rosa/hakurei
6
4
Fork 2
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 19 Wiki Activity
2,458 Commits 3 Branches 19 Tags
e192fca762c2a44743474db33e5c807aab68ce6b
Commit Graph

56 Commits

Author SHA1 Message Date
cat df6fc298f6 migrate to git.gensokyo.uk/security/fortify
Tests / Go tests (push) Successful in 2m55s
Details
Nix / NixOS tests (push) Successful in 5m10s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
cat 4b7b899bb3 add package doc comments
test / test (push) Successful in 19s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-28 20:57:59 +09:00
cat 65af1684e3 migrate to git.ophivana.moe/security/fortify
test / test (push) Successful in 14s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-20 19:50:13 +09:00
cat 73a698c7cb ldd: run ldd with read-only filesystem and unshared net 
This is only called on trusted programs, however extra hardening is never a bad idea.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-17 15:37:27 +09:00
cat d41b9d2d9c ldd: separate Parse from Exec and trim space 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 23:51:15 +09:00
cat 6232291cae ldd: implement strict ldd output parser 
Fortify needs to internally resolve helper program sandbox config. They are considered trusted and runs under the privileged UID so ldd output is used to determine libraries they need inside the sandbox environment.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 20:39:27 +09:00