hakurei

Author	SHA1	Message	Date
Ophestra	c64b8163e7	app: separate instance from process state This works better for the implementation. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-21 16:06:24 +09:00
Ophestra	3c80fd2b0f	app: defer system.I revert Just returning an error after a successful call of commit will leave garbage behind with no way for the caller to clean them. This change ensures revert is always called after successful commit with at least per-process state enabled. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 21:12:11 +09:00
Ophestra	648e1d641a	app: separate interface from implementation Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 23:07:28 +09:00
Ophestra	e0f321b2c4	sys: rename from linux Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 18:47:48 +09:00
Ophestra	2c9c7fee5b	linux: wrap fsu lookup error Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 17:39:53 +09:00
Ophestra	e9b0f9faef	fmsg: export logBaseError function Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 13:02:51 +09:00
Ophestra	90cb01b274	system: move out of internal Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 19:00:43 +09:00
Ophestra	e599b5583d	fmsg: implement suspend in writer This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-16 18:51:53 +09:00
Ophestra	33a4ab11c2	internal: move shim and init into app This structure makes more sense, as both processes are part of an app's lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-16 16:28:46 +09:00
Ophestra	3054527ca5	fortify: prevent exit status 0 on app failure Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 14:40:19 +09:00
Ophestra	aaebb8f3ab	fortify: check print behaviour These output are supposed to be deterministic, so checking them is a good way to catch regressions. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-14 14:44:28 +09:00
Ophestra	fe7d208cf7	helper: use generic extra files interface This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-13 23:34:15 +09:00
Ophestra	e14923ae53	helper/proc: move package out of internal Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-08 13:03:45 +09:00
Ophestra	163f15e93f	helper/seccomp: separate seccomp package Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 12:59:11 +09:00
Ophestra	a30f5e1226	fortify: set up seccomp verbose logging early Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 01:58:54 +09:00
Ophestra	9a239fa1a5	helper/bwrap: integrate seccomp into helper interface This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 01:52:57 +09:00
Ophestra	20a3d4c458	proc/priv/shim: resolve and load seccomp rules Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 23:52:56 +09:00
Ophestra	b31d055e20	proc/priv/init: early init check Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 12:33:33 +09:00
Ophestra	27d2914286	proc/priv/init: merge init into main program Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:47:01 +09:00
Ophestra	ea8f228af3	proc/priv/shim: merge shim into main program Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 23:43:32 +09:00
Ophestra	124743ffd3	app: expose single run method App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-15 23:39:51 +09:00
Ophestra	6acd0d4e88	linux/std: handle fsu exit status 1 Printing "exit status 1" is confusing. This handles the ExitError and returns EACCES instead. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-01 21:34:57 +09:00
Ophestra	35b7142317	fortify: show system info when instance is not specified This contains useful information not obtainable by external tools. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-01 19:35:50 +09:00
Ophestra	70bffeaa1e	fortify: clean up config loading Move duplicate code to function. Also handle - as config from stdin. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-23 17:57:54 +09:00
Ophestra	8a9ba5e0ad	fortify: show short mode omit filesystems Filesystem information can be quite noisy in permissive defaults. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-22 13:20:33 +09:00
Ophestra	cb98baa19d	fortify: clean up ps formatting code Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-21 20:34:40 +09:00
Ophestra	4f4c690d38	fortify: move json indent call Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-21 19:06:25 +09:00
Ophestra	df7f692e61	fortify: move show formatting out of main Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-21 18:33:30 +09:00
Ophestra	68660a2ad4	fortify: config/state pretty-print subcommand Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-21 12:29:04 +09:00
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	5d25bee786	fortify: remove systemd check This is no longer necessary as fortify no longer integrates with external user switchers. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:14:31 +09:00
Ophestra Umiker	2f676c9d6e	fst: rename from fipc Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 15:50:46 +09:00
Ophestra Umiker	b752ec4468	fipc: export config struct Also store full config as part of state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 13:45:55 +09:00
Ophestra Umiker	1b5b089c78	fortify: rename --dbus-id to --id This value is no longer specific to D-Bus defaults. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 03:26:09 +09:00
Ophestra Umiker	6bf33ce507	fortify: use resolved username Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 21:03:09 +09:00
Ophestra Umiker	c026a4b5dc	fortify: permissive defaults resolve home directory from os When starting with the permissive defaults "run" command, attempt to resolve home directory from os by default and fall back to /var/empty. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 13:01:07 +09:00
Ophestra Umiker	05b7dbf066	app: alternative inner home path Support binding home to an alternative path in the mount namespace. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 00:18:21 +09:00
Ophestra Umiker	df33123bd7	app: integrate fsu This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
Ophestra Umiker	89bafd0c22	fortify: root check before command handling Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-05 12:57:03 +09:00
Ophestra Umiker	861bb1274f	fortify: override default usage function Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-05 00:12:31 +09:00
Ophestra Umiker	714818c8aa	fortify: implement cleaner argument structure Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-05 00:07:36 +09:00
Ophestra Umiker	422d8e00d5	fortify: replace direct syscall with prctl wrapper Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 17:00:25 +09:00
Ophestra Umiker	584732f80a	cmd: shim and init into separate binaries This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
Ophestra Umiker	09feda3783	fortify: exit if seal returns error Wait should not be called on an unsealed App. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-27 23:18:16 +09:00
Ophestra Umiker	7df9d8d01d	system: move sd_booted implementation to os abstraction This implements lazy loading of the systemd marker (they are not accessed in init and shim) and ensures consistent behaviour when running with a stub. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-27 12:09:34 +09:00
Ophestra Umiker	1d6ea81205	shim: user switcher process management struct This change moves all user switcher and shim management to the shim package and withholds output while shim is alive. This also eliminated all exit scenarios where revert is skipped. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-27 00:46:15 +09:00
Ophestra Umiker	6bc5be7e5a	internal: wrap calls to os standard library functions This change helps tests stub out and simulate OS behaviour during the sealing process. This also removes dependency on XDG_RUNTIME_DIR as the internal.System implementation provided to App provides a compat directory inside the tmpdir-based share when XDG_RUNTIME_DIR is unavailable. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-23 21:46:21 +09:00
Ophestra Umiker	42e0b168e3	fmsg: produce all output through fmsg The behaviour of print functions from package fmt is not thread safe. Functions provided by fmsg wrap around Logger methods. This makes prefix much cleaner and makes it easy to deal with future changes to logging. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-21 20:47:02 +09:00
Ophestra Umiker	65af1684e3	migrate to git.ophivana.moe/security/fortify Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-20 19:50:13 +09:00
Ophestra Umiker	ad0034b09a	app: move app ID to app struct App ID is inherent to App, and it makes no sense to generate it as part of the app sealing process. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-20 00:22:18 +09:00

1 2

74 Commits