a40d182706
internal/app: build container state in shim
...
This significantly decreases ipc overhead.
Closes #3 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-08 22:30:40 +09:00
e5baaf416f
internal/app: check transmitted ops
...
This simulates params to shim and this is the last step before params to shim is merged.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-08 20:02:09 +09:00
ee6c471fe6
internal/app: relocate ops condition
...
This allows reuse and finer grained testing of fromConfig.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-08 19:39:00 +09:00
16bf3178d3
internal/app: relocate dynamic exported state
...
This allows reuse of the populateEarly method in test instrumentation.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-08 18:34:17 +09:00
034c59a26a
internal/app: relocate late sys/params outcome
...
This will end up merged with another op after reordering. For now relocate it into its dedicated op for test instrumentation.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-08 18:26:50 +09:00
12ab7ea3b4
hst/fs: access ops through interface
...
This removes the final hakurei.app/container import from hst.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 23:59:48 +09:00
584ce3da68
container/bits: move bind bits
...
This allows referring to the bits without importing container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 21:38:31 +09:00
5d18af0007
container/fhs: move pathname constants
...
This allows referencing FHS pathnames without importing container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 21:29:16 +09:00
0e6c1a5026
container/check: move absolute pathname
...
This allows use of absolute pathname values without importing container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 20:57:58 +09:00
d23b4dc9e6
hst/dbus: move dbus config struct
...
This allows holding a xdg-dbus-proxy configuration without importing system/dbus.
It also makes more sense in the project structure since the config struct is part of the hst API however the rest of the implementation is not.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 19:03:51 +09:00
3ce63e95d7
container: move seccomp preset bits
...
This allows holding the bits without cgo.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 18:28:20 +09:00
2489766efe
hst/config: identity bounds check early
...
This makes sense to do here instead of in internal/app.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 17:58:28 +09:00
9e48d7f562
hst/config: move container fields from toplevel
...
This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 04:24:45 +09:00
f280994957
internal/app: check nscd socket for path hiding
...
This can seriously break things, and exposes extra host attack surface, so include it here.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 20:47:30 +09:00
ae7b343cde
hst: reword and move constants
...
These values are considered part of the stable, exported API, so move them to hst.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 17:40:32 +09:00
a63a372fe0
internal/app: merge static stub
...
These tests now serve as integration tests, and finer grained tests for each op will be added slowly.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 17:15:14 +09:00
80ad2e4e23
internal/app: do not offset base value
...
This value is applied to the shim, it is incorrect to offset the base value as well.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 03:59:52 +09:00
92b83bd599
internal/app: apply pd behaviour to outcomeState
...
This avoids needlessly clobbering hst.Config.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 03:53:23 +09:00
8ace214832
system/wayland: hang up security-context-v1 internally
...
This should have been an implementation detail and should not be up to the caller to close.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 03:25:13 +09:00
eb5ee4fece
internal/app: modularise outcome finalise
...
This is the initial effort of splitting up host and container side of finalisation for params to shim. The new layout also enables much finer grained unit testing of each step, as well as partition access to per-app state for each step.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-05 02:52:50 +09:00
9462af08f3
system/dbus: dump buffer internally
...
This should have been an implementation detail and should not be up to the caller to call it.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-04 20:31:14 +09:00
a5f0aa3f30
internal/app: declutter and merge small files
...
This should make internal/app easier to work with for the upcoming params to shim.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-03 16:59:29 +09:00
dd0bb0a391
internal/app: check username validation
...
This stuff should be hardcoded in libc, but check it anyway.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-03 16:42:42 +09:00
d16da6da8c
system: enforce absolute paths
...
This is less error-prone, and is quite easy to integrate considering internal/app has already migrated to container.Absolute.
Closes #11 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-03 02:26:14 +09:00
e58181a930
internal/app/paths: defer extra formatting
...
This reduces payload size for params to shim.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-30 00:21:26 +09:00
71e70b7b5f
internal/app/paths: do not print messages
...
This change was missed while merging the rest of the logging changes.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-29 09:30:57 +09:00
1ba1cb8865
hst/config: remove seccomp bit fields
...
These serve little purpose and are not friendly for use from other languages.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-29 07:07:16 +09:00
44ba7a5f02
hst/enablement: move bits from system
...
This is part of the hst API, should not be in the implementation package.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-29 06:34:29 +09:00
dc467493d8
internal: remove hlog
...
This package has been fully replaced by container.Msg.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-29 06:21:04 +09:00
46cd3a28c8
container: remove global msg
...
This frees all container instances of side effects.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-29 06:11:47 +09:00
e906cae9ee
container/output: export suspendable writer
...
This is quite useful for other packages as well. This change prepares internal/hlog for removal.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-27 19:46:35 +09:00
ae2df2c450
internal: remove sys package
...
This package is replaced by container/stub. Remove and replace it with unexported implementation for the upcoming test suite rewrite.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-25 13:51:54 +09:00
6e3f34f2ec
internal/app: merge finalise test cases
...
This cleans everything up a bit for the upcoming test suite rewrite.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-25 12:11:02 +09:00
65a0bb9729
internal/sys/hsu: expose hsurc identifier
...
This maintains a compatible interface for now, to ease merging of the upcoming changes to internal/app.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-24 21:17:04 +09:00
afa7a0800d
cmd/hsu: return hsurc id
...
The uid format is stable, this value is what caller has to obtain through hsu.
Closes #14 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-24 21:10:13 +09:00
409ed172c8
internal/app: handle LookupGroup error
...
This could return errnos from the cgo calls.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-24 19:36:55 +09:00
1c4f593566
internal/app: unexport outcome, remove app struct
...
The App struct no longer does anything, and the outcome struct is entirely opaque.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-24 18:44:14 +09:00
b99c63337d
internal/app: do not return from shim start
...
The whole RunState ugliness and the other horrendous error handling conditions for internal/app come from an old design proposal for maintaining all app containers under the same daemon process for a user. The proposal was ultimately rejected but the implementation remained. It is removed here to alleviate internal/app from much of its ugliness and unreadability.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-24 13:37:38 +09:00
16409b37a2
internal/app: compensate shim timeout
...
This catches cases where the shim has somehow locked up, so it should wait out the full shim WaitDelay as well.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-16 02:23:19 +09:00
a2a291791c
internal/sys: separate hsu uid cache
...
This begins the effort of the removal of the sys package.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-15 02:30:47 +09:00
8690419c2d
hst: replace internal/app error
...
This turns out to still be quite useful across internal/app and its relatives. Perhaps a cleaner replacement for baseError.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-15 01:44:43 +09:00
ca247b8037
internal/app: mount /dev/shm early
...
This avoids covering /dev/shm mounts from hst.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-14 01:49:42 +09:00
f876043844
internal/hlog: remove error wrapping
...
This was a stopgap solution that lasted for way too long. This finally removes it and prepares internal/app for some major changes.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-12 06:52:35 +09:00
6f719bc3c1
system: update doc commands and remove mutex
...
The mutex is not really doing anything, none of these methods make sense when called concurrently anyway. The copylocks analysis is still satisfied by the noCopy struct.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-02 04:54:34 +09:00
1b5d20a39b
container/dispatcher: stub.Call initialisation helper function
...
This keeps composites analysis happy without making the test cases (too) bloated.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-02 04:44:08 +09:00
712cfc06d7
container: wrap container init start errors
...
This helps indicate the exact origin and nature of the error. This eliminates generic WrapErr from container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-30 23:44:48 +09:00
b14690aa77
internal/app: remove seal interface
...
This further cleans up the package for the restructure.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-28 01:07:51 +09:00
d0b6852cd7
internal/app: remove app interface
...
It is very clear at this point that there will not be multiple implementations of App, and the internal/app package will never move out of internal due to hsu.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-28 00:54:44 +09:00
da0459aca1
internal/app: update doc comments
...
A lot of these comments are quite old and have not been updated to reflect changes.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-28 00:45:57 +09:00
1be8de6f5c
internal/app: less strict username regex
...
Use the default value of NAME_REGEX from adduser. Should not hurt compatibility while being less strict.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-28 00:22:55 +09:00
