maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
1,712 Commits 7 Branches 12 Tags
ef130adb27831d43f3779ef25cd72fc99ce32752
Commit Graph

882 Commits

Author SHA1 Message Date
cat 605d018be2 app/seal: check for '=' in envv 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 18:25:23 +09:00
cat 300571af47 app: pass through $SHELL 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 01:22:40 +09:00
cat 2dd49c437c app: create XDG_RUNTIME_DIR with perm 0700 
Many programs complain about this.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 02:49:37 +09:00
cat c326c3f97d fst/sandbox: do not create /etc in advance 
This is now handled by the setup op. This also gets rid of the hardcoded /etc path.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 20:00:34 +09:00
cat 61dbfeffe7 sandbox/wl: move into sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 05:26:37 +09:00
cat 532feb4bfa app: merge shim into app package 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 05:21:47 +09:00
cat ec5e91b8c9 system: optimise string formatting 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 04:42:30 +09:00
cat 5c4058d5ac app: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 01:52:49 +09:00
cat 7c063833e0 internal/sys: wrap getuid/getgid 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 17:10:03 +09:00
cat 24618ab9a1 sandbox: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:55:36 +09:00
cat 9ce4706a07 sandbox: move params setup functions 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:48:32 +09:00
cat 9a1f8e129f sandbox: wrap fmsg interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:44:07 +09:00
cat ee10860357 seccomp: install output atomically 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 01:10:27 +09:00
cat 48feca800f sandbox: check command function pointer 
Setting default CommandContext on initialisation is somewhat of a footgun.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 23:29:14 +09:00
cat 273d97af85 ldd: lib paths resolve function 
This is what always happens right after a ldd call, so implement it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 01:20:09 +09:00
cat 9f5dad1998 sandbox: return on zero length ops 
This dodges potentially confusing behaviour where init fails due to Ops being clobbered during transfer.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 00:32:36 +09:00
cat bac4e67867 sandbox/init: early params nil check 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 04:03:10 +09:00
cat 4230281194 sandbox: return error on doubled start 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 03:30:14 +09:00
cat e64e7608ca sandbox: expose cancel behaviour 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 03:04:27 +09:00
cat 10a21ce3ef helper: expose extra files to direct 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 02:27:40 +09:00
cat f9bf20a3c7 helper: rearrange initialisation args 
This improves consistency across two different helper implementations.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 01:06:31 +09:00
cat f443d315ad helper: clean up interface 
The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 00:27:44 +09:00
cat 9e18d1de77 helper/proc: pass extra files and start 
For integration with native container tooling.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 23:23:57 +09:00
cat 2647a71be1 seccomp: move out of helper 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 22:42:40 +09:00
cat 7c60a4d8e8 helper: embed context on creation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 18:30:22 +09:00
cat 4bb5d9780f ldd: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 17:55:55 +09:00
cat f41fd94628 sandbox: write uid/gid map as init 
This avoids PR_SET_DUMPABLE in the parent process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 17:42:22 +09:00
cat 94895bbacb sandbox: invert seccomp ruleset defaults 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 02:38:32 +09:00
cat f332200ca4 sandbox: mount container /dev 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 02:18:44 +09:00
cat 2eff470091 sandbox/mount: pass custom tmpfs name 
The tmpfs driver allows arbitrary fsname.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 02:12:35 +09:00
cat a092b042ab sandbox: pass params to setup ops 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 02:11:38 +09:00
cat e94b09d337 sandbox/mount: fix source flag path 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 02:10:48 +09:00
cat 5d9e669d97 sandbox: separate tmpfs function from op 
This is useful in the implementation of various other ops.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 00:21:20 +09:00
cat f1002157a5 sandbox: separate bind mount function from op 
This is useful in the implementation of various other ops.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 00:16:41 +09:00
cat 4133b555ba internal/app: rename init to init0 
This makes way for the new container init.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-13 21:57:54 +09:00
cat 9b1a60b5c9 sandbox: native container tooling 
This should eventually replace bwrap.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-13 21:36:26 +09:00
cat e048f31baa internal: pull EINTR loop from stdlib 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-13 00:42:38 +09:00
cat 6af8b8859f sandbox: read overflow ids 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-13 00:41:37 +09:00
cat 61e58aa14d helper/proc: expose setup file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-09 17:22:31 +09:00
cat 9e15898c8f internal/prctl: rename prctl wrappers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-07 22:56:35 +09:00
cat 80f9b62d25 app: print comp values early 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 22:27:55 +09:00
cat 673b648bd3 cmd/fpkg: call app in-process 
Wrapping fortify is slow, painful and error-prone. Start apps in-process instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 19:51:44 +09:00
cat 840ceb615a app: handle RunState errors 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 17:36:14 +09:00
cat d050b3de25 app: define errors in a separate file 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 17:12:02 +09:00
cat 6d4ac3d9fd internal: store fortify path in internal 
This now makes more sense due to the changes in build system.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-26 12:03:25 +09:00
cat 39dc8e7bd8 dbus: set process group id 
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 18:12:41 +09:00
cat f0a082ec84 fortify: improve handling of RevertErr 
All this error wrapping is getting a bit ridiculous and I might want to do something about that somewhere down the line.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 00:45:00 +09:00
cat c64b8163e7 app: separate instance from process state 
This works better for the implementation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-21 16:06:24 +09:00
cat 3c80fd2b0f app: defer system.I revert 
Just returning an error after a successful call of commit will leave garbage behind with no way for the caller to clean them. This change ensures revert is always called after successful commit with at least per-process state enabled.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-19 21:12:11 +09:00
cat ef81828e0c app: remove share method 
This is yet another implementation detail from before system.I, getting rid of this vastly cuts down on redundant seal state.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-19 16:20:25 +09:00