maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
600 Commits 2 Branches 12 Tags
e64e7608ca47d25e81fb43d66838d9aa0ffd2e9a
Commit Graph

24 Commits

Author SHA1 Message Date
Ophestra
10a21ce3ef helper: expose extra files to direct 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 02:27:40 +09:00
Ophestra
f9bf20a3c7 helper: rearrange initialisation args 
This improves consistency across two different helper implementations.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 01:06:31 +09:00
Ophestra
f443d315ad helper: clean up interface 
The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 00:27:44 +09:00
Ophestra
7c60a4d8e8 helper: embed context on creation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 18:30:22 +09:00
Ophestra
39dc8e7bd8 dbus: set process group id 
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 18:12:41 +09:00
Ophestra
fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
Ophestra
8c51012ef5 dbus: enable syscall filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 11:49:23 +09:00
Ophestra
9a239fa1a5 helper/bwrap: integrate seccomp into helper interface 
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 01:52:57 +09:00
Ophestra
2f70506865 helper/bwrap: move sync to helper state 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-19 18:38:13 +09:00
Ophestra
dc579dc610 dbus/run: bind ldd entry absolute name 
The ld.so entry has an absolute name. They are usually symlinks so binding path does not guarantee ld.so availability under its expected path in the mount namespace.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:36:03 +09:00
Ophestra
614ad86a5b dbus: fail on LookPath error 
An absolute path to xdg-dbus-proxy is required.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:08:48 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
65af1684e3 migrate to git.ophivana.moe/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-20 19:50:13 +09:00
Ophestra Umiker
2faf510146 helper/bwrap: ordered filesystem args 
The argument builder was written based on the incorrect assumption that bwrap arguments are unordered. The argument builder is replaced in this commit to correct that mistake.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-15 02:15:55 +09:00
Ophestra Umiker
d41b9d2d9c ldd: separate Parse from Exec and trim space 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 23:51:15 +09:00
Ophestra Umiker
753c5191b1 dbus/run: support running xdg-dbus-proxy in a restrictive bubblewrap sandbox 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 20:41:42 +09:00
Ophestra Umiker
55a5b6f242 dbus: use name resolved by exec.Command 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 16:55:27 +09:00
Ophestra Umiker
85407dd3c0 helper: helper.Helper interface 
For upcoming bwrap implementation of helper.Helper

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 15:37:52 +09:00
Ophestra Umiker
9647eb6a6b helper: separate pipes from Helper 
Upcoming bwrap helper implementation requires two sets of pipes to be managed, fd will also no longer be constant.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 12:48:20 +09:00
Ophestra Umiker
98f9fdb7cc dbus: configurable xdg-dbus-proxy output 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-29 15:27:29 +09:00
Ophestra Umiker
dc59f20d7b dbus: toggleable xdg-dbus-proxy output 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-29 15:24:54 +09:00
Ophestra Umiker
a8b4b3634b dbus: use generalised helper.Helper for xdg-dbus-proxy 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-25 01:17:38 +09:00
Ophestra Umiker
000607da5f helper: separate helper args fd builder from dbus 
This method of passing arguments is used in bubblewrap as well as other tools, this commit separates the argument builder/writer to the helper package and generalise it as an interface.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-24 16:11:08 +09:00
Ophestra Umiker
357cc4ce4d dbus: implement xdg-dbus-proxy wrapper 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-09 03:11:50 +09:00