maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity
771 Commits 2 Branches 12 Tags
f84ec5a3f8d648031bc8e7c4baf6e31d67d2d5a4
Commit Graph

61 Commits

Author SHA1 Message Date
Ophestra
eb22a8bcc1 cmd/hakurei: move to cmd 
Having it at the project root never made sense since the "ego" name was deprecated. This change finally addresses it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 20:42:51 +09:00
Ophestra
31aef905fa sandbox: expose seccomp interface 
There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 04:47:13 +09:00
Ophestra
1a8840bebc sandbox/seccomp: resolve rules natively 
This enables loading syscall filter policies from external cross-platform config files.

This also removes a significant amount of C code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-01 22:11:32 +09:00
Ophestra
87e008d56d treewide: rename to hakurei 
Fortify makes little sense for a container tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 04:57:41 +09:00
Ophestra
b7e991de5b nix: update flake lock 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-05 04:05:39 +09:00
Ophestra
dde2516304 dbus: handle bizarre dbus proxy behaviour 
There is a strange behaviour in xdg-dbus-proxy where if any interface string when stripped of a single ".*" suffix does not contain a '.' byte anywhere, the program will exit with code 1 without any output. This checks for such conditions to make the failure less confusing.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-05-25 19:50:06 +09:00
Ophestra
5979d8b1e0 dbus: clean up wrapper implementation 
The dbus proxy wrapper haven't been updated much ever since the helper interface was introduced.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-16 23:35:17 +09:00
Ophestra
584405f7cc sandbox/seccomp: rename flag type and constants 
The names are ambiguous. Rename them to make more sense.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-08 01:59:45 +09:00
Ophestra
78aaae7ee0 helper/args: copy args on wt creation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 18:22:07 +09:00
Ophestra
24618ab9a1 sandbox: move out of internal 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:55:36 +09:00
Ophestra
9a1f8e129f sandbox: wrap fmsg interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:44:07 +09:00
Ophestra
44277dc0f1 dbus: run in native sandbox 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 00:13:14 +09:00
Ophestra
273d97af85 ldd: lib paths resolve function 
This is what always happens right after a ldd call, so implement it here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 01:20:09 +09:00
Ophestra
6e7ddb2d2e helper: eliminate commandContext replacement 
This is done more cleanly by modifying Args in cmdF.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-16 00:01:25 +09:00
Ophestra
10a21ce3ef helper: expose extra files to direct 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 02:27:40 +09:00
Ophestra
f9bf20a3c7 helper: rearrange initialisation args 
This improves consistency across two different helper implementations.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 01:06:31 +09:00
Ophestra
f443d315ad helper: clean up interface 
The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-15 00:27:44 +09:00
Ophestra
7c60a4d8e8 helper: embed context on creation 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-14 18:30:22 +09:00
Ophestra
39dc8e7bd8 dbus: set process group id 
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-25 18:12:41 +09:00
Ophestra
73146ea7fa dbus: remove BwrapStatic method 
This method does not do anything and is not called from anywhere. It also does not make any sense as a public interface since the argument builder is no longer stateless.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:09:59 +09:00
Ophestra
fe7d208cf7 helper: use generic extra files interface 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
Ophestra
72fb13dccc dbus: lock for read in public args interface 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-07 13:42:29 +09:00
Ophestra
8c51012ef5 dbus: enable syscall filter 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 11:49:23 +09:00
Ophestra
9a239fa1a5 helper/bwrap: integrate seccomp into helper interface 
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-22 01:52:57 +09:00
Ophestra
2f70506865 helper/bwrap: move sync to helper state 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-19 18:38:13 +09:00
Ophestra
1651eb06df dbus: implement dbus_parse_address 
This parses D-Bus addresses according to spec. It does significantly fewer copies than dbus_parse_address.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-12 23:24:03 +09:00
Ophestra
ac543a1ce8 dbus: rename makeTestCases 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-12 23:21:28 +09:00
Ophestra
c4d6651cae update reverse-DNS style identifiers 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-31 16:16:38 +09:00
Ophestra
dc579dc610 dbus/run: bind ldd entry absolute name 
The ld.so entry has an absolute name. They are usually symlinks so binding path does not guarantee ld.so availability under its expected path in the mount namespace.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:36:03 +09:00
Ophestra
614ad86a5b dbus: fail on LookPath error 
An absolute path to xdg-dbus-proxy is required.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2024-12-26 16:08:48 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
4b7b899bb3 add package doc comments 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-28 20:57:59 +09:00
Ophestra Umiker
65af1684e3 migrate to git.ophivana.moe/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-20 19:50:13 +09:00
Ophestra Umiker
33cf0bed54 dbus: various accessors for dbus.Proxy internal fields 
These values are useful during sandbox setup and exporting them makes more sense than storing them twice.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-16 01:27:49 +09:00
Ophestra Umiker
2faf510146 helper/bwrap: ordered filesystem args 
The argument builder was written based on the incorrect assumption that bwrap arguments are unordered. The argument builder is replaced in this commit to correct that mistake.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-15 02:15:55 +09:00
Ophestra Umiker
0f421644be dbus: improve unsealed behaviour coverage 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-12 00:53:08 +09:00
Ophestra Umiker
d41b9d2d9c ldd: separate Parse from Exec and trim space 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 23:51:15 +09:00
Ophestra Umiker
753c5191b1 dbus/run: support running xdg-dbus-proxy in a restrictive bubblewrap sandbox 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 20:41:42 +09:00
Ophestra Umiker
55a5b6f242 dbus: use name resolved by exec.Command 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 16:55:27 +09:00
Ophestra Umiker
85407dd3c0 helper: helper.Helper interface 
For upcoming bwrap implementation of helper.Helper

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 15:37:52 +09:00
Ophestra Umiker
9647eb6a6b helper: separate pipes from Helper 
Upcoming bwrap helper implementation requires two sets of pipes to be managed, fd will also no longer be constant.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 12:48:20 +09:00
Ophestra Umiker
d1415305ae dbus: test child process handling behaviour via helper stub 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-29 15:49:32 +09:00
Ophestra Umiker
98f9fdb7cc dbus: configurable xdg-dbus-proxy output 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-29 15:27:29 +09:00
Ophestra Umiker
dc59f20d7b dbus: toggleable xdg-dbus-proxy output 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-29 15:24:54 +09:00
Ophestra Umiker
0e7849fac2 dbus: add more test cases 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-28 19:19:31 +09:00
Ophestra Umiker
342c66aae8 dbus: replace test suffix * with + 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-28 17:47:15 +09:00
Ophestra Umiker
cf182d1fbe dbus: seal test error check for correct error returned 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-28 17:00:20 +09:00
Ophestra Umiker
1038af98f0 dbus: add tests 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-28 00:06:16 +09:00
Ophestra Umiker
aa2be18f47 dbus/config: implement file loading functions 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-27 23:53:08 +09:00
Ophestra Umiker
84d8c27b5f dbus: return exported error for nil config 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-27 23:52:38 +09:00