maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
1,010 Commits 2 Branches 12 Tags
eb5ee4fece0327b1183ae823d68e4cf4e3e1ced0
Commit Graph

14 Commits

Author SHA1 Message Date
Ophestra
eb5ee4fece internal/app: modularise outcome finalise 
This is the initial effort of splitting up host and container side of finalisation for params to shim. The new layout also enables much finer grained unit testing of each step, as well as partition access to per-app state for each step.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-05 02:52:50 +09:00
Ophestra
46cd3a28c8 container: remove global msg 
This frees all container instances of side effects.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 06:11:47 +09:00
Ophestra
ae2df2c450 internal: remove sys package 
This package is replaced by container/stub. Remove and replace it with unexported implementation for the upcoming test suite rewrite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-25 13:51:54 +09:00
Ophestra
6e3f34f2ec internal/app: merge finalise test cases 
This cleans everything up a bit for the upcoming test suite rewrite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-25 12:11:02 +09:00
Ophestra
0d7c1a9a43 app: rename app implementation package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-12 10:54:24 +09:00
Ophestra
5c4058d5ac app: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 01:52:49 +09:00
Ophestra
7c063833e0 internal/sys: wrap getuid/getgid 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 17:10:03 +09:00
Ophestra
648e1d641a app: separate interface from implementation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-18 23:07:28 +09:00
Ophestra
ffaa12b9d8 sys: wrap log methods 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-18 22:52:09 +09:00
Ophestra
e0f321b2c4 sys: rename from linux 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-18 18:47:48 +09:00
Ophestra
ea8d1c07df priv/shim: move /sbin/init setup to app 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:06:10 +09:00
Ophestra
562f5ed797 fst: hide sockets exposed via Filesystem 
This is mostly useful for permissive defaults.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 10:13:18 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
b291f0b710 app: add nixos-based config test case 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-21 12:13:21 +09:00