c1399f5030
std: rename from comp
...
Seccomp lookup tables are going to be relocated here, and PNR constants.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-11-05 02:47:43 +09:00
e94acc424c
container/comp: rename from bits
...
This package will also hold syscall lookup tables for seccomp.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-21 20:54:03 +09:00
67ec82ae1b
ldd/exec: raise timeout
...
This mostly helps with tests.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-18 18:03:09 +09:00
7638a44fa6
treewide: parallel tests
...
Most tests already had no global state, however parallel was never enabled. This change enables it for all applicable tests.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-13 04:38:48 +09:00
87b5c30ef6
message: relocate from container
...
This package is quite useful. This change allows it to be imported without importing container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-09 05:18:19 +09:00
5d18af0007
container/fhs: move pathname constants
...
This allows referencing FHS pathnames without importing container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 21:29:16 +09:00
0e6c1a5026
container/check: move absolute pathname
...
This allows use of absolute pathname values without importing container.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 20:57:58 +09:00
3ce63e95d7
container: move seccomp preset bits
...
This allows holding the bits without cgo.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-10-07 18:28:20 +09:00
46cd3a28c8
container: remove global msg
...
This frees all container instances of side effects.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-09-29 06:11:47 +09:00
e99d7affb0
container: use absolute for pathname
...
This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-11 04:56:42 +09:00
41ac2be965
container/absolute: wrap safe stdlib functions
...
These functions do not change the absoluteness of a pathname.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-10 03:11:10 +09:00
02271583fb
container: remove PATH lookup behaviour
...
This is way higher level than the container package and does not even work unless every path is mounted in the exact same location.
This behaviour causes nothing but confusion and problems,
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-09 19:08:54 +09:00
c6be82bcf9
container/path: fhs path constants
...
This increases readability since this can help disambiguate absolute paths from similarly named path segments.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-03 21:16:45 +09:00
7b416d47dc
container/ops: merge mqueue and dev Ops
...
There is no reason to mount mqueue anywhere else, and these Ops usually follow each other. This change merges them. This helps decrease IPC overhead and also enables mounting dev readonly.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-08-03 19:13:46 +09:00
e71ae3b8c5
container: remove custom cmd initialisation
...
This part of the interface is very unintuitive and only used for testing, even in testing it is inelegant and can be done better.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-25 00:45:10 +09:00
d2f9a9b83b
treewide: migrate to hakurei.app
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-03 03:30:39 +09:00
1b5ecd9eaf
container: move out of toplevel
...
This allows slightly easier use of the vanity url. This also provides some disambiguation between low level containers and hakurei app containers.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-03 02:59:43 +09:00
eec021cc4b
hakurei: move container helpers toplevel
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-02 21:31:29 +09:00
a1d98823f8
hakurei: move container toplevel
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-02 21:23:55 +09:00
31aef905fa
sandbox: expose seccomp interface
...
There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-02 04:47:13 +09:00
87e008d56d
treewide: rename to hakurei
...
Fortify makes little sense for a container tool.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-06-25 04:57:41 +09:00
24618ab9a1
sandbox: move out of internal
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-17 02:55:36 +09:00
bc54db54d2
ldd: always copy stderr
...
Dropping the buffer on success is unhelpful and could hide some useful information.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-17 00:08:00 +09:00
bf07b7cd9e
ldd: mount /proc in container
...
This covers host /proc.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-17 00:01:03 +09:00
48feca800f
sandbox: check command function pointer
...
Setting default CommandContext on initialisation is somewhat of a footgun.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-16 23:29:14 +09:00
273d97af85
ldd: lib paths resolve function
...
This is what always happens right after a ldd call, so implement it here.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-16 01:20:09 +09:00
4bb5d9780f
ldd: run in native sandbox
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-14 17:55:55 +09:00
d22145a392
ldd: handle musl static behaviour
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-12 23:29:43 +09:00
39dc8e7bd8
dbus: set process group id
...
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-25 18:12:41 +09:00
dccb366608
ldd: handle behaviour on static executable
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-23 18:02:33 +09:00
83c8f0488b
ldd: pass absolute path to bwrap
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-23 17:46:22 +09:00
fe7d208cf7
helper: use generic extra files interface
...
This replaces the pipes object and integrates context into helper process lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 23:34:15 +09:00
5a64cdaf4f
ldd: enable syscall filter
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 02:00:49 +09:00
9a239fa1a5
helper/bwrap: integrate seccomp into helper interface
...
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 01:52:57 +09:00
2f70506865
helper/bwrap: move sync to helper state
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-19 18:38:13 +09:00
b956ce4052
ldd: trim leading and trailing white spaces from name
...
Glibc emits ldd output with \t prefix for formatting. Remove that here.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 16:53:01 +09:00
ade57c39af
ldd: add fhs glibc test case
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 16:33:02 +09:00
df6fc298f6
migrate to git.gensokyo.uk/security/fortify
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-20 00:20:02 +09:00
4b7b899bb3
add package doc comments
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-10-28 20:57:59 +09:00
65af1684e3
migrate to git.ophivana.moe/security/fortify
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-10-20 19:50:13 +09:00
73a698c7cb
ldd: run ldd with read-only filesystem and unshared net
...
This is only called on trusted programs, however extra hardening is never a bad idea.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-10-17 15:37:27 +09:00
d41b9d2d9c
ldd: separate Parse from Exec and trim space
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-10-09 23:51:15 +09:00
6232291cae
ldd: implement strict ldd output parser
...
Fortify needs to internally resolve helper program sandbox config. They are considered trusted and runs under the privileged UID so ldd output is used to determine libraries they need inside the sandbox environment.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-10-09 20:39:27 +09:00
