hakurei

maemachinebroke/hakurei

Fork 0

forked from security/hakurei

Commit Graph

Author	SHA1	Message	Date
Ophestra	9e48d7f562	hst/config: move container fields from toplevel This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-07 04:24:45 +09:00
Ophestra	f280994957	internal/app: check nscd socket for path hiding This can seriously break things, and exposes extra host attack surface, so include it here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-05 20:47:30 +09:00
Ophestra	eb5ee4fece	internal/app: modularise outcome finalise This is the initial effort of splitting up host and container side of finalisation for params to shim. The new layout also enables much finer grained unit testing of each step, as well as partition access to per-app state for each step. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-10-05 02:52:50 +09:00

Author

SHA1

Message

Date

Ophestra

9e48d7f562

hst/config: move container fields from toplevel

This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API.

Signed-off-by: Ophestra <cat@gensokyo.uk>

2025-10-07 04:24:45 +09:00

Ophestra

f280994957

internal/app: check nscd socket for path hiding

This can seriously break things, and exposes extra host attack surface, so include it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>

2025-10-05 20:47:30 +09:00

Ophestra

eb5ee4fece

internal/app: modularise outcome finalise

This is the initial effort of splitting up host and container side of finalisation for params to shim. The new layout also enables much finer grained unit testing of each step, as well as partition access to per-app state for each step.

Signed-off-by: Ophestra <cat@gensokyo.uk>

2025-10-05 02:52:50 +09:00

3 Commits