maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
1,477 Commits 2 Branches 12 Tags
d7d058fdc512bc3c09643bb3a3ad04d95aba261b
Commit Graph

11 Commits

Author SHA1 Message Date
Ophestra
54610aaddc internal/outcome: expose pipewire via pipewire-pulse 
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst.

Closes #29.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-15 12:57:06 +09:00
Ophestra
d0a3c6a2f3 internal/outcome: optional shim private dir 
This is a private work directory owned by the specific shim. Useful for sockets owned by this instance of the shim and requires no direct assistance from the priv-side process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-15 12:32:46 +09:00
Ophestra
c1399f5030 std: rename from comp 
Seccomp lookup tables are going to be relocated here, and PNR constants.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 02:47:43 +09:00
Ophestra
ae66b3d2fb message: rename NewMsg to New 
Should have done this when relocating this from container. Now is a good time to rename it before v0.3.x.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-03 01:49:27 +09:00
Ophestra
6931ad95c3 internal/outcome/shim: EOF as exit request fallback 
In some cases the signal might be delivered before the signal handler is installed, and synchronising against such a case is too expensive. Instead, use the pipe being closed as a fallback to the regular exit request. This change also moves installation of the signal handler early.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-02 04:41:26 +09:00
Ophestra
46c5ce4936 internal/outcome/shim: check full behaviour 
This took significant effort to stub out, and achieves full coverage after c5aefe5e9d.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-30 05:20:49 +09:00
Ophestra
36f8064905 internal/outcome/process: output via msg 
This makes it possible to instrument output behaviour through stub.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-30 03:41:38 +09:00
Ophestra
eeb9f98e5b internal/outcome/shim: move signal constants 
The magic numbers hurt readability.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-30 01:20:51 +09:00
Ophestra
3f9f331501 internal/outcome/shim: remove noop resume 
The shim does not suspend output to begin with. These are leftovers from when container startup code suspends output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-29 23:31:39 +09:00
Ophestra
2563391086 internal/outcome/shim: params check early 
This is unreachable, but keeping it here as a failsafe until more test cases are added.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-29 23:10:12 +09:00
Ophestra
a0b4e47acc internal/outcome: rename from app 
This is less ambiguous, and more accurately describes the purpose of the package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-29 04:33:13 +09:00