118 Commits

Author	SHA1	Message	Date
cat	4bb5d9780f	ldd: run in native sandbox ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 17:55:55 +09:00
cat	9b1a60b5c9	sandbox: native container tooling ... This should eventually replace bwrap. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 21:36:26 +09:00
cat	2d4cabe786	nix: increase nixfmt max width ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-28 14:43:46 +09:00
cat	673b648bd3	cmd/fpkg: call app in-process ... Wrapping fortify is slow, painful and error-prone. Start apps in-process instead. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-26 19:51:44 +09:00
cat	c21a4cff14	nix: wrap fpkg ... This is usable on nixos now due to the static build. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-26 12:24:04 +09:00
cat	6d4ac3d9fd	internal: store fortify path in internal ... This now makes more sense due to the changes in build system. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-26 12:03:25 +09:00
cat	751aa350ee	nix: exclude files ending in ".py" ... This reduces rebuilds when debugging nixos tests. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-24 17:41:56 +09:00
cat	71135f339a	release: 0.2.18 ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-23 18:52:33 +09:00
cat	8bf162820b	nix: separate fsu from package ... This appears to be the only way to build them with different configuration. This enables static linking in the main package. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-23 18:13:37 +09:00
cat	2e7e160683	release: 0.2.17 ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-23 02:59:31 +09:00
cat	9d9a165379	release: 0.2.16 ... Mostly refactor and cleanup, but also contains major fix to process lifecycle management. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 23:39:16 +09:00
cat	83e72c2b59	release: 0.2.15 ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 00:13:04 +09:00
cat	90b86a5531	release: 0.2.14 ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 23:05:02 +09:00
cat	820f48ef94	release: 0.2.13 ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-13 23:45:54 +09:00
cat	21735a8abe	release: 0.2.12 ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 13:40:48 +09:00
cat	7106b00968	release: 0.2.11 ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-23 20:49:49 +09:00
cat	3df344828f	proc/priv/shim: seccomp bpf filter via libseccomp ... Rulesets adapted from Flatpak for compatibility. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 23:39:47 +09:00
cat	1ec901f79e	release: 0.2.10 ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 22:50:08 +09:00
cat	7baca66a56	proc: remove duplicate compile-time fortify reference ... This is no longer needed since shim and init are now part of the main program. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:59:33 +09:00
cat	27d2914286	proc/priv/init: merge init into main program ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:47:01 +09:00
cat	ea8f228af3	proc/priv/shim: merge shim into main program ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 23:43:32 +09:00
cat	c4de450217	nix: do not force static linking on nix ... In a typical Nix or NixOS-based setup, the entire /nix/store directory is available to the sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 22:56:16 +09:00
cat	b60c01f440	fortify: switch to static linking ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-16 17:32:52 +09:00
cat	be4d8b6300	release: 0.2.9 ... This release mostly contains permissive defaults fixes and optimisations. It also contains a proof of concept version of fpkg. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-15 13:14:43 +09:00
cat	bf8094c6ca	internal: include path to fortify main program ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 12:48:48 +09:00
cat	2e3bb1893e	release: 0.2.8 ... This release mostly fixes bugs uncovered when running fortify on a generic linux distribution. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 01:09:47 +09:00
cat	c109ac2653	release: 0.2.7 ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-22 13:34:50 +09:00
cat	5c73acb56f	release: 0.2.6 ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-22 01:18:21 +09:00
cat	ed8ee5eb4b	nix: filter nix files from src ... This prevents constant rebuilds when debugging integration tests. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-21 17:39:42 +09:00
cat	195b717e01	release: 0.2.5 ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:28:48 +09:00
cat	df6fc298f6	migrate to git.gensokyo.uk/security/fortify ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
cat	9f95f60400	release: 0.2.4 ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 23:52:52 +09:00
cat	38653c6ab5	release: 0.2.3 ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 14:06:17 +09:00
cat	138666d753	nix: skip acl test ... The nix build environment does not support ACLs. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 19:29:01 +09:00
cat	e3f1d7ba60	release: 0.2.2 ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 21:47:22 +09:00
cat	2d606b1f4b	wl: implement security-context-v1 ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:15:13 +09:00
cat	30b8bce90a	fortify: zsh completion ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-20 01:25:19 +09:00
cat	de0d78daae	release: 0.2.1 ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 21:03:50 +09:00
cat	d99c8b1fb4	release: 0.2.0 ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 18:15:09 +09:00
cat	748a0ae2c8	nix: wrap program from libexec ... This avoids renaming the fortify binary. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 12:58:47 +09:00
cat	6a6d30af1f	cmd/fuserdb: systemd userdb drop-in entries generator ... This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 02:16:02 +09:00
cat	df33123bd7	app: integrate fsu ... This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
cat	3962705126	nix: keep fshim and finit names ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 14:59:28 +09:00
cat	f831948bca	release: 0.1.0 ... This release significantly changes the command line interface, and updates the NixOS module to finally produce meaningful sandbox configuration. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 04:37:43 +09:00
cat	cfd05b10f1	release: 0.0.11 ... This will be the final release before major command line interface changes. This version is tagged as it contains many fixes that still impacts the permissive defaults usage pattern. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 13:46:47 +09:00
cat	88abcbe0b2	cmd/fsu: remove import of internal package ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 12:32:14 +09:00
cat	584732f80a	cmd: shim and init into separate binaries ... This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
cat	563c39c2d9	release: 0.0.10 ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 20:38:10 +09:00
cat	aa1f96eeeb	fsu: check parent executable path ... Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 18:52:23 +09:00
cat	d9cb2a9f2b	fsu: implement simple setuid user switcher ... Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 00:02:34 +09:00