hakurei

Author	SHA1	Message	Date
Ophestra	bf07b7cd9e	ldd: mount /proc in container This covers host /proc. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 00:01:03 +09:00
Ophestra	5d3c8dcc92	test: raise timeout Native container tooling is severely slowed down by race detector. Raise timeout so it reliably completes. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 23:51:17 +09:00
Ophestra	48feca800f	sandbox: check command function pointer Setting default CommandContext on initialisation is somewhat of a footgun. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 23:29:14 +09:00
Ophestra	42de09e896	helper: implement native container backend Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 02:57:46 +09:00
Ophestra	1576fea8a3	helper: raise WaitDelay during tests Helper runs very slowly with race detector. This prevents it from timing out. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 02:49:41 +09:00
Ophestra	ae522ab364	test: run go tests with race detector Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 02:07:42 +09:00
Ophestra	273d97af85	ldd: lib paths resolve function This is what always happens right after a ldd call, so implement it here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 01:20:09 +09:00
Ophestra	891316d924	helper/stub: copy args to stderr Some helpers are implemented via go test itself in tests, and as a result stdout gets clobbered. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 00:39:42 +09:00
Ophestra	9f5dad1998	sandbox: return on zero length ops This dodges potentially confusing behaviour where init fails due to Ops being clobbered during transfer. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 00:32:36 +09:00
Ophestra	6e7ddb2d2e	helper: eliminate commandContext replacement This is done more cleanly by modifying Args in cmdF. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 00:01:25 +09:00
Ophestra	bac4e67867	sandbox/init: early params nil check Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 04:03:10 +09:00
Ophestra	4230281194	sandbox: return error on doubled start Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 03:30:14 +09:00
Ophestra	e64e7608ca	sandbox: expose cancel behaviour Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 03:04:27 +09:00
Ophestra	10a21ce3ef	helper: expose extra files to direct Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 02:27:40 +09:00
Ophestra	0f1f0e4364	helper: combine helper ipc setup The two-step args call is no longer necessary since stat is passed on initialisation. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 02:10:22 +09:00
Ophestra	f9bf20a3c7	helper: rearrange initialisation args This improves consistency across two different helper implementations. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 01:06:31 +09:00
Ophestra	73c1a83032	helper: move process wrapper to direct Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 00:33:25 +09:00
Ophestra	f443d315ad	helper: clean up interface The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 00:27:44 +09:00
Ophestra	9e18d1de77	helper/proc: pass extra files and start For integration with native container tooling. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 23:23:57 +09:00
Ophestra	2647a71be1	seccomp: move out of helper Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 22:42:40 +09:00
Ophestra	7c60a4d8e8	helper: embed context on creation Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 18:30:22 +09:00
Ophestra	4bb5d9780f	ldd: run in native sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 17:55:55 +09:00
Ophestra	f41fd94628	sandbox: write uid/gid map as init This avoids PR_SET_DUMPABLE in the parent process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 17:42:22 +09:00
Ophestra	94895bbacb	sandbox: invert seccomp ruleset defaults Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:38:32 +09:00
Ophestra	f332200ca4	sandbox: mount container /dev Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:18:44 +09:00
Ophestra	2eff470091	sandbox/mount: pass custom tmpfs name The tmpfs driver allows arbitrary fsname. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:12:35 +09:00
Ophestra	a092b042ab	sandbox: pass params to setup ops Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:11:38 +09:00
Ophestra	e94b09d337	sandbox/mount: fix source flag path Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:10:48 +09:00
Ophestra	5d9e669d97	sandbox: separate tmpfs function from op This is useful in the implementation of various other ops. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 00:21:20 +09:00
Ophestra	f1002157a5	sandbox: separate bind mount function from op This is useful in the implementation of various other ops. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 00:16:41 +09:00
Ophestra	4133b555ba	internal/app: rename init to init0 This makes way for the new container init. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 21:57:54 +09:00
Ophestra	9b1a60b5c9	sandbox: native container tooling This should eventually replace bwrap. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 21:36:26 +09:00
Ophestra	beb3918809	test: run go test under regular user By default test vm commands run as root, this causes buildFHSEnv bwrap to cover some parts of /proc, making it impossible to mount proc in a mount namespace created under it. Running as a regular user gets around this issue. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 20:56:32 +09:00
Ophestra	2871426df2	test: print output of failed test Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 16:40:15 +09:00
Ophestra	e048f31baa	internal: pull EINTR loop from stdlib Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 00:42:38 +09:00
Ophestra	6af8b8859f	sandbox: read overflow ids Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 00:41:37 +09:00
Ophestra	f38ba7e923	test/sandbox: bypass fields A field is bypassed if it contains a single null byte. This will never appear in the text format so is safe to use. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 00:00:58 +09:00
Ophestra	d22145a392	ldd: handle musl static behaviour Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-12 23:29:43 +09:00
Ophestra	29c3f8becb	helper/seccomp: improve error handling This passes both errno and libseccomp return value. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-12 15:52:48 +09:00
Ophestra	be16970e77	helper/seccomp: seccomp_load on negative fd Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-12 15:18:52 +09:00
Ophestra	df266527f1	test/sandbox/mount: work around nondeterminism Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-12 15:16:51 +09:00
Ophestra	c8ed7aae6e	nix: update flake lock Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-10 18:38:14 +09:00
Ophestra	61e58aa14d	helper/proc: expose setup file Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-09 17:22:31 +09:00
Ophestra	9e15898c8f	internal/prctl: rename prctl wrappers Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-07 22:56:35 +09:00
Ophestra	f7bd6a5a41	test/sandbox: check seccomp outcome Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-04 13:30:16 +09:00
Ophestra	ea853e21d9	test/sandbox: check fs outcome Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-03 01:02:09 +09:00
Ophestra	0bd9b9e8fe	test/sandbox: assert filesystem json Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-02 23:23:04 +09:00
Ophestra	39e32799b3	test/sandbox: compare filesystem hierarchy For checking deterministic aspects of fs outcome. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-02 22:59:04 +09:00
Ophestra	9953768de5	test: rename session message identifier Labelling this as sway is misleading. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-02 22:47:33 +09:00
Ophestra	0d3652b793	test/sandbox/assert: wrap printf Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-02 18:37:46 +09:00

1 2 3 4 5 ...

612 Commits