rosa/hakurei
6
4
Fork 2
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 19 Wiki Activity
2,457 Commits 3 Branches 19 Tags
7eafc7b1e4b895d1986280e192aa8d493fff8d96
Commit Graph

2457 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
cat f773c92411 system: prevent duplicate Wayland op
test / test (push) Successful in 36s
Details 
Wayland is implemented as an Op to enforce dependency and cleanup, its implementation does not allow multiple instances on a single sys object, nor would doing that make any sense.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-07 19:45:37 +09:00
cat 16ab734fcd update README document
test / test (push) Successful in 37s
Details 
A lot of this information is no longer true since fsu. Remove them for now and write up proper documentation later.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 17:04:36 +09:00
cat cc816a1aaa proc: cleaner extra files
test / test (push) Successful in 37s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 16:05:04 +09:00
cat b3ef53b193 app: integrate security-context-v1
test / test (push) Successful in 37s
Details 
Should be able to get rid of XDG_RUNTIME_DIR share after this.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:25:33 +09:00
cat 8d0573405a helper/bwrap: implement sync fd
test / test (push) Successful in 38s
Details 
This is required by wayland security-context-v1.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:21:37 +09:00
cat 38e92edb8e system/wayland: integrate security-context-v1
test / test (push) Successful in 37s
Details 
Had to pass the sync fd through sys. The rest are just part of a standard Op.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:20:15 +09:00
cat 2d606b1f4b wl: implement security-context-v1
test / test (push) Successful in 38s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 04:15:13 +09:00
cat 1b5b089c78 fortify: rename --dbus-id to --id
test / test (push) Successful in 19s
Details 
This value is no longer specific to D-Bus defaults.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 03:26:09 +09:00
cat 6b8ddca7b4 nix: track nixos stable 24.11
test / test (push) Successful in 25s
Details 
Reduce rebuilds during development on my system.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-06 00:44:04 +09:00
cat 95668ac998 nix: expose no_new_session in module
test / test (push) Successful in 14s
Details 
Useful for shells and terminal programs like chat clients.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-28 00:19:06 +09:00
cat b291f0b710 app: add nixos-based config test case
test / test (push) Successful in 20s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-21 12:13:21 +09:00
cat 3a20b149ce update README document
test / test (push) Successful in 26s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-21 11:22:34 +09:00
cat 30b8bce90a fortify: zsh completion
test / test (push) Successful in 22s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-20 01:25:19 +09:00
cat de0d78daae release: 0.2.1
release / release (push) Successful in 1m4s
Details
test / test (push) Successful in 20s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 21:03:50 +09:00
cat 6bf33ce507 fortify: use resolved username
test / test (push) Successful in 21s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 21:03:09 +09:00
cat 9faf3b3596 app: validate username
test / test (push) Successful in 23s
Details 
This value is used for passwd generation. Bad input can cause very confusing issues. This is not a security issue, however validation will improve user experience.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 21:01:41 +09:00
cat d99c8b1fb4 release: 0.2.0
release / release (push) Successful in 44s
Details
test / test (push) Successful in 22s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 18:15:09 +09:00
cat 6e4870775f update README document
test / test (push) Successful in 20s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 18:14:06 +09:00
cat 0a546885e3 nix: update options doc
test / test (push) Successful in 22s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 18:12:35 +09:00
cat 653d69da0a nix: module descriptions
test / test (push) Successful in 24s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 18:10:57 +09:00
cat f8256137ae nix: separate module options from implementation
test / test (push) Successful in 25s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-19 17:08:22 +09:00
cat 54b47b0315 nix: copy pixmaps directory to share package
test / test (push) Successful in 21s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 14:46:08 +09:00
cat ae2628e57a cmd/fshim/ipc: install signal handler on shim start
test / test (push) Successful in 20s
Details 
Getting killed at this point will result in inconsistent state.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 13:33:46 +09:00
cat c026a4b5dc fortify: permissive defaults resolve home directory from os
test / test (push) Successful in 21s
Details 
When starting with the permissive defaults "run" command, attempt to resolve home directory from os by default and fall back to /var/empty.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 13:01:07 +09:00
cat 748a0ae2c8 nix: wrap program from libexec
test / test (push) Successful in 24s
Details 
This avoids renaming the fortify binary.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 12:58:47 +09:00
cat 8f3f0c7bbf nix: integrate dynamic users
test / test (push) Successful in 21s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 02:49:48 +09:00
cat 05b7dbf066 app: alternative inner home path
test / test (push) Successful in 24s
Details 
Support binding home to an alternative path in the mount namespace.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 00:18:21 +09:00
cat 866270ff05 fmsg: add to wg prior to enqueue
test / test (push) Successful in 27s
Details 
Adding after channel write is racy.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 23:50:02 +09:00
cat c1fad649e8 app/start: check for cleanup and abort condition
test / test (push) Successful in 21s
Details 
Dirty fix. Will rewrite after fsu integration complete.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 23:41:52 +09:00
cat b5f01ef20b app: append # for ChangeHosts message with numerical uid
test / test (push) Successful in 21s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 23:40:37 +09:00
cat 2e23cef7bb cmd/fuserdb: generate group entries 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 23:31:06 +09:00
cat 6a6d30af1f cmd/fuserdb: systemd userdb drop-in entries generator
test / test (push) Successful in 20s
Details 
This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-17 02:16:02 +09:00
cat df33123bd7 app: integrate fsu
test / test (push) Successful in 21s
Details 
This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-16 21:19:45 +09:00
cat 1a09b55bd4 nix: remove portal paths from default
test / test (push) Successful in 27s
Details 
Despite presenting itself as a generic desktop integration interface, xdg-desktop portal is highly flatpak-centric and only supports flatpak and snap in practice. It is a significant attack surface to begin with as it is a privileged process which accepts input from unprivileged processes, and the lack of support for anything other than fortify also introduces various information leaks when exposed to fortify as it treats fortified programs as unsandboxed, privileged programs in many cases.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-10 22:24:17 +09:00
cat 9a13b311ac app/config: rename map_real_uid from use_real_uid
test / test (push) Successful in 19s
Details 
This option only changes mapped uid in the user namespace.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-09 12:01:34 +09:00
cat 45fead18c3 cmd/fshim: set no_new_privs flag 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-09 11:50:56 +09:00
cat 431aa32291 nix: remove absolute Exec paths
test / test (push) Successful in 26s
Details 
Absolute paths set for Exec causes the program to be launched as the privileged user.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-08 02:05:47 +09:00
cat 3962705126 nix: keep fshim and finit names
test / test (push) Successful in 22s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 14:59:28 +09:00
cat ad80be721b nix: improve start script
test / test (push) Successful in 23s
Details 
Zsh store path in shebang. Replace writeShellScript with writeScript since runtimeShell is not overridable.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 14:09:41 +09:00
cat f831948bca release: 0.1.0
release / release (push) Successful in 28s
Details
test / test (push) Successful in 21s
Details 
This release significantly changes the command line interface, and updates the NixOS module to finally produce meaningful sandbox configuration.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 04:37:43 +09:00
cat 2e31b3d3a1 update README document
test / test (push) Successful in 32s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 04:35:52 +09:00
cat 4d90e73366 nix: generate strict sandbox configuration
test / test (push) Successful in 22s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 04:25:15 +09:00
cat 3dfc1fcd56 app: support full /dev access
test / test (push) Successful in 22s
Details 
Also moved /dev/fortify to /fortify since it is impossible to create new directories in /dev from the init namespace and bind mounting its contents has undesirable side effects.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 03:49:39 +09:00
cat 89bafd0c22 fortify: root check before command handling
test / test (push) Successful in 22s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-05 12:57:03 +09:00
cat 861bb1274f fortify: override default usage function
test / test (push) Successful in 23s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-05 00:12:31 +09:00
cat 714818c8aa fortify: implement cleaner argument structure
test / test (push) Successful in 24s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-05 00:07:36 +09:00
cat 69cc64ef56 linux: provide access to stdout
test / test (push) Successful in 22s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-04 22:55:46 +09:00
cat fc25ac2523 app: separate auto etc from permissive defaults
test / test (push) Successful in 23s
Details 
Populating /etc with symlinks is quite useful even outside the permissive defaults usage pattern.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-04 22:18:05 +09:00
cat d909b1190a app/config: UseRealUID as true in template
test / test (push) Successful in 24s
Details 
The template is based on a Chromium setup, which this workaround was created for.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-04 19:45:31 +09:00
cat cfd05b10f1 release: 0.0.11
release / release (push) Successful in 28s
Details
test / test (push) Successful in 19s
Details 
This will be the final release before major command line interface changes. This version is tagged as it contains many fixes that still impacts the permissive defaults usage pattern.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-04 13:46:47 +09:00