e574042d76
test/sandbox: verify seccomp on all test cases
...
This change also makes seccomp hashes cross-platform.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-09 04:21:35 +09:00
d90da1c8f5
container/seccomp: add arm64 constants
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-07 14:58:03 +09:00
5853d7700f
container/seccomp: move bpf hashes
...
Filter programs are different across platforms. This representation is also much more readable.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-07 14:41:47 +09:00
d5c7523726
container/init: fix prctl call
...
This is a very silly typo. Luckily has no effect due to an upper layer doing PR_SET_NO_NEW_PRIVS already.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-07 14:06:14 +09:00
ddfcc51b91
container: move capset implementation
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-07 13:47:13 +09:00
8ebedbd88a
container: move syscall constants
...
These aren't missing from all targets.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-07 13:23:01 +09:00
84e8142a2d
container/seccomp: move personality constants
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-07 12:44:32 +09:00
2c7b7ad845
container/seccomp: cross-platform sysnum cutoff
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-07 12:27:00 +09:00
356b42a406
container/init: use /proc/self as intermediate
...
Setting up via /tmp is okay, /proc/self/fd makes a lot more sense though for reasons described in the comment.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-06 02:14:35 +09:00
d2f9a9b83b
treewide: migrate to hakurei.app
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-03 03:30:39 +09:00
1b5ecd9eaf
container: move out of toplevel
...
This allows slightly easier use of the vanity url. This also provides some disambiguation between low level containers and hakurei app containers.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-07-03 02:59:43 +09:00
