This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This is way higher level than the container package and does not even work unless every path is mounted in the exact same location.
This behaviour causes nothing but confusion and problems,
Signed-off-by: Ophestra <cat@gensokyo.uk>
This increases readability since this can help disambiguate absolute paths from similarly named path segments.
Signed-off-by: Ophestra <cat@gensokyo.uk>
There is no reason to mount mqueue anywhere else, and these Ops usually follow each other. This change merges them. This helps decrease IPC overhead and also enables mounting dev readonly.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This part of the interface is very unintuitive and only used for testing, even in testing it is inelegant and can be done better.
Signed-off-by: Ophestra <cat@gensokyo.uk>
This allows slightly easier use of the vanity url. This also provides some disambiguation between low level containers and hakurei app containers.
Signed-off-by: Ophestra <cat@gensokyo.uk>
There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller.
Signed-off-by: Ophestra <cat@gensokyo.uk>
Fortify needs to internally resolve helper program sandbox config. They are considered trusted and runs under the privileged UID so ldd output is used to determine libraries they need inside the sandbox environment.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
