maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
770 Commits 1 Branch 12 Tags
eb22a8bcc1ac03357d4073e5d3ed6d0ab5246a37
Commit Graph

17 Commits

Author SHA1 Message Date
Ophestra
eb22a8bcc1 cmd/hakurei: move to cmd 
Having it at the project root never made sense since the "ego" name was deprecated. This change finally addresses it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 20:42:51 +09:00
Ophestra
31aef905fa sandbox: expose seccomp interface 
There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 04:47:13 +09:00
Ophestra
1a8840bebc sandbox/seccomp: resolve rules natively 
This enables loading syscall filter policies from external cross-platform config files.

This also removes a significant amount of C code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-01 22:11:32 +09:00
Ophestra
87e008d56d treewide: rename to hakurei 
Fortify makes little sense for a container tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 04:57:41 +09:00
Ophestra
b7e991de5b nix: update flake lock 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-05 04:05:39 +09:00
Ophestra
584405f7cc sandbox/seccomp: rename flag type and constants 
The names are ambiguous. Rename them to make more sense.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-08 01:59:45 +09:00
Ophestra
ad3576c164 sandbox: resolve tty name 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-24 16:03:07 +09:00
Ophestra
a11237b158 sandbox/vfs: add doc comments 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-24 13:21:55 +09:00
Ophestra
40f00d570e sandbox: set mkdir perm 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-24 12:51:39 +09:00
Ophestra
e8809125d4 sandbox: verify outcome via mountinfo 
This contains much more information than /proc/mounts and allows for more fields to be checked. This also removes the dependency on the test package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-23 22:17:36 +09:00
Ophestra
75e0c5d406 test/sandbox: parse full test case 
This makes declaring multiple tests much cleaner.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-23 14:53:50 +09:00
Ophestra
c638193268 sandbox: apply vfs options to bind mounts 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-23 05:27:57 +09:00
Ophestra
cc89dbdf63 sandbox: place files with content 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 22:13:22 +09:00
Ophestra
228f3301f2 sandbox: create directories 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 22:03:06 +09:00
Ophestra
af3619d440 sandbox: create symlinks 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 16:37:56 +09:00
Ophestra
c83a7e2efc sandbox: mount container /dev/mqueue 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 15:42:40 +09:00
Ophestra
24618ab9a1 sandbox: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:55:36 +09:00