rosa/hakurei
6
4
Fork 2
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 20 Wiki Activity

Commit Graph

  • f885dede9b sandbox/seccomp: unexport println wrapper cat 2025-04-07 04:07:20 +09:00
  • e9a7cd526f app: improve shim process management cat 2025-04-05 23:51:39 +09:00
  • 12be7bc78e release: 0.3.3 cat 2025-04-01 01:42:10 +09:00
  • 0ba8be659f sandbox: document less obvious parts of setup cat 2025-04-01 01:21:04 +09:00
  • 022242a84a app: wayland socket in process share cat 2025-04-01 00:53:04 +09:00
  • 8aeb06f53c app: share path setup on demand cat 2025-03-31 23:14:00 +09:00
  • 4036da3b5c fst: optional configured shell path cat 2025-03-31 19:31:37 +09:00
  • 986105958c fortify: update show output cat 2025-03-31 04:54:10 +09:00
  • ecdd4d8202 fortify: clean ps output cat 2025-03-31 04:41:08 +09:00
  • bdee0c3921 nix: update flake lock cat 2025-03-30 23:15:18 +09:00
  • 48f634d046 release: 0.3.2 cat 2025-03-30 23:05:57 +09:00
  • 2a46f5bb12 sandbox/seccomp: update doc comment cat 2025-03-30 23:00:20 +09:00
  • 7f2c0af5ad fst: set multiarch bit cat 2025-03-30 22:55:00 +09:00
  • 297b444dfb test: separate app and sandbox cat 2025-03-30 22:03:48 +09:00
  • 89a05909a4 test: move test program to sandbox directory cat 2025-03-30 21:09:16 +09:00
  • f772940768 test/sandbox: treat ESRCH as temporary failure cat 2025-03-30 03:50:59 +09:00
  • 8886c40974 test/sandbox: separate check filter cat 2025-03-29 22:34:51 +09:00
  • 8b62e08b44 test: build test program in nixos config cat 2025-03-29 19:33:17 +09:00
  • 72c59f9229 nix: check share/applications in share package cat 2025-03-29 19:28:20 +09:00
  • ff3cfbb437 test/sandbox: check seccomp outcome cat 2025-03-28 02:24:27 +09:00
  • c13eb70d7d sandbox/seccomp: add fortify default sample cat 2025-03-28 02:02:02 +09:00
  • 389402f955 test/sandbox/ptrace: generic filter block type cat 2025-03-28 01:47:24 +09:00
  • 660a2898dc test/sandbox/ptrace: dump seccomp bpf program cat 2025-03-28 01:09:26 +09:00
  • faf59e12c0 test/sandbox: expose test tool cat 2025-03-28 00:08:47 +09:00
  • d97a03c7c6 test/sandbox: separate test tool source cat 2025-03-27 23:43:13 +09:00
  • a102178019 sys: update doc comment cat 2025-03-27 22:43:17 +09:00
  • e400862a12 state/multi: fix backend cache population race cat 2025-03-27 22:37:08 +09:00
  • 184e9db2b2 sandbox: support privileged container cat 2025-03-27 19:40:19 +09:00
  • 605d018be2 app/seal: check for '=' in envv cat 2025-03-27 18:25:23 +09:00
  • 78aaae7ee0 helper/args: copy args on wt creation cat 2025-03-27 17:30:40 +09:00
  • 5c82f1ed3e helper/stub: output to stdout cat 2025-03-27 17:25:10 +09:00
  • f8502c3ece test/sandbox: check environment cat 2025-03-27 03:16:33 +09:00
  • 996b42634d test/sandbox: invoke check program directly cat 2025-03-27 03:09:16 +09:00
  • 300571af47 app: pass through $SHELL cat 2025-03-27 01:22:40 +09:00
  • 32c90ef4e7 nix: pass through exec arguments cat 2025-03-27 01:08:53 +09:00
  • 2a4e2724a3 release: 0.3.1 cat 2025-03-26 07:48:50 +09:00
  • d613257841 sandbox/init: clear inheritable set cat 2025-03-26 07:46:13 +09:00
  • 18644d90be sandbox: wrap capset syscall cat 2025-03-26 07:44:07 +09:00
  • 52fcc48ac1 sandbox/init: drop capabilities cat 2025-03-26 06:28:32 +09:00
  • 8b69bcd215 sandbox: cache kernel.cap_last_cap value cat 2025-03-26 06:19:19 +09:00
  • 2dd49c437c app: create XDG_RUNTIME_DIR with perm 0700 cat 2025-03-26 02:49:37 +09:00
  • 92852d8235 release: 0.3.0 cat 2025-03-26 02:18:59 +09:00
  • 371dd5b938 nix: create current-system symlink cat 2025-03-26 02:06:11 +09:00
  • 4836d570ae test: raise long timeout to 15 seconds cat 2025-03-26 01:59:05 +09:00
  • 985f9442e6 sandbox: copy symlink with magic prefix cat 2025-03-26 01:42:39 +09:00
  • 67eb28466d nix: create opengl-driver symlink cat 2025-03-25 20:52:20 +09:00
  • c326c3f97d fst/sandbox: do not create /etc in advance cat 2025-03-25 20:00:34 +09:00
  • 971c79bb80 sandbox: remove hardcoded parent perm cat 2025-03-25 19:49:51 +09:00
  • f86d868274 sandbox: wrap error with its own text message cat 2025-03-25 19:42:20 +09:00
  • 33940265a6 sandbox: do not ensure symlink target cat 2025-03-25 19:30:53 +09:00
  • b39f3aeb59 helper: remove bubblewrap wrapper cat 2025-03-25 05:35:02 +09:00
  • 61dbfeffe7 sandbox/wl: move into sandbox cat 2025-03-25 05:26:37 +09:00
  • 532feb4bfa app: merge shim into app package cat 2025-03-25 05:21:47 +09:00
  • ec5e91b8c9 system: optimise string formatting cat 2025-03-25 04:42:30 +09:00
  • ee51320abf test: check revert type selection cat 2025-03-25 04:37:58 +09:00
  • 5c4058d5ac app: run in native sandbox cat 2025-03-25 01:52:49 +09:00
  • e732dca762 wl: fix sync pipe keepalive cat 2025-03-25 01:33:37 +09:00
  • a9adcd914b fortify/parse: omit try fd fallthrough message cat 2025-03-25 01:21:11 +09:00
  • 3dd4ff29c8 test/sandbox: check mount table length cat 2025-03-24 16:36:53 +09:00
  • 61d86c5e10 test/sandbox: fix stdout tty check cat 2025-03-24 16:23:06 +09:00
  • d097eaa28f test/sandbox: unquote fail messages cat 2025-03-24 16:03:53 +09:00
  • ad3576c164 sandbox: resolve tty name cat 2025-03-24 15:28:25 +09:00
  • b989a4601a test/sandbox: fail on mismatched mount entry cat 2025-03-24 13:34:25 +09:00
  • a11237b158 sandbox/vfs: add doc comments cat 2025-03-24 13:21:55 +09:00
  • 40f00d570e sandbox: set mkdir perm cat 2025-03-24 12:45:19 +09:00
  • 0eb1bc6301 test/sandbox: verify outcome via mountinfo cat 2025-03-24 01:39:31 +09:00
  • 1eb837eab8 test/sandbox: warn about misuse in doc comment cat 2025-03-23 23:28:28 +09:00
  • 0a4e633db2 nix: filter test from source cat 2025-03-23 22:20:19 +09:00
  • e8809125d4 sandbox: verify outcome via mountinfo cat 2025-03-23 22:17:36 +09:00
  • 806ce18c0a test/sandbox: check mapuid outcome cat 2025-03-23 17:40:02 +09:00
  • b71d2bf534 test/sandbox: check tty outcome cat 2025-03-23 17:28:57 +09:00
  • 46059b1840 test/sandbox: print mismatching file content cat 2025-03-23 17:24:52 +09:00
  • d2c329bcea test: format path aid offsets cat 2025-03-23 15:36:23 +09:00
  • 2d379b5a38 test/sandbox: pass want file as argument cat 2025-03-23 15:00:59 +09:00
  • 75e0c5d406 test/sandbox: parse full test case cat 2025-03-23 14:14:45 +09:00
  • 770b37ae16 sandbox/vfs: match MS_NOSYMFOLLOW flag cat 2025-03-23 13:57:30 +09:00
  • c638193268 sandbox: apply vfs options to bind mounts cat 2025-03-23 05:27:57 +09:00
  • 8c3a817881 sandbox/vfs: unfold mount hierarchy cat 2025-03-23 05:08:04 +09:00
  • e2fce321c1 sandbox/vfs: expose mountinfo line scanning cat 2025-03-22 18:22:29 +09:00
  • 241702ae3a go: 1.23 cat 2025-03-22 16:41:15 +09:00
  • d21d9c5b1d sandbox/vfs: parse vfs options cat 2025-03-21 17:12:10 +09:00
  • a70daf2250 sandbox: resolve inverted flags in op cat 2025-03-21 12:58:38 +09:00
  • 632b18addd test/sandbox: rename misleading bind destination cat 2025-03-21 12:29:15 +09:00
  • a57a7a6a16 test/sandbox: check type handling host_passthrough cat 2025-03-21 12:21:08 +09:00
  • 5098b12e4a sandbox/vfs: count mountinfo entries cat 2025-03-21 12:14:33 +09:00
  • 9ddf5794dd sandbox/vfs: implement proc_pid_mountinfo(5) parser cat 2025-03-20 19:04:10 +09:00
  • b74a08dda9 sandbox: prepare ops early cat 2025-03-18 02:17:46 +09:00
  • 1b9408864f sandbox: pass cmd to cancel function cat 2025-03-17 22:36:39 +09:00
  • cc89dbdf63 sandbox: place files with content cat 2025-03-17 22:13:22 +09:00
  • 228f3301f2 sandbox: create directories cat 2025-03-17 22:03:06 +09:00
  • 07181138e5 sandbox/mount: pass absolute path cat 2025-03-17 21:53:31 +09:00
  • 816b372f14 sandbox: cancel process on serve error cat 2025-03-17 21:49:45 +09:00
  • d7eddd54a2 sandbox: rename params struct cat 2025-03-17 21:45:08 +09:00
  • 7c063833e0 internal/sys: wrap getuid/getgid cat 2025-03-17 17:10:03 +09:00
  • af3619d440 sandbox: create symlinks cat 2025-03-17 16:37:56 +09:00
  • 528674cb6e sandbox/init: fail early on nil op cat 2025-03-17 16:17:03 +09:00
  • 70c9757e26 sandbox/mount: rename device flag cat 2025-03-17 16:10:55 +09:00
  • c83a7e2efc sandbox: mount container /dev/mqueue cat 2025-03-17 15:42:40 +09:00
  • 904208b87f sandbox: unwrap path string cat 2025-03-17 15:33:20 +09:00
  • 007b52d81f sandbox/seccomp: check for both partial read outcomes cat 2025-03-17 12:51:21 +09:00