cat
2c9c7fee5b
linux: wrap fsu lookup error
...
Test / Create distribution (push) Successful in 35s
Test / Run NixOS test (push) Successful in 5m58s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-18 17:39:53 +09:00
cat
d0400f3c81
fmsg: PrintBaseError skip empty message
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 3m22s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-18 17:01:26 +09:00
cat
e9b0f9faef
fmsg: export logBaseError function
...
Test / Create distribution (push) Successful in 25s
Test / Run NixOS test (push) Successful in 3m16s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-18 13:02:51 +09:00
cat
90cb01b274
system: move out of internal
...
Test / Create distribution (push) Successful in 25s
Test / Run NixOS test (push) Successful in 3m17s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-17 19:00:43 +09:00
cat
b1e1d5627e
system: wrap console output functions
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 3m13s
This eliminates all fmsg imports from internal/system.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-17 18:17:55 +09:00
cat
3ae2ab652e
system/wayland: sync file at caller specified address
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 3m14s
Storing this in sys is incredibly ugly: sys should be stateless and Ops must keep track of their state.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-17 13:24:17 +09:00
cat
db71fbe22b
system/tmpfiles: fail gracefully in API misuse
...
Test / Create distribution (push) Successful in 25s
Test / Run NixOS test (push) Successful in 3m25s
Panicking here leaves garbage behind. Not ideal if this package is going to be exported.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-17 12:17:01 +09:00
cat
82a072f641
system/tmpfiles: implement private tmpfiles
...
Test / Create distribution (push) Successful in 19s
Test / Run NixOS test (push) Successful in 3m30s
These are only available within the mount namespace and should significantly reduce attack surface.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-17 00:07:52 +09:00
cat
468696f611
internal: beforeExit before reachable fatal calls
...
Test / Create distribution (push) Successful in 18s
Test / Run NixOS test (push) Successful in 47s
These are the only two calls to log.Fatal* reachable during suspended output. Call fmsg.BeforeExit here to catch that.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-16 19:03:34 +09:00
cat
29c38caac8
app/shim/manager: return error on bad fsu path
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 2m9s
This results in a graceful failure that does not leave garbage behind.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-16 18:59:45 +09:00
cat
e599b5583d
fmsg: implement suspend in writer
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 2m18s
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-16 18:51:53 +09:00
cat
33a4ab11c2
internal: move shim and init into app
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 2m7s
This structure makes more sense, as both processes are part of an app's lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-16 16:28:46 +09:00
cat
c667b13a00
system: separate link Op implementation
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 2m13s
This Op would still be useful after replacing the Tmpfiles interface, so isolate it here.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-16 12:15:26 +09:00
cat
268a90f1a5
app: improve WAYLAND_DISPLAY correctness
...
Test / Create distribution (push) Successful in 46s
Test / Run NixOS test (push) Successful in 3m35s
This now has identical behaviour as wayland C library.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 14:45:09 +09:00
cat
ddb2f9c11b
app: remove wayland socket hard link
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m32s
This Op was not doing anything useful.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 10:54:00 +09:00
cat
f955b15b84
system: remove write mode tmpfiles
...
Test / Create distribution (push) Successful in 57s
Test / Run NixOS test (push) Successful in 3m42s
This interface is ugly and bug-prone. This change removes its write mode which has been obsoleted by CopyBind.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 03:22:20 +09:00
cat
0340c67995
app: port passwd and group files to copy
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m41s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 03:19:06 +09:00
cat
ea8d1c07df
priv/shim: move /sbin/init setup to app
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m36s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 03:06:10 +09:00
cat
a0062d8275
fmsg: resume on exit
...
Test / Create distribution (push) Successful in 47s
Test / Run NixOS test (push) Successful in 3m32s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-15 02:22:09 +09:00
cat
1f74b636d3
state/join: use Join method when available
...
Test / Create distribution (push) Successful in 1m4s
Test / Run NixOS test (push) Successful in 4m11s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 14:11:02 +09:00
cat
e431ab3c24
app: check username length against LOGIN_NAME_MAX
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m46s
This limit is arbitrary, but it's good to enforce it anyway.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-14 12:44:55 +09:00
cat
fe7d208cf7
helper: use generic extra files interface
...
Test / Create distribution (push) Successful in 1m38s
Test / Run NixOS test (push) Successful in 4m36s
This replaces the pipes object and integrates context into helper process lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-13 23:34:15 +09:00
cat
e14923ae53
helper/proc: move package out of internal
...
Test / Create distribution (push) Successful in 1m32s
Test / Run NixOS test (push) Successful in 4m6s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-08 13:03:45 +09:00
cat
a48386bd56
system/dbus: dump messages on early fault
...
Test / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 4m14s
In the current app implementation this gets dumped in the wait method after resuming output. Wait is never called in an early fault condition, so any error messages get lost.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-07 13:20:56 +09:00
cat
2e52191404
system/dbus: dump method prints msgbuf
...
Test / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 4m1s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-02-07 13:16:54 +09:00
cat
163f15e93f
helper/seccomp: separate seccomp package
...
Test / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m31s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-25 12:59:11 +09:00
cat
23e1152baa
app/share: clean BaseError message
...
Build / Create distribution (push) Successful in 1m35s
Test / Run NixOS test (push) Successful in 3m42s
This removes trailing '\n' in the PulseAudio warning.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 11:54:16 +09:00
cat
8c51012ef5
dbus: enable syscall filter
...
Build / Create distribution (push) Successful in 1m33s
Test / Run NixOS test (push) Successful in 3m42s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 11:49:23 +09:00
cat
9a239fa1a5
helper/bwrap: integrate seccomp into helper interface
...
Build / Create distribution (push) Successful in 1m36s
Test / Run NixOS test (push) Successful in 3m40s
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-22 01:52:57 +09:00
cat
82029948e6
proc: append to ExtraFiles slice pointer
...
Build / Create distribution (push) Successful in 1m30s
Test / Run NixOS test (push) Successful in 4m4s
This is useful for initialising extra files before command.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-21 12:51:39 +09:00
cat
dfcdc5ce20
state: store config in separate gob stream
...
Build / Create distribution (push) Successful in 1m37s
Test / Run NixOS test (push) Successful in 3m38s
This enables early serialisation of config.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-21 12:10:58 +09:00
cat
20a3d4c458
proc/priv/shim: resolve and load seccomp rules
...
Build / Create distribution (push) Successful in 1m33s
Test / Run NixOS test (push) Successful in 3m36s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-20 23:52:56 +09:00
cat
3df344828f
proc/priv/shim: seccomp bpf filter via libseccomp
...
Build / Create distribution (push) Successful in 1m59s
Test / Run NixOS test (push) Successful in 4m11s
Rulesets adapted from Flatpak for compatibility.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-20 23:39:47 +09:00
cat
27f5922d5c
fst: include syscall filter configuration
...
Build / Create distribution (push) Successful in 3m0s
Test / Run NixOS test (push) Successful in 5m19s
This value is passed through to shim.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-20 21:12:39 +09:00
cat
3c55fc8e86
proc/priv/shim: do not log bwrap args
...
Build / Create distribution (push) Successful in 1m22s
Test / Run NixOS test (push) Successful in 3m30s
This message is very long and does not serve much real purpose. Remove it to de-clutter verbose messages.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-20 19:51:28 +09:00
cat
eb0ef2d115
helper/bwrap: generic extra file interface
...
Build / Create distribution (push) Successful in 1m32s
Test / Run NixOS test (push) Successful in 3m50s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-20 00:20:04 +09:00
cat
2f70506865
helper/bwrap: move sync to helper state
...
Build / Create distribution (push) Successful in 1m25s
Test / Run NixOS test (push) Successful in 3m33s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-19 18:38:13 +09:00
cat
cae567c109
proc/priv/shim: remove unnecessary state
...
Build / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 3m37s
These values are only used during process creation.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-19 18:09:07 +09:00
cat
b31d055e20
proc/priv/init: early init check
...
Build / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m45s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-18 12:33:33 +09:00
cat
7baca66a56
proc: remove duplicate compile-time fortify reference
...
Build / Create distribution (push) Successful in 1m46s
Test / Run NixOS test (push) Successful in 3m44s
This is no longer needed since shim and init are now part of the main program.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-18 11:59:33 +09:00
cat
27d2914286
proc/priv/init: merge init into main program
...
Build / Create distribution (push) Successful in 1m47s
Test / Run NixOS test (push) Successful in 3m46s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-18 11:47:01 +09:00
cat
ea8f228af3
proc/priv/shim: merge shim into main program
...
Build / Create distribution (push) Successful in 2m15s
Test / Run NixOS test (push) Successful in 2m53s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-17 23:43:32 +09:00
cat
16db3dabe2
internal: do PR_SET_PDEATHSIG once
...
Build / Create distribution (push) Successful in 3m7s
Test / Run NixOS test (push) Successful in 4m40s
This prctl affects the entire process, doing it on every OS thread is pointless.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-17 23:08:46 +09:00
cat
124743ffd3
app: expose single run method
...
Tests / Go tests (push) Successful in 1m1s
Nix / NixOS tests (push) Successful in 3m20s
App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-15 23:39:51 +09:00
cat
562f5ed797
fst: hide sockets exposed via Filesystem
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 2m49s
This is mostly useful for permissive defaults.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-15 10:13:18 +09:00
cat
6acd0d4e88
linux/std: handle fsu exit status 1
...
Tests / Go tests (push) Successful in 34s
Nix / NixOS tests (push) Successful in 2m27s
Printing "exit status 1" is confusing. This handles the ExitError and returns EACCES instead.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2025-01-01 21:34:57 +09:00
cat
c4d6651cae
update reverse-DNS style identifiers
...
Tests / Go tests (push) Successful in 1m6s
Nix / NixOS tests (push) Successful in 4m11s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-31 16:16:38 +09:00
cat
bf8094c6ca
internal: include path to fortify main program
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 4m6s
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-26 12:48:48 +09:00
cat
9b206072fa
cmd/fshim: ensure data directory
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m33s
Ensuring home directory in shim causes the directory to be owned by the target user.
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 14:39:01 +09:00
cat
b9e2003d5b
app: ensure extra paths
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m37s
The primary use case for extra perms is app-specific state directories, which may or may not exist (first run of any app).
Signed-off-by: Ophestra <cat@gensokyo.uk >
2024-12-28 14:07:49 +09:00
cat
