maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
1,159 Commits 1 Branch 12 Tags
cb9ebf0e1541c0e49380cda6d4c2d619a0e9933f
Commit Graph

62 Commits

Author SHA1 Message Date
Ophestra
cb9ebf0e15 hst/grp_pwd: specify new uid format 
This leaves slots available for additional uid ranges in Rosa OS.

This breaks all existing installations! Users are required to fix ownership manually.

Closes #18.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-04 08:24:41 +09:00
Ophestra
23ae7822bf cmd/hakurei/parse: use new store interface 
This greatly reduces overhead. The iterator also significantly cleans up the usage code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-02 16:00:41 +09:00
Ophestra
699c19e972 hst/container: optional runtime and tmpdir sharing 
Sharing and persisting these directories do not always make sense. Make it optional here.

Closes #16.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-19 04:11:38 +09:00
Ophestra
5bf28901a4 cmd/hsu: check against setgid bit 
The getgroups behaviour is already checked for, but it never hurts to be more careful in a setuid program.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-08 18:22:24 +09:00
Ophestra
9e48d7f562 hst/config: move container fields from toplevel 
This change also moves pd behaviour to cmd/hakurei, as this does not belong in the hst API.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 04:24:45 +09:00
Ophestra
c9facb746b hst/config: remove data field, rename dir to home 
There is no reason to give the home directory special treatment, as this behaviour can be quite confusing. The home directory also does not necessarily require its own mount point, it could be provided by a parent or simply be ephemeral.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 00:56:10 +09:00
Ophestra
9585b35d5b hst/config: remove symlink field 
Closes #6.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 22:23:54 +09:00
Ophestra
0dcac55a0c hst/config: remove container etc field 
This no longer needs special treatment since it can be specified as a generic filesystem entry.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 19:24:33 +09:00
Ophestra
a3988c1a77 hst: rename net and abstract fields 
This makes more sense and matches the container library.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 16:48:01 +09:00
Clayton Gilmer
5db0714072 container: optionally isolate host abstract UNIX domain sockets via landlock 2025-08-18 16:28:14 +09:00
Ophestra
4ffeec3004 hst/enablement: editor friendly enablement adaptor 
Having the bit field value here (in decimal, no less) is unfriendly to text editors. Use a bunch of booleans here to improve ease of use.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-15 05:16:51 +09:00
Ophestra
4433c993fa nix: check config via hakurei 
This is unfortunately the only feasible way of doing this in nix.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-15 03:27:54 +09:00
Ophestra
99ac96511b hst/fs: interface filesystem config 
This allows mount points to be represented by different underlying structs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 04:52:49 +09:00
Ophestra
e99d7affb0 container: use absolute for pathname 
This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-11 04:56:42 +09:00
Ophestra
ec33061c92 nix: remove nscd cover 
This is a pd workaround that does nothing in the nixos module.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-01 22:04:58 +09:00
Ophestra
f7bd28118c hst: configurable wait delay 
This is useful for programs that take a long time to clean up.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-29 03:06:49 +09:00
Ophestra
b43d104680 app: integrate interrupt forwarding 
This significantly increases usability of command line tools running through hakurei.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-29 02:23:06 +09:00
Ophestra
625632c593 nix: update flake lock 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-26 18:57:54 +09:00
Ophestra
87e008d56d treewide: rename to hakurei 
Fortify makes little sense for a container tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 04:57:41 +09:00
Ophestra
bf5772bd8a nix: deduplicate home-manager merging 
This becomes a problem when extraHomeConfig defines nixos module options.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-08 01:12:18 +09:00
Ophestra
2ffca6984a nix: use reverse-DNS style id as unique identifier 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-05-25 20:12:30 +09:00
Ophestra
f30a439bcd nix: improve common usability 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-05-16 04:40:12 +09:00
Ophestra
31b7ddd122 fst: improve config 
The config struct more or less "grew" to what it is today. This change moves things around to make more sense and fixes nonsensical comments describing obsolete behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-13 03:30:19 +09:00
Ophestra
2f4f21fb18 fst: rename device field 
Dev is very ambiguous. Rename it here alongside upcoming config changes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-11 19:32:15 +09:00
Ophestra
72c59f9229 nix: check share/applications in share package 
This allows share directories without share/applications/ to build correctly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-29 19:28:20 +09:00
Ophestra
32c90ef4e7 nix: pass through exec arguments 
This is useful for when a wrapper script is unnecessary.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 03:04:46 +09:00
Ophestra
371dd5b938 nix: create current-system symlink 
This is copied at runtime because it appears to be impossible to obtain this path in nix.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 02:06:11 +09:00
Ophestra
67eb28466d nix: create opengl-driver symlink 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 20:52:20 +09:00
Ophestra
5c4058d5ac app: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 01:52:49 +09:00
Ophestra
3385538142 nix: clean up flake outputs 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 12:26:19 +09:00
Ophestra
2d4cabe786 nix: increase nixfmt max width 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-28 14:43:46 +09:00
Ophestra
8bf162820b nix: separate fsu from package 
This appears to be the only way to build them with different configuration. This enables static linking in the main package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 18:13:37 +09:00
Ophestra
6ae02e72fa nix: test direct_wayland behaviour 
This should never be used outside tests unless you absolutely know what you're doing or are using GNOME.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 10:45:27 +09:00
Ophestra
989fb5395f nix: remove unused configuration 
User setup no longer depends on userdb.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 10:10:42 +09:00
Ophestra
8d04dd72f1 nix: mount nvidia devices 
These non-standard paths are required in the sandbox for nvidia drivers to work.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 18:05:18 +09:00
Ophestra
016da20443 nix: expose compat flag in nixos module 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-25 12:42:48 +09:00
Ophestra
efacaa40fa nix: set deny_devel correctly 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-24 00:50:35 +09:00
Ophestra
96d5d8a396 nix: apply shared home config to reserved aid 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 20:48:04 +09:00
Ophestra
8a00a83c71 nix: expose syscall filter policy 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 17:24:42 +09:00
Ophestra
134247b57d nix: configure target users via nixos 
This makes patching home-manager no longer necessary.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 17:04:19 +09:00
Ophestra Umiker
4d3bd5338f nix: implement flake checks 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-16 20:54:28 +09:00
Ophestra Umiker
39e3ac3ccd nix: require /etc/userdb nix-daemon 
There seems to be some kind of credential caching in nix-daemon.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-07 21:07:57 +09:00
Ophestra Umiker
40cc8a68d1 nix: rename home directories 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-07 20:15:37 +09:00
Ophestra Umiker
95668ac998 nix: expose no_new_session in module 
Useful for shells and terminal programs like chat clients.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-28 00:19:06 +09:00
Ophestra Umiker
653d69da0a nix: module descriptions 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 18:10:57 +09:00
Ophestra Umiker
f8256137ae nix: separate module options from implementation 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 17:08:22 +09:00
Ophestra Umiker
54b47b0315 nix: copy pixmaps directory to share package 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 14:46:08 +09:00
Ophestra Umiker
8f3f0c7bbf nix: integrate dynamic users 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 02:49:48 +09:00
Ophestra Umiker
1a09b55bd4 nix: remove portal paths from default 
Despite presenting itself as a generic desktop integration interface, xdg-desktop portal is highly flatpak-centric and only supports flatpak and snap in practice. It is a significant attack surface to begin with as it is a privileged process which accepts input from unprivileged processes, and the lack of support for anything other than fortify also introduces various information leaks when exposed to fortify as it treats fortified programs as unsandboxed, privileged programs in many cases.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-10 22:24:17 +09:00
Ophestra Umiker
9a13b311ac app/config: rename map_real_uid from use_real_uid 
This option only changes mapped uid in the user namespace.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-09 12:01:34 +09:00