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 06:21:04 +09:00
Ophestra
46cd3a28c8 container: remove global msg 
This frees all container instances of side effects.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 06:11:47 +09:00
Ophestra
e906cae9ee container/output: export suspendable writer 
This is quite useful for other packages as well. This change prepares internal/hlog for removal.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-27 19:46:35 +09:00
Ophestra
ae2df2c450 internal: remove sys package 
This package is replaced by container/stub. Remove and replace it with unexported implementation for the upcoming test suite rewrite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-25 13:51:54 +09:00
Ophestra
6e3f34f2ec internal/app: merge finalise test cases 
This cleans everything up a bit for the upcoming test suite rewrite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-25 12:11:02 +09:00
Ophestra
65a0bb9729 internal/sys/hsu: expose hsurc identifier 
This maintains a compatible interface for now, to ease merging of the upcoming changes to internal/app.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 21:17:04 +09:00
Ophestra
afa7a0800d cmd/hsu: return hsurc id 
The uid format is stable, this value is what caller has to obtain through hsu.

Closes #14.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 21:10:13 +09:00
Ophestra
409ed172c8 internal/app: handle LookupGroup error 
This could return errnos from the cgo calls.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 19:36:55 +09:00
Ophestra
1c4f593566 internal/app: unexport outcome, remove app struct 
The App struct no longer does anything, and the outcome struct is entirely opaque.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 18:44:14 +09:00
Ophestra
b99c63337d internal/app: do not return from shim start 
The whole RunState ugliness and the other horrendous error handling conditions for internal/app come from an old design proposal for maintaining all app containers under the same daemon process for a user. The proposal was ultimately rejected but the implementation remained. It is removed here to alleviate internal/app from much of its ugliness and unreadability.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-24 13:37:38 +09:00
Ophestra
16409b37a2 internal/app: compensate shim timeout 
This catches cases where the shim has somehow locked up, so it should wait out the full shim WaitDelay as well.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-16 02:23:19 +09:00