a462341a0a
container: repeat and impossible state types
...
This moves repeated Op errors and impossible internal state errors off of msg.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-29 01:12:02 +09:00
84ad9791e2
container: wrap mount syscall errno
...
This is the first step to deprecating the generalised error wrapping error message pattern.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-29 01:06:12 +09:00
b14690aa77
internal/app: remove seal interface
...
This further cleans up the package for the restructure.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-28 01:07:51 +09:00
d0b6852cd7
internal/app: remove app interface
...
It is very clear at this point that there will not be multiple implementations of App, and the internal/app package will never move out of internal due to hsu.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-28 00:54:44 +09:00
da0459aca1
internal/app: update doc comments
...
A lot of these comments are quite old and have not been updated to reflect changes.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-28 00:45:57 +09:00
1be8de6f5c
internal/app: less strict username regex
...
Use the default value of NAME_REGEX from adduser. Should not hurt compatibility while being less strict.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-28 00:22:55 +09:00
0f41d96671
internal: move sysconf wrapper to app
...
This should not be used and is not useful in other packages.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-28 00:04:58 +09:00
92f510a647
cmd/hakurei/command: pd run dbus-verbose nil check
...
This otherwise dereferences a nil pointer when dbus-verbose is set and either session or system bus are nil.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-06 00:09:25 +09:00
acb6931f3e
app/seal: leave $DISPLAY as is on host abstract
...
This helps work around faulty software that misinterprets unix: DISPLAY string.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-27 20:42:03 +09:00
9d932d1039
release: 0.2.1
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-26 03:33:45 +09:00
9bc8532d56
container/initdev: mount tmpfs on shm for ro dev
...
Programs expect /dev/shm to be a writable tmpfs.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-26 03:27:07 +09:00
07194c74cb
release: 0.2.0
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-26 02:23:59 +09:00
4cf694d2b3
hst: use hsu userid for share path suffix
...
The privileged user is identifier to hakurei through its hsu userid. Using the kernel uid here makes little sense and is a leftover design choice from before hsu was implemented.
Closes #7 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-26 02:16:33 +09:00
c9facb746b
hst/config: remove data field, rename dir to home
...
There is no reason to give the home directory special treatment, as this behaviour can be quite confusing. The home directory also does not necessarily require its own mount point, it could be provided by a parent or simply be ephemeral.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-26 00:56:10 +09:00
878b66022e
hst/fsbind: optional ensure source
...
This exposes the BindEnsure flag of BindMountOp.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-26 00:50:23 +09:00
2e0a4795f6
container/initbind: optional ensure host directory
...
This is used for ensuring persistent data directories specific to the container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-26 00:44:45 +09:00
c328b584c0
hst/fslink: improve string representation
...
This shortens the representation of most common use cases and generally improves readability.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 22:52:48 +09:00
9585b35d5b
hst/config: remove symlink field
...
Closes #6 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 22:23:54 +09:00
26cafe3e80
hst/fs: implement link fstype
...
Symlinks do not require special treatment, and doing this allows placing links in order.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 21:57:38 +09:00
125f150784
hst/fs: update doc comments
...
The Type method no longer exists on the interface. Update doc comments to reflect that.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 21:11:39 +09:00
0dcac55a0c
hst/config: remove container etc field
...
This no longer needs special treatment since it can be specified as a generic filesystem entry.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 19:24:33 +09:00
6d202d73b4
hst/fsbind: optional autoetc behaviour
...
This generalises the special field allowing any special behaviour to be matched from target.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 18:38:19 +09:00
1438096339
hst/config: handle filesystem entry targeting root
...
This allows any fstype supported by hst to be directly mounted on sysroot. A special case in internal/app applies the matching entry early and excludes it from path hiding.
Closes #5 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 17:52:57 +09:00
059164d4fa
hst/fsbind: optional autoroot behaviour
...
This allows autoroot to be configured via Filesystem.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 17:44:12 +09:00
8db906ee64
container/dispatcher: remove exit stub test log
...
Turns out testing.T does not like being called in defer.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 17:33:35 +09:00
cedfceded5
container/autoroot: remove prefix field
...
This field has been a noop for a long time. Remove it to prevent further confusion.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 03:39:20 +09:00
33d2dcce1b
container/initoverlay: internal bypass sysroot prefix
...
This is for supporting overlay mounts for autoroot.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-25 02:42:22 +09:00
2baa2d7063
container/init: measure init behaviour
...
This used to be entirely done via integration tests, with almost no hope of error injection and coverage profile. These tests significantly increase confidence of future work in this area.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-24 04:52:32 +09:00
0166833431
container/dispatcher: start goroutine in dispatcher
...
This allows instrumentation of calls from goroutine without relying on finalizers.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-23 21:58:40 +09:00
b3da3da525
container/init: avoid multiple lastcap calls
...
This reduces the size of []kexpect in the test suite.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-23 11:09:11 +09:00
1b3902df78
container/dispatcher: instrument each goroutine individually
...
Scheduler nondeterminism cannot be accounted for, so do this instead.
There should not be any performance penalty as these calls are optimised out for direct.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-23 11:07:16 +09:00
ea1e3ebae9
container/params: pass fd instead of file
...
The file is very difficult to stub. Pass fd instead as it is the value that is actually useful.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-23 00:16:46 +09:00
1c692bfb79
container/init: call lockOSThread through dispatcher
...
This degrades test performance if not stubbed out.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-22 22:24:14 +09:00
141a18999f
container: move integration test helpers
...
With the new instrumentation it is now possible to run init code outside integration tests.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-22 22:07:19 +09:00
afe23600d2
container/path: use syscall dispatcher
...
This allows path and mount functions to be instrumented.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-22 22:02:21 +09:00
09d2844981
container/init: wrap syscall helper functions
...
This allows tests to stub all kernel behaviour, enabling measurement of all function call arguments and error injection.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-22 19:27:31 +09:00
d500d6e559
system/dbus: share host net ns for abstract
...
Host abstract unix sockets are only accessible when also in the init net ns.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-21 21:55:23 +09:00
5b73316ae0
container/syscall: doc comments from manpages
...
These are pulled straight from the manpages.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-21 00:33:46 +09:00
5d8a2199b6
container/init: op interface valid method
...
Check ops early and eliminate duplicate checks.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-21 00:18:50 +09:00
a1482ecdd0
container/inittmpfs: check path equivalence by value
...
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 20:17:28 +09:00
a07f9ed84c
container/initsymlink: check path equivalence by value
...
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 20:03:02 +09:00
51304b03af
container/initremount: check path equivalence by value
...
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 19:55:51 +09:00
c6397b941f
container/initproc: check path equivalence by value
...
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 19:29:45 +09:00
d65e5f817a
container/initplace: check path equivalence by value
...
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 19:19:27 +09:00
696e593898
container/initoverlay: check path equivalence by value
...
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 17:33:15 +09:00
97ab24feef
container/init: use absolute compare method
...
More checks are also added.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 17:14:36 +09:00
31f0dd36df
absolute: efficient equivalence check method
...
This is more efficient and makes the call site cleaner.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 17:06:38 +09:00
9aec2f46fe
container/initdev: check path equivalence by value
...
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 02:55:45 +09:00
022cc26b2e
container/capability: check CAP_TO_INDEX and CAP_TO_MASK
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 02:45:00 +09:00
b4c018da8f
container/autoetc: do not bypass absolute check
...
This can now be done cleanly via path function wrappers.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-20 02:37:11 +09:00
