maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,471 Commits 7 Branches 12 Tags
ce06539ecaf07b5fe572b3c190b69bd01aaa7c93
Commit Graph

355 Commits

Author SHA1 Message Date
cat 61e58aa14d helper/proc: expose setup file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-09 17:22:31 +09:00
cat 9e15898c8f internal/prctl: rename prctl wrappers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-07 22:56:35 +09:00
cat 2d4cabe786 nix: increase nixfmt max width 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-28 14:43:46 +09:00
cat 673b648bd3 cmd/fpkg: call app in-process 
Wrapping fortify is slow, painful and error-prone. Start apps in-process instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 19:51:44 +09:00
cat 45ad788c6d cmd/fsu: allow switch from fpkg 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 19:42:28 +09:00
cat 12c6d66bfd cmd/fpkg/test: nixos test fpkg install/start 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 13:12:16 +09:00
cat d7d2bd33ed cmd/fpkg/build: expose nixos configuration 
This should be used sparingly as the NixOS closure is in the bootstrap store which compresses rather poorly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 12:31:18 +09:00
cat 4fa38d6063 cmd/fpkg: use fortify path from internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 12:16:35 +09:00
cat a5d2f040fb cmd/fpkg/build: run final build step in nix 
This used to be a script that had to be run outside of nix because the sandbox disallows access to nix store state. Turns out closureInfo is the proper way to do that.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 23:53:18 +09:00
cat e6cd2bb2a8 cmd/fpkg: integrate command handler 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 23:25:12 +09:00
cat 0fb72e5d99 cmd/fpkg/build: prepend extra nix flags 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 20:21:09 +09:00
cat 8bf162820b nix: separate fsu from package 
This appears to be the only way to build them with different configuration. This enables static linking in the main package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-23 18:13:37 +09:00
cat eb0c16dd8c cmd/fpkg: rename buildPackage file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-21 18:13:34 +09:00
cat 4fa1e97026 cmd/fpkg: rename shell to shellPath 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-21 17:50:20 +09:00
cat 90cb01b274 system: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-17 19:00:43 +09:00
cat e599b5583d fmsg: implement suspend in writer 
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 18:51:53 +09:00
cat 1fd571d561 cmd/fsu: check parse behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 16:43:55 +09:00
cat be30e2f11e cmd/fsu: revert offset in error message 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 15:31:39 +09:00
cat 134247b57d nix: configure target users via nixos 
This makes patching home-manager no longer necessary.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-23 17:04:19 +09:00
cat 580128922b cmd/fpkg: expose syscall policy options 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 12:01:30 +09:00
cat 7baca66a56 proc: remove duplicate compile-time fortify reference 
This is no longer needed since shim and init are now part of the main program.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-18 11:59:33 +09:00
cat 27d2914286 proc/priv/init: merge init into main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-18 11:47:01 +09:00
cat ea8f228af3 proc/priv/shim: merge shim into main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-17 23:43:32 +09:00
cat 124743ffd3 app: expose single run method 
App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 23:39:51 +09:00
cat 22a4b99674 cmd/fpkg/install: deduplicate nix store 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-30 02:25:04 +09:00
cat 1464ef774b cmd/fpkg: expose nixGL wrappers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-30 02:02:20 +09:00
cat 66ba4cea5c cmd/fpkg: remove workDir acl from activation 
Activation does not require access to workDir, and by this point all information is available in dataHome.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 23:48:45 +09:00
cat f8d0786509 cmd/fpkg: include nixGL source in inner store 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 23:37:11 +09:00
cat aff80b6b00 cmd/fpkg: optional network access when invoking with nix daemon 
This is useful for building nixGL.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 18:32:44 +09:00
cat a98a176907 cmd/fpkg: bind and document more gpu devices 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 18:25:26 +09:00
cat 5302879b88 cmd/fpkg: improve readability of fortify invocations 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 17:55:56 +09:00
cat 891b3cbde7 cmd/fpkg: compare all three store paths 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 17:10:41 +09:00
cat c795293f36 cmd/fpkg: clean up broken links before activation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 15:21:40 +09:00
cat c1a459a0b1 cmd/fpkg/start: correct drop to shell wording 
Activation no longer happens during application startup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-29 00:56:14 +09:00
cat e0e2f40e84 cmd/fpkg: app bundle helper 
This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 13:21:49 +09:00
cat 9b206072fa cmd/fshim: ensure data directory 
Ensuring home directory in shim causes the directory to be owned by the target user.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-28 14:39:01 +09:00
cat 0a2aa5823b cmd/fshim: bind finit inside sandbox 
The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-27 14:44:57 +09:00
cat df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
cat 52f21a19f3 cmd/fshim: switch to setup pipe 
The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 19:39:25 +09:00
cat 7be53a2438 cmd/fshim: switch to generic setup func 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 17:20:31 +09:00
cat f69e8e753e cmd/finit: switch to generic receive func 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-18 16:49:19 +09:00
cat b453f70ca2 cmd/fsu: check uid range before syscall 
This limits potential exploits to the fortify uid range.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-17 13:01:36 +09:00
cat 33c95b80ca cmd/fuserdb: rename home directories 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-07 20:23:46 +09:00
cat cc816a1aaa proc: cleaner extra files 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 16:05:04 +09:00
cat b3ef53b193 app: integrate security-context-v1 
Should be able to get rid of XDG_RUNTIME_DIR share after this.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:25:33 +09:00
cat ae2628e57a cmd/fshim/ipc: install signal handler on shim start 
Getting killed at this point will result in inconsistent state.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 13:33:46 +09:00
cat 2e23cef7bb cmd/fuserdb: generate group entries 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 23:31:06 +09:00
cat 6a6d30af1f cmd/fuserdb: systemd userdb drop-in entries generator 
This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 02:16:02 +09:00
cat df33123bd7 app: integrate fsu 
This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-16 21:19:45 +09:00
cat 45fead18c3 cmd/fshim: set no_new_privs flag 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-09 11:50:56 +09:00