hakurei

Author	SHA1	Message	Date
Ophestra	ed8ee5eb4b	nix: filter nix files from src This prevents constant rebuilds when debugging integration tests. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-21 17:39:42 +09:00
Ophestra Umiker	195b717e01	release: 0.2.5 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:28:48 +09:00
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	9f95f60400	release: 0.2.4 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 23:52:52 +09:00
Ophestra Umiker	38653c6ab5	release: 0.2.3 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 14:06:17 +09:00
Ophestra Umiker	138666d753	nix: skip acl test The nix build environment does not support ACLs. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 19:29:01 +09:00
Ophestra Umiker	e3f1d7ba60	release: 0.2.2 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 21:47:22 +09:00
Ophestra Umiker	2d606b1f4b	wl: implement security-context-v1 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:15:13 +09:00
Ophestra Umiker	30b8bce90a	fortify: zsh completion Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-20 01:25:19 +09:00
Ophestra Umiker	de0d78daae	release: 0.2.1 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 21:03:50 +09:00
Ophestra Umiker	d99c8b1fb4	release: 0.2.0 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 18:15:09 +09:00
Ophestra Umiker	748a0ae2c8	nix: wrap program from libexec This avoids renaming the fortify binary. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 12:58:47 +09:00
Ophestra Umiker	6a6d30af1f	cmd/fuserdb: systemd userdb drop-in entries generator This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 02:16:02 +09:00
Ophestra Umiker	df33123bd7	app: integrate fsu This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
Ophestra Umiker	3962705126	nix: keep fshim and finit names Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 14:59:28 +09:00
Ophestra Umiker	f831948bca	release: 0.1.0 This release significantly changes the command line interface, and updates the NixOS module to finally produce meaningful sandbox configuration. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 04:37:43 +09:00
Ophestra Umiker	cfd05b10f1	release: 0.0.11 This will be the final release before major command line interface changes. This version is tagged as it contains many fixes that still impacts the permissive defaults usage pattern. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 13:46:47 +09:00
Ophestra Umiker	88abcbe0b2	cmd/fsu: remove import of internal package Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 12:32:14 +09:00
Ophestra Umiker	584732f80a	cmd: shim and init into separate binaries This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
Ophestra Umiker	563c39c2d9	release: 0.0.10 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 20:38:10 +09:00
Ophestra Umiker	aa1f96eeeb	fsu: check parent executable path Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 18:52:23 +09:00
Ophestra Umiker	d9cb2a9f2b	fsu: implement simple setuid user switcher Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 00:02:34 +09:00
Ophestra Umiker	6d8bcb63f2	release: 0.0.9 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-27 01:25:24 +09:00
Ophestra Umiker	2f34627d37	release: 0.0.8 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-27 00:49:50 +09:00
Ophestra Umiker	133f23e0de	release: 0.0.7 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-20 19:50:59 +09:00
Ophestra Umiker	ecce832d93	release: 0.0.6 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-18 01:26:42 +09:00
Ophestra Umiker	4ebb98649e	release: 0.0.5 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-17 20:48:41 +09:00
Ophestra Umiker	689f5bed57	release: 0.0.4 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-15 02:56:49 +09:00
Ophestra Umiker	41a7eb567e	release: 0.0.3 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-14 02:31:11 +09:00
Ophestra Umiker	f4c44a9441	release: 0.0.2 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-10 00:13:06 +09:00
Ophestra Umiker	22dfa73efe	release: 0.0.1 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 20:48:38 +09:00
Ophestra Umiker	996bf67ac2	release: 0.0.0-beta.5 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-28 00:25:16 +09:00
Ophestra Umiker	a75229991c	nix: make bubblewrap available in PATH Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-23 18:21:12 +09:00
Ophestra Umiker	9a9fcdb9ec	release: 0.0.0-beta.4 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-22 01:18:47 +09:00
Ophestra Umiker	2763ec730e	release: 0.0.0-beta.3 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-17 23:17:39 +09:00
Ophestra Umiker	6a6f62efa6	release: 0.0.0-beta.2 This project started as a Go implementation of https://github.com/intgr/ego. That is clearly no longer what it is anymore and the tagged releases no longer made sense, so we're going back to v0. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-16 20:41:02 +09:00
Ophestra Umiker	c1bfe2cd74	release: 1.1.0 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-09 05:14:53 +09:00
Ophestra Umiker	cdc08817a7	nix: add xdg-dbus-proxy to PATH via wrapProgram Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-09 04:37:12 +09:00
Ophestra Umiker	58d3a1fbc7	release: 1.0.4 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-04 19:57:47 +09:00
Ophestra Umiker	945cce2f5e	nix: implement nixos module Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-04 17:03:21 +09:00

40 Commits