24618ab9a1
sandbox: move out of internal
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-17 02:55:36 +09:00
9a1f8e129f
sandbox: wrap fmsg interface
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-17 02:44:07 +09:00
ee10860357
seccomp: install output atomically
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-17 01:10:27 +09:00
2647a71be1
seccomp: move out of helper
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-14 22:42:40 +09:00
4133b555ba
internal/app: rename init to init0
...
This makes way for the new container init.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-13 21:57:54 +09:00
61e58aa14d
helper/proc: expose setup file
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-09 17:22:31 +09:00
9e15898c8f
internal/prctl: rename prctl wrappers
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-03-07 22:56:35 +09:00
2d4cabe786
nix: increase nixfmt max width
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-28 14:43:46 +09:00
673b648bd3
cmd/fpkg: call app in-process
...
Wrapping fortify is slow, painful and error-prone. Start apps in-process instead.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-26 19:51:44 +09:00
45ad788c6d
cmd/fsu: allow switch from fpkg
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-26 19:42:28 +09:00
12c6d66bfd
cmd/fpkg/test: nixos test fpkg install/start
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-26 13:12:16 +09:00
d7d2bd33ed
cmd/fpkg/build: expose nixos configuration
...
This should be used sparingly as the NixOS closure is in the bootstrap store which compresses rather poorly.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-26 12:31:18 +09:00
4fa38d6063
cmd/fpkg: use fortify path from internal
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-26 12:16:35 +09:00
a5d2f040fb
cmd/fpkg/build: run final build step in nix
...
This used to be a script that had to be run outside of nix because the sandbox disallows access to nix store state. Turns out closureInfo is the proper way to do that.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-25 23:53:18 +09:00
e6cd2bb2a8
cmd/fpkg: integrate command handler
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-23 23:25:12 +09:00
0fb72e5d99
cmd/fpkg/build: prepend extra nix flags
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-23 20:21:09 +09:00
8bf162820b
nix: separate fsu from package
...
This appears to be the only way to build them with different configuration. This enables static linking in the main package.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-23 18:13:37 +09:00
eb0c16dd8c
cmd/fpkg: rename buildPackage file
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-21 18:13:34 +09:00
4fa1e97026
cmd/fpkg: rename shell to shellPath
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-21 17:50:20 +09:00
90cb01b274
system: move out of internal
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-17 19:00:43 +09:00
e599b5583d
fmsg: implement suspend in writer
...
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-16 18:51:53 +09:00
1fd571d561
cmd/fsu: check parse behaviour
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 16:43:55 +09:00
be30e2f11e
cmd/fsu: revert offset in error message
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 15:31:39 +09:00
134247b57d
nix: configure target users via nixos
...
This makes patching home-manager no longer necessary.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-23 17:04:19 +09:00
580128922b
cmd/fpkg: expose syscall policy options
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 12:01:30 +09:00
7baca66a56
proc: remove duplicate compile-time fortify reference
...
This is no longer needed since shim and init are now part of the main program.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-18 11:59:33 +09:00
27d2914286
proc/priv/init: merge init into main program
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-18 11:47:01 +09:00
ea8f228af3
proc/priv/shim: merge shim into main program
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-17 23:43:32 +09:00
124743ffd3
app: expose single run method
...
App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-15 23:39:51 +09:00
22a4b99674
cmd/fpkg/install: deduplicate nix store
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-30 02:25:04 +09:00
1464ef774b
cmd/fpkg: expose nixGL wrappers
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-30 02:02:20 +09:00
66ba4cea5c
cmd/fpkg: remove workDir acl from activation
...
Activation does not require access to workDir, and by this point all information is available in dataHome.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 23:48:45 +09:00
f8d0786509
cmd/fpkg: include nixGL source in inner store
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 23:37:11 +09:00
aff80b6b00
cmd/fpkg: optional network access when invoking with nix daemon
...
This is useful for building nixGL.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 18:32:44 +09:00
a98a176907
cmd/fpkg: bind and document more gpu devices
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 18:25:26 +09:00
5302879b88
cmd/fpkg: improve readability of fortify invocations
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 17:55:56 +09:00
891b3cbde7
cmd/fpkg: compare all three store paths
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 17:10:41 +09:00
c795293f36
cmd/fpkg: clean up broken links before activation
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 15:21:40 +09:00
c1a459a0b1
cmd/fpkg/start: correct drop to shell wording
...
Activation no longer happens during application startup.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-29 00:56:14 +09:00
e0e2f40e84
cmd/fpkg: app bundle helper
...
This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 13:21:49 +09:00
9b206072fa
cmd/fshim: ensure data directory
...
Ensuring home directory in shim causes the directory to be owned by the target user.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 14:39:01 +09:00
0a2aa5823b
cmd/fshim: bind finit inside sandbox
...
The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 14:44:57 +09:00
df6fc298f6
migrate to git.gensokyo.uk/security/fortify
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-20 00:20:02 +09:00
52f21a19f3
cmd/fshim: switch to setup pipe
...
The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-18 19:39:25 +09:00
7be53a2438
cmd/fshim: switch to generic setup func
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-18 17:20:31 +09:00
f69e8e753e
cmd/finit: switch to generic receive func
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-18 16:49:19 +09:00
b453f70ca2
cmd/fsu: check uid range before syscall
...
This limits potential exploits to the fortify uid range.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-17 13:01:36 +09:00
33c95b80ca
cmd/fuserdb: rename home directories
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-07 20:23:46 +09:00
cc816a1aaa
proc: cleaner extra files
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-06 16:05:04 +09:00
b3ef53b193
app: integrate security-context-v1
...
Should be able to get rid of XDG_RUNTIME_DIR share after this.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-06 04:25:33 +09:00
