cat
c667b13a00
system: separate link Op implementation
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 2m13s
This Op would still be useful after replacing the Tmpfiles interface, so isolate it here.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-16 12:15:26 +09:00
cat
268a90f1a5
app: improve WAYLAND_DISPLAY correctness
...
Test / Create distribution (push) Successful in 46s
Test / Run NixOS test (push) Successful in 3m35s
This now has identical behaviour as wayland C library.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 14:45:09 +09:00
cat
ddb2f9c11b
app: remove wayland socket hard link
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m32s
This Op was not doing anything useful.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 10:54:00 +09:00
cat
f955b15b84
system: remove write mode tmpfiles
...
Test / Create distribution (push) Successful in 57s
Test / Run NixOS test (push) Successful in 3m42s
This interface is ugly and bug-prone. This change removes its write mode which has been obsoleted by CopyBind.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 03:22:20 +09:00
cat
0340c67995
app: port passwd and group files to copy
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m41s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 03:19:06 +09:00
cat
ea8d1c07df
priv/shim: move /sbin/init setup to app
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m36s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 03:06:10 +09:00
cat
a0062d8275
fmsg: resume on exit
...
Test / Create distribution (push) Successful in 47s
Test / Run NixOS test (push) Successful in 3m32s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 02:22:09 +09:00
cat
1f74b636d3
state/join: use Join method when available
...
Test / Create distribution (push) Successful in 1m4s
Test / Run NixOS test (push) Successful in 4m11s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 14:11:02 +09:00
cat
e431ab3c24
app: check username length against LOGIN_NAME_MAX
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m46s
This limit is arbitrary, but it's good to enforce it anyway.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 12:44:55 +09:00
cat
fe7d208cf7
helper: use generic extra files interface
...
Test / Create distribution (push) Successful in 1m38s
Test / Run NixOS test (push) Successful in 4m36s
This replaces the pipes object and integrates context into helper process lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 23:34:15 +09:00
cat
e14923ae53
helper/proc: move package out of internal
...
Test / Create distribution (push) Successful in 1m32s
Test / Run NixOS test (push) Successful in 4m6s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-08 13:03:45 +09:00
cat
a48386bd56
system/dbus: dump messages on early fault
...
Test / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 4m14s
In the current app implementation this gets dumped in the wait method after resuming output. Wait is never called in an early fault condition, so any error messages get lost.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-07 13:20:56 +09:00
cat
2e52191404
system/dbus: dump method prints msgbuf
...
Test / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 4m1s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-07 13:16:54 +09:00
cat
163f15e93f
helper/seccomp: separate seccomp package
...
Test / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m31s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-25 12:59:11 +09:00
cat
23e1152baa
app/share: clean BaseError message
...
Build / Create distribution (push) Successful in 1m35s
Test / Run NixOS test (push) Successful in 3m42s
This removes trailing '\n' in the PulseAudio warning.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 11:54:16 +09:00
cat
8c51012ef5
dbus: enable syscall filter
...
Build / Create distribution (push) Successful in 1m33s
Test / Run NixOS test (push) Successful in 3m42s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 11:49:23 +09:00
cat
9a239fa1a5
helper/bwrap: integrate seccomp into helper interface
...
Build / Create distribution (push) Successful in 1m36s
Test / Run NixOS test (push) Successful in 3m40s
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 01:52:57 +09:00
cat
82029948e6
proc: append to ExtraFiles slice pointer
...
Build / Create distribution (push) Successful in 1m30s
Test / Run NixOS test (push) Successful in 4m4s
This is useful for initialising extra files before command.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-21 12:51:39 +09:00
cat
dfcdc5ce20
state: store config in separate gob stream
...
Build / Create distribution (push) Successful in 1m37s
Test / Run NixOS test (push) Successful in 3m38s
This enables early serialisation of config.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-21 12:10:58 +09:00
cat
20a3d4c458
proc/priv/shim: resolve and load seccomp rules
...
Build / Create distribution (push) Successful in 1m33s
Test / Run NixOS test (push) Successful in 3m36s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-20 23:52:56 +09:00
cat
3df344828f
proc/priv/shim: seccomp bpf filter via libseccomp
...
Build / Create distribution (push) Successful in 1m59s
Test / Run NixOS test (push) Successful in 4m11s
Rulesets adapted from Flatpak for compatibility.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-20 23:39:47 +09:00
cat
27f5922d5c
fst: include syscall filter configuration
...
Build / Create distribution (push) Successful in 3m0s
Test / Run NixOS test (push) Successful in 5m19s
This value is passed through to shim.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-20 21:12:39 +09:00
cat
3c55fc8e86
proc/priv/shim: do not log bwrap args
...
Build / Create distribution (push) Successful in 1m22s
Test / Run NixOS test (push) Successful in 3m30s
This message is very long and does not serve much real purpose. Remove it to de-clutter verbose messages.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-20 19:51:28 +09:00
cat
eb0ef2d115
helper/bwrap: generic extra file interface
...
Build / Create distribution (push) Successful in 1m32s
Test / Run NixOS test (push) Successful in 3m50s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-20 00:20:04 +09:00
cat
2f70506865
helper/bwrap: move sync to helper state
...
Build / Create distribution (push) Successful in 1m25s
Test / Run NixOS test (push) Successful in 3m33s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-19 18:38:13 +09:00
cat
cae567c109
proc/priv/shim: remove unnecessary state
...
Build / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 3m37s
These values are only used during process creation.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-19 18:09:07 +09:00
cat
b31d055e20
proc/priv/init: early init check
...
Build / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m45s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-18 12:33:33 +09:00
cat
7baca66a56
proc: remove duplicate compile-time fortify reference
...
Build / Create distribution (push) Successful in 1m46s
Test / Run NixOS test (push) Successful in 3m44s
This is no longer needed since shim and init are now part of the main program.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-18 11:59:33 +09:00
cat
27d2914286
proc/priv/init: merge init into main program
...
Build / Create distribution (push) Successful in 1m47s
Test / Run NixOS test (push) Successful in 3m46s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-18 11:47:01 +09:00
cat
ea8f228af3
proc/priv/shim: merge shim into main program
...
Build / Create distribution (push) Successful in 2m15s
Test / Run NixOS test (push) Successful in 2m53s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-17 23:43:32 +09:00
cat
16db3dabe2
internal: do PR_SET_PDEATHSIG once
...
Build / Create distribution (push) Successful in 3m7s
Test / Run NixOS test (push) Successful in 4m40s
This prctl affects the entire process, doing it on every OS thread is pointless.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-17 23:08:46 +09:00
cat
124743ffd3
app: expose single run method
...
Tests / Go tests (push) Successful in 1m1s
Nix / NixOS tests (push) Successful in 3m20s
App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-15 23:39:51 +09:00
cat
562f5ed797
fst: hide sockets exposed via Filesystem
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 2m49s
This is mostly useful for permissive defaults.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-15 10:13:18 +09:00
cat
6acd0d4e88
linux/std: handle fsu exit status 1
...
Tests / Go tests (push) Successful in 34s
Nix / NixOS tests (push) Successful in 2m27s
Printing "exit status 1" is confusing. This handles the ExitError and returns EACCES instead.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-01 21:34:57 +09:00
cat
c4d6651cae
update reverse-DNS style identifiers
...
Tests / Go tests (push) Successful in 1m6s
Nix / NixOS tests (push) Successful in 4m11s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-31 16:16:38 +09:00
cat
bf8094c6ca
internal: include path to fortify main program
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 4m6s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 12:48:48 +09:00
cat
9b206072fa
cmd/fshim: ensure data directory
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m33s
Ensuring home directory in shim causes the directory to be owned by the target user.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 14:39:01 +09:00
cat
b9e2003d5b
app: ensure extra paths
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m37s
The primary use case for extra perms is app-specific state directories, which may or may not exist (first run of any app).
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 14:07:49 +09:00
cat
847b667489
app: extra acl entries from configuration
...
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 13:23:27 +09:00
cat
0107620d8c
app: merge share methods
...
Tests / Go tests (push) Successful in 32s
Nix / NixOS tests (push) Successful in 3m25s
This significantly increases readability and makes order of ops more obvious.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 11:12:35 +09:00
cat
1f173a469c
system/dbus: fix inverted system bus state
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m38s
Debug message and socket cleanup gets missed due to this value being inverted.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-27 18:38:11 +09:00
cat
f608f28a6a
app: mount /dev/kvm in permissive defaults
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 3m21s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-22 12:37:24 +09:00
cat
cb98baa19d
fortify: clean up ps formatting code
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m1s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 20:34:40 +09:00
cat
7a8b625a57
app: rename /fortify to /.fortify
...
Tests / Go tests (push) Successful in 35s
Nix / NixOS tests (push) Successful in 2m57s
Also removed the inner share tmpfs mount.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 18:11:32 +09:00
cat
74fe74e6b5
app: do not fail on missing cookie
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 2m55s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-21 17:56:21 +09:00
cat
b9cc318314
system: implement Enablements String method
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 3m9s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-20 23:21:19 +09:00
cat
ed10574dea
state: store join util
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 3m5s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-20 19:05:39 +09:00
cat
df6fc298f6
migrate to git.gensokyo.uk/security/fortify
...
Tests / Go tests (push) Successful in 2m55s
Nix / NixOS tests (push) Successful in 5m10s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-20 00:20:02 +09:00
cat
eae3034260
state: expose aids and use instance id as key
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 3m26s
Fortify state store instances was specific to aids due to outdated design decisions carried over from the ego rewrite. That no longer makes sense in the current application, so the interface now enables a single store object to manage all transient state.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-19 21:36:17 +09:00
cat
f796622c35
state: rename simple store implementation
...
Tests / Go tests (push) Successful in 42s
Nix / NixOS tests (push) Successful in 3m4s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe >
2024-12-19 11:48:48 +09:00
cat
