maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
902 Commits 1 Branch 12 Tags
b3da3da525e066c67a14503a3a0d00d5024cc62d
Commit Graph

25 Commits

Author SHA1 Message Date
Ophestra
d500d6e559 system/dbus: share host net ns for abstract 
Host abstract unix sockets are only accessible when also in the init net ns.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-21 21:55:23 +09:00
Ophestra
6947ff04e0 system/dbus/proc: host abstract only when not binding 
The test failure seems to be caused by an unrelated bug in xdg-dbus-proxy.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-19 23:39:14 +09:00
Clayton Gilmer
5db0714072 container: optionally isolate host abstract UNIX domain sockets via landlock 2025-08-18 16:28:14 +09:00
Ophestra
e99d7affb0 container: use absolute for pathname 
This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-11 04:56:42 +09:00
Ophestra
41ac2be965 container/absolute: wrap safe stdlib functions 
These functions do not change the absoluteness of a pathname.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-10 03:11:10 +09:00
Ophestra
02271583fb container: remove PATH lookup behaviour 
This is way higher level than the container package and does not even work unless every path is mounted in the exact same location.

This behaviour causes nothing but confusion and problems,

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 19:08:54 +09:00
Ophestra
e71ae3b8c5 container: remove custom cmd initialisation 
This part of the interface is very unintuitive and only used for testing, even in testing it is inelegant and can be done better.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-25 00:45:10 +09:00
Ophestra
9d7a19d162 container: use more reliable nonexistence 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-18 23:18:26 +09:00
Ophestra
d2f9a9b83b treewide: migrate to hakurei.app 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-03 03:30:39 +09:00
Ophestra
1b5ecd9eaf container: move out of toplevel 
This allows slightly easier use of the vanity url. This also provides some disambiguation between low level containers and hakurei app containers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-03 02:59:43 +09:00
Ophestra
82561d62b6 system: move system access packages 
These packages loosely belong in the "system" package and "system" provides high level wrappers for all of them.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 21:52:07 +09:00
Ophestra
a1d98823f8 hakurei: move container toplevel 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 21:23:55 +09:00
Ophestra
87e008d56d treewide: rename to hakurei 
Fortify makes little sense for a container tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 04:57:41 +09:00
Ophestra
5979d8b1e0 dbus: clean up wrapper implementation 
The dbus proxy wrapper haven't been updated much ever since the helper interface was introduced.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-16 23:35:17 +09:00
Ophestra
61dbfeffe7 sandbox/wl: move into sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 05:26:37 +09:00
Ophestra
ec5e91b8c9 system: optimise string formatting 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 04:42:30 +09:00
Ophestra
24618ab9a1 sandbox: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:55:36 +09:00
Ophestra
9a1f8e129f sandbox: wrap fmsg interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:44:07 +09:00
Ophestra
44277dc0f1 dbus: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 00:13:14 +09:00
Ophestra
1818dc3a4c system/acl: do not fail gone revert target 
A removed file effectively already has its ACLs stripped, so failing this makes no sense. Still print a message to warn about it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 01:11:05 +09:00
Ophestra
65094b63cd system/dbus: filter context cancellation error 
This message would otherwise show up when alternative exit path is taken due to a signal.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 00:57:35 +09:00
Ophestra
a9986aab6a system: document I methods 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-21 19:51:12 +09:00
Ophestra
7e69893264 acl: rename UpdatePerms to Update 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-17 20:33:18 +09:00
Ophestra
38a3e6af03 system: make xcb internal 
This package is hauntingly ugly. Move this to internal until it is removed or replaced.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-17 19:07:53 +09:00
Ophestra
90cb01b274 system: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-17 19:00:43 +09:00