maemachinebroke/hakurei
1
0
Fork 0
forked from rosa/hakurei
Code Pull Requests Activity
2,111 Commits 7 Branches 12 Tags
fd1884a84b0332213a5e56b1f91b7aa7357e0b3c
Commit Graph

214 Commits

Author SHA1 Message Date
cat 6bf245cf1b container: pass context as setup state 
This is useful currently for daemon Op, but could be used for many other things.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 06:06:19 +09:00
cat 5785714b64 container: call op method right before initial process 
This is at a point considered to be already "within" the container. Daemons internal to the container can be started here.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-12-08 04:57:24 +09:00
cat b73a789dfe .clang-format: increase indent width 
This significantly increases readability. This patch is pretty big so it is being done after mostly everything has settled.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-16 20:57:29 +09:00
cat 41b49137a8 .clang-format: do not limit line length 
This hard limit destroys readability in some places.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-15 17:06:43 +09:00
cat 47244daefb treewide: migrate ldd callers 
This discontinues use of the deprecated ldd.Exec function for #25.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 21:59:59 +09:00
cat 299685775a container: provide usage example 
This requires cgo so unfortunately will not run in the playground.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 18:25:22 +09:00
cat 6d14bb814f container/fhs: add constant for /dev/shm/ 
This is mounted for the default read-only /dev/ when programs want to use shm_open(3). Defining it here is less error-prone and saves the extra append at runtime.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-14 01:03:26 +09:00
cat abeb67964f treewide: document linkname uses 
These provide justification for each use of linkname. Poorly thought out uses of linkname are removed.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-13 07:14:16 +09:00
cat ac34635890 container: set FD_CLOEXEC on all open files 
While fd created from this side always has the FD_CLOEXEC flag, the same is not true for files left open by the parent. This change prevents those files from leaking into the container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-12 00:18:29 +09:00
cat 9dec9dbc4b container/init: close setup pipe early 
This prevents leaking the setup pipe.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-11 07:31:58 +09:00
cat 2f74adc8bd container/init: close initial process files on termination 
This closes them during the adopt wait delay. This also keeps them alive.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-10 20:35:59 +09:00
cat 38e9128a8c container/std/seccomp: remove ineffectual typecast 
This is no longer necessary since the return type changed.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-07 05:45:51 +09:00
cat 7ee702a44e container/seccomp/presets: add fields to literals 
This keeps composites analysis happy.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-07 05:11:57 +09:00
cat 3d188ef884 std: separate seccomp constants 
This avoids inadvertently using PNRs as syscall numbers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-07 04:30:06 +09:00
cat 042013bb04 container/std: syscall JSON adapter 
This provides cross-platform JSON adapter for syscall number.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-06 00:57:53 +09:00
cat 5c2b63a7f1 container: add 386 constants 
While it is unlikely a use case for hakurei on i686 exists, it does not hurt to have this support.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 20:21:14 +09:00
cat 9fd97e71d0 treewide: fit test untyped int literals in 32-bit 
This enables hakurei test suite to run on 32-bit targets.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 20:13:19 +09:00
cat fba201c995 container/std: relocate rule types 
This enables its use in hst for #15.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 06:00:39 +09:00
cat 7f27a6dc51 container/seccomp: use native types 
This prepares NativeRule for relocation to std for #15.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 05:48:59 +09:00
cat b65aba9446 container/seccomp: alias libseccomp types 
This enables tests to refer to these types and check its size.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 05:21:43 +09:00
cat becaf8b6d7 std: relocate seccomp lookup tables 
This should enable resolving NativeRule in hst.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 04:48:05 +09:00
cat 54c0d6bf48 container/seccomp/pnr: define pseudo syscalls 
This eliminates the cgo dependency from syscall lookup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 04:32:41 +09:00
cat c1399f5030 std: rename from comp 
Seccomp lookup tables are going to be relocated here, and PNR constants.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-05 02:47:43 +09:00
cat cb9ebf0e15 hst/grp_pwd: specify new uid format 
This leaves slots available for additional uid ranges in Rosa OS.

This breaks all existing installations! Users are required to fix ownership manually.

Closes #18.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-04 08:24:41 +09:00
cat ae66b3d2fb message: rename NewMsg to New 
Should have done this when relocating this from container. Now is a good time to rename it before v0.3.x.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-11-03 01:49:27 +09:00
cat 68ff0a2ba6 container/params: expose pipe 
This increases flexibility of how caller wants to handle the I/O. Also makes it no longer rely on finalizer.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-31 22:39:02 +09:00
cat e9d00b9071 container/executable: handle nil msg 
This is useful in some tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-25 21:08:54 +09:00
cat 0fd357e7f6 container/init: do not suspend output 
Init is not very talkative after process start even when verbose. Suspending output here is pointless and does more harm than good.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-23 08:11:00 +09:00
cat 57231d4acf container/init: improve signal handling 
The SIGTERM signal is delivered in many other cases and can lead to strange behaviour. The unconditional resume of the logger also causes strange behaviour in the cancellation forwarding path. This change also passes through additional signals.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-23 08:02:03 +09:00
cat c5f59c5488 container/syscall: export prctl wrapper 
This is useful as package "syscall" does not provide such a wrapper. This change also improves error handling to fully conform to the manpage.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-22 05:26:54 +09:00
cat 622f945c22 container/init: check msg in entrypoint 
This covers invalid call to Init.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-22 04:20:08 +09:00
cat e94acc424c container/comp: rename from bits 
This package will also hold syscall lookup tables for seccomp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-21 20:54:03 +09:00
cat b9459a80c7 container/init: check use constants for open flags 
These bits are arch-specific.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-21 03:13:58 +09:00
cat f8189d1488 container/syscall: dot-import syscall 
This avoids having arch-specific constants for arm64.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-21 03:09:14 +09:00
cat ae65491223 container/init: use one channel for wait4 
When using two channels it is possible for the other case to be reached before all pending winfo are consumed, causing incorrect reporting.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-15 21:35:19 +09:00
cat e5ff40e7d3 container: synchronise after notify 
This should eliminate intermittent failures in the forward test.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-13 19:17:19 +09:00
cat 123d7fbfd5 container/seccomp: remove export pipe 
This was only useful when wrapping bwrap.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-13 18:51:35 +09:00
cat 7638a44fa6 treewide: parallel tests 
Most tests already had no global state, however parallel was never enabled. This change enables it for all applicable tests.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-13 04:38:48 +09:00
cat bff2a1e748 container/initplace: remove indirect method 
This is no longer useful and is highly error-prone.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-13 01:06:45 +09:00
cat f5a597c406 hst: rename /.hakurei constant 
This provides disambiguation from fhs.AbsTmp.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-11 14:32:35 +09:00
cat 50f6fcb326 container/stub: mark test overrides as helper 
This fixes line information in test reporting messages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-10 22:15:20 +09:00
cat a941ac025f container/init: unwrap descriptive fatal error 
These errors are printed with a descriptive message prefixed to them, so it is more readable to expose the underlying errno.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-09 22:04:35 +09:00
cat 87b5c30ef6 message: relocate from container 
This package is quite useful. This change allows it to be imported without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-09 05:18:19 +09:00
cat 1f0226f7e0 container/check: relocate overlay escape 
This is used in hst to format strings.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 23:56:19 +09:00
cat 584ce3da68 container/bits: move bind bits 
This allows referring to the bits without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 21:38:31 +09:00
cat 5d18af0007 container/fhs: move pathname constants 
This allows referencing FHS pathnames without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 21:29:16 +09:00
cat 0e6c1a5026 container/check: move absolute pathname 
This allows use of absolute pathname values without importing container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 20:57:58 +09:00
cat 3ce63e95d7 container: move seccomp preset bits 
This allows holding the bits without cgo.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-10-07 18:28:20 +09:00
cat 46cd3a28c8 container: remove global msg 
This frees all container instances of side effects.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-29 06:11:47 +09:00
cat e55822c62f container/init: reduce verbose noise 
This makes it possible to optionally omit the identifying verbose message, for when the Op implementation can provide a much more useful message in its case, using information not yet available to the String method.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-09-28 21:51:10 +09:00