b7406cc4c4
ldd: update package doc comment
...
This should hopefully deter misuse of this package.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-14 17:49:01 +09:00
690a0ed0d6
ldd: decode from reader
...
This should reduce memory footprint of the parsing process and allow decoding part of the stream.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-14 08:33:19 +09:00
a9d72a5eb1
internal/outcome: rename run from main
...
The "main.go" name is quite confusing as this is often only present in main packages.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-14 01:06:14 +09:00
6d14bb814f
container/fhs: add constant for /dev/shm/
...
This is mounted for the default read-only /dev/ when programs want to use shm_open(3). Defining it here is less error-prone and saves the extra append at runtime.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-14 01:03:26 +09:00
be0e387ab0
internal/info: relocate from internal
...
This is cleaner and makes more sense. The longer LDFLAGS was never a valid concern since it is always inserted by a script.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-13 07:29:46 +09:00
abeb67964f
treewide: document linkname uses
...
These provide justification for each use of linkname. Poorly thought out uses of linkname are removed.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-13 07:14:16 +09:00
bf5d10743f
treewide: import internal/system
...
For #24 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-13 01:22:47 +09:00
4e7aab07d5
internal/system: relocate from system
...
These packages are highly specific to hakurei and are difficult to use safely from other pieces of code.
Their exported symbols are made available until v0.4.0 where they will be removed for #24 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-13 01:17:47 +09:00
15a66a2b31
treewide: import internal/helper
...
For #24 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-12 23:19:34 +09:00
f347d44c22
internal/helper: relocate from helper
...
This package is ugly and is pending removal only kept alive by xdg-dbus-proxy.
Its exported symbols are made available until v0.4.0 where it will be removed for #24 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-12 23:16:13 +09:00
b5630f6883
test: move package sandbox internal
...
This should never be used outside vm tests.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-12 23:03:22 +09:00
17ffdb2dcf
release: 0.3.1
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-12 00:53:14 +09:00
ac34635890
container: set FD_CLOEXEC on all open files
...
While fd created from this side always has the FD_CLOEXEC flag, the same is not true for files left open by the parent. This change prevents those files from leaking into the container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-12 00:18:29 +09:00
9dec9dbc4b
container/init: close setup pipe early
...
This prevents leaking the setup pipe.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-11 07:31:58 +09:00
2f74adc8bd
container/init: close initial process files on termination
...
This closes them during the adopt wait delay. This also keeps them alive.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-10 20:35:59 +09:00
d7e0104ae4
treewide: reject impossible user-supplied fd
...
These are all trusted user input, however this check reduces the likelihood of hard to debug errors.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-10 20:31:26 +09:00
bb92e3ada9
cmd/hakurei: expose current instance identifier
...
This writes the 16-byte instance identifier to file descriptor specified by --identifier-fd if set, and closes the file.
This enables safely obtaining the new instance's identifier.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-10 07:52:35 +09:00
fad419c2a2
internal/outcome: handle group lookup message
...
This results in slightly less messy error reporting.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-09 02:15:48 +09:00
b1a1e73238
nix: update names to reflect new terminology
...
These are terminology from way early days. Update them now to be less confusing.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-09 01:48:31 +09:00
38e9128a8c
container/std/seccomp: remove ineffectual typecast
...
This is no longer necessary since the return type changed.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-07 05:45:51 +09:00
7ee702a44e
container/seccomp/presets: add fields to literals
...
This keeps composites analysis happy.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-07 05:11:57 +09:00
3d188ef884
std: separate seccomp constants
...
This avoids inadvertently using PNRs as syscall numbers.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-07 04:30:06 +09:00
34ccda84b2
release: 0.3.0
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-06 01:37:15 +09:00
042013bb04
container/std: syscall JSON adapter
...
This provides cross-platform JSON adapter for syscall number.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-06 00:57:53 +09:00
5c2b63a7f1
container: add 386 constants
...
While it is unlikely a use case for hakurei on i686 exists, it does not hurt to have this support.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-05 20:21:14 +09:00
9fd97e71d0
treewide: fit test untyped int literals in 32-bit
...
This enables hakurei test suite to run on 32-bit targets.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-05 20:13:19 +09:00
fba201c995
container/std: relocate rule types
...
This enables its use in hst for #15 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-05 06:00:39 +09:00
7f27a6dc51
container/seccomp: use native types
...
This prepares NativeRule for relocation to std for #15 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-05 05:48:59 +09:00
b65aba9446
container/seccomp: alias libseccomp types
...
This enables tests to refer to these types and check its size.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-05 05:21:43 +09:00
becaf8b6d7
std: relocate seccomp lookup tables
...
This should enable resolving NativeRule in hst.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-05 04:48:05 +09:00
54c0d6bf48
container/seccomp/pnr: define pseudo syscalls
...
This eliminates the cgo dependency from syscall lookup.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-05 04:32:41 +09:00
c1399f5030
std: rename from comp
...
Seccomp lookup tables are going to be relocated here, and PNR constants.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-05 02:47:43 +09:00
9ac63aac0c
hst/grp_pwd: add extra test cases
...
Does not change coverage but this helps me crosscheck with my phone.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-05 01:42:42 +09:00
cb9ebf0e15
hst/grp_pwd: specify new uid format
...
This leaves slots available for additional uid ranges in Rosa OS.
This breaks all existing installations! Users are required to fix ownership manually.
Closes #18 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-04 08:24:41 +09:00
9a2a7b749f
cmd/hakurei/print: handle nil config
...
There is nothing to print in this case, and such a nil check is missing.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-03 02:20:18 +09:00
ec5cb9400c
cmd/hpkg/test: print share directory
...
This is more useful now that state is tracked here.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-03 01:51:57 +09:00
ae66b3d2fb
message: rename NewMsg to New
...
Should have done this when relocating this from container. Now is a good time to rename it before v0.3.x.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-03 01:49:27 +09:00
149bc3671a
internal/store: remove compat adapter
...
This is no longer used as everything has been migrated.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-03 01:26:01 +09:00
24435694a5
hst/config: make identifier omitempty
...
This is an optional field. Serialise it as such.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-03 01:23:15 +09:00
1c168babf2
cmd/hakurei/print: use new store interface
...
This removes the final uses of the compat interfaces.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-03 01:19:16 +09:00
0edcb7c1d3
test: print share directory
...
This is more useful now that state is tracked here.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-02 17:00:59 +09:00
0e5ca74b98
cmd/hakurei/print: serialise array for ps
...
Wanted to do this for a long time, since the key is redundant. This also makes it easier to migrate to the new store interface.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-02 16:37:08 +09:00
23ae7822bf
cmd/hakurei/parse: use new store interface
...
This greatly reduces overhead. The iterator also significantly cleans up the usage code.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-02 16:00:41 +09:00
898b5aed3d
internal/store: iterator over all entries
...
This is quite convenient for searching the store or printing active instance information.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-02 15:54:00 +09:00
7c3c3135d8
internal/outcome: track state in TMPDIR
...
The SharePath is a more stable path than RunDirPath, since it is available all the time and should remain consistent. This also fits better into the intended use case of XDG_RUNTIME_DIR.
Closes #17 .
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-02 12:40:58 +09:00
f33aea9ff9
internal/env: cleaner runtime dir fallback
...
This now places rundir inside the fallback runtime dir, so special case in internal/outcome is avoided.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-02 12:22:32 +09:00
e7fc311d0b
internal/outcome/shim: cover reparent and exit request paths
...
These test cases were missed when making the changes.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-02 11:58:09 +09:00
f5274067f6
internal/outcome/process: nil-safe unlock when failing to lock
...
This also prints a debug message which might be useful.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-02 11:47:51 +09:00
e7161f8e61
internal/outcome: measure finalise time
...
This also increases precision of state time output.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-02 05:17:33 +09:00
6931ad95c3
internal/outcome/shim: EOF as exit request fallback
...
In some cases the signal might be delivered before the signal handler is installed, and synchronising against such a case is too expensive. Instead, use the pipe being closed as a fallback to the regular exit request. This change also moves installation of the signal handler early.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-02 04:41:26 +09:00
