rosa/hakurei
6
4
Fork 2
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 20 Wiki Activity

Commit Graph

  • efacaa40fa nix: set deny_devel correctly cat 2025-01-24 00:50:35 +09:00
  • ad6d0ee55f workflows: rename integration test artifact cat 2025-01-24 00:30:39 +09:00
  • cf791469d8 workflows: gc store and purge old caches cat 2025-01-24 00:25:57 +09:00
  • be14421775 workflows: merge test build job into test cat 2025-01-24 00:22:44 +09:00
  • 045983d7f4 wl: separate inline C cat 2025-01-23 22:06:29 +09:00
  • 7106b00968 release: 0.2.11 cat 2025-01-23 20:49:49 +09:00
  • 96d5d8a396 nix: apply shared home config to reserved aid cat 2025-01-23 20:48:04 +09:00
  • 8a00a83c71 nix: expose syscall filter policy cat 2025-01-23 17:24:42 +09:00
  • 134247b57d nix: configure target users via nixos cat 2025-01-23 17:04:19 +09:00
  • b5bb7654da nix: redirect sway output to journal cat 2025-01-23 16:08:22 +09:00
  • cc1efa22e2 fst: add missing fields to template cat 2025-01-22 12:09:25 +09:00
  • 580128922b cmd/fpkg: expose syscall policy options cat 2025-01-22 12:01:30 +09:00
  • 23e1152baa app/share: clean BaseError message cat 2025-01-22 11:54:16 +09:00
  • 8c51012ef5 dbus: enable syscall filter cat 2025-01-22 02:01:01 +09:00
  • 5a64cdaf4f ldd: enable syscall filter cat 2025-01-22 02:00:49 +09:00
  • a30f5e1226 fortify: set up seccomp verbose logging early cat 2025-01-22 01:58:54 +09:00
  • 9a239fa1a5 helper/bwrap: integrate seccomp into helper interface cat 2025-01-22 01:51:10 +09:00
  • 82029948e6 proc: append to ExtraFiles slice pointer cat 2025-01-21 12:51:39 +09:00
  • dfcdc5ce20 state: store config in separate gob stream cat 2025-01-21 12:10:58 +09:00
  • fa0616b274 fortify: print permissive defaults warning early cat 2025-01-21 11:59:15 +09:00
  • 20a3d4c458 proc/priv/shim: resolve and load seccomp rules cat 2025-01-20 23:52:56 +09:00
  • 3df344828f proc/priv/shim: seccomp bpf filter via libseccomp cat 2025-01-20 23:39:47 +09:00
  • 27f5922d5c fst: include syscall filter configuration cat 2025-01-20 21:12:39 +09:00
  • 2cf1f46ea2 nix: test show without --short cat 2025-01-20 21:10:24 +09:00
  • 3c55fc8e86 proc/priv/shim: do not log bwrap args cat 2025-01-20 19:51:28 +09:00
  • eb0ef2d115 helper/bwrap: generic extra file interface cat 2025-01-19 19:18:22 +09:00
  • 2f70506865 helper/bwrap: move sync to helper state cat 2025-01-19 18:38:13 +09:00
  • cae567c109 proc/priv/shim: remove unnecessary state cat 2025-01-19 18:05:53 +09:00
  • 1ec901f79e release: 0.2.10 cat 2025-01-18 22:50:08 +09:00
  • 715addaccd helper/bwrap: append --sync-fd before -- cat 2025-01-18 12:30:03 +09:00
  • b31d055e20 proc/priv/init: early init check cat 2025-01-18 12:23:07 +09:00
  • 7baca66a56 proc: remove duplicate compile-time fortify reference cat 2025-01-18 11:59:33 +09:00
  • 27d2914286 proc/priv/init: merge init into main program cat 2025-01-18 11:47:01 +09:00
  • ea8f228af3 proc/priv/shim: merge shim into main program cat 2025-01-17 23:43:32 +09:00
  • 16db3dabe2 internal: do PR_SET_PDEATHSIG once cat 2025-01-17 23:08:46 +09:00
  • c4de450217 nix: do not force static linking on nix cat 2025-01-17 22:56:16 +09:00
  • b60c01f440 fortify: switch to static linking cat 2025-01-16 17:32:52 +09:00
  • 124743ffd3 app: expose single run method cat 2025-01-15 23:39:51 +09:00
  • be4d8b6300 release: 0.2.9 cat 2025-01-15 13:14:43 +09:00
  • 3e11ce6868 helper/bwrap: separate sequential/static args cat 2025-01-15 10:57:10 +09:00
  • 562f5ed797 fst: hide sockets exposed via Filesystem cat 2025-01-15 10:07:51 +09:00
  • db03565614 fst: move sandbox struct to separate file cat 2025-01-15 09:42:44 +09:00
  • 7d99e45b88 helper/bwrap: register OverlayConfig with gob cat 2025-01-14 12:25:10 +09:00
  • 1651eb06df dbus: implement dbus_parse_address cat 2025-01-12 23:24:03 +09:00
  • ac543a1ce8 dbus: rename makeTestCases cat 2025-01-12 23:21:28 +09:00
  • e2489059c1 helper/bwrap: implement overlayfs builder cat 2025-01-05 20:09:35 +09:00
  • 2e3f6a4c51 helper/bwrap: move test out of bwrap package cat 2025-01-05 19:45:24 +09:00
  • 2162029f46 helper/bwrap: add json struct tag to filesystem cat 2025-01-05 19:41:04 +09:00
  • a1148edd00 fst/config: allocate filesystem slice cat 2025-01-04 00:16:41 +09:00
  • 6acd0d4e88 linux/std: handle fsu exit status 1 cat 2025-01-01 21:34:57 +09:00
  • 35b7142317 fortify: show system info when instance is not specified cat 2025-01-01 19:28:58 +09:00
  • c4d6651cae update reverse-DNS style identifiers cat 2024-12-31 16:16:38 +09:00
  • 22a4b99674 cmd/fpkg/install: deduplicate nix store cat 2024-12-30 02:13:28 +09:00
  • 1464ef774b cmd/fpkg: expose nixGL wrappers cat 2024-12-30 02:02:20 +09:00
  • 66ba4cea5c cmd/fpkg: remove workDir acl from activation cat 2024-12-29 23:48:45 +09:00
  • f8d0786509 cmd/fpkg: include nixGL source in inner store cat 2024-12-29 23:37:11 +09:00
  • 56a73bb019 nix: create nixpkgs symlink cat 2024-12-29 23:23:11 +09:00
  • fb8abf63db nix: update flake lock cat 2024-12-29 23:14:16 +09:00
  • 63802c5f0d nix: nixos test create parent directory cat 2024-12-29 22:36:53 +09:00
  • aff80b6b00 cmd/fpkg: optional network access when invoking with nix daemon cat 2024-12-29 18:32:44 +09:00
  • a98a176907 cmd/fpkg: bind and document more gpu devices cat 2024-12-29 18:25:26 +09:00
  • 5302879b88 cmd/fpkg: improve readability of fortify invocations cat 2024-12-29 17:55:56 +09:00
  • 891b3cbde7 cmd/fpkg: compare all three store paths cat 2024-12-29 17:10:41 +09:00
  • c795293f36 cmd/fpkg: clean up broken links before activation cat 2024-12-29 15:21:40 +09:00
  • 42e1043300 nix: set home-manager user information cat 2024-12-29 15:11:36 +09:00
  • 5416b07daa nix: remove unused argument 'self' cat 2024-12-29 14:49:55 +09:00
  • e57a0e9bf2 nix: rename fortifyBundle to buildPackage cat 2024-12-29 14:35:37 +09:00
  • ab48706ebe dist: install fpkg to /usr/bin cat 2024-12-29 01:04:53 +09:00
  • c1a459a0b1 cmd/fpkg/start: correct drop to shell wording cat 2024-12-29 00:56:14 +09:00
  • 5125e96ecf nix: generate application package build script cat 2024-12-29 00:42:21 +09:00
  • e0e2f40e84 cmd/fpkg: app bundle helper cat 2024-12-26 13:21:49 +09:00
  • bf8094c6ca internal: include path to fortify main program cat 2024-12-26 12:48:48 +09:00
  • 2e3bb1893e release: 0.2.8 cat 2024-12-29 01:09:47 +09:00
  • 9b206072fa cmd/fshim: ensure data directory cat 2024-12-28 14:39:01 +09:00
  • b9e2003d5b app: ensure extra paths cat 2024-12-28 14:07:49 +09:00
  • 66ec0d882f dist: build with -trimpath cat 2024-12-28 13:44:05 +09:00
  • 847b667489 app: extra acl entries from configuration cat 2024-12-28 13:23:27 +09:00
  • c70f0612ad fortify/print: skip nil filesystem entries cat 2024-12-28 12:14:42 +09:00
  • 85e5b097fd fst/config: add template etc entry cat 2024-12-28 12:05:32 +09:00
  • 0107620d8c app: merge share methods cat 2024-12-28 11:12:35 +09:00
  • fc26659ea1 fst/config: autoetc read custom path cat 2024-12-27 18:57:44 +09:00
  • 1f173a469c system/dbus: fix inverted system bus state cat 2024-12-27 18:38:11 +09:00
  • 2fdbd6a4dd fst/config: alternative /etc directory cat 2024-12-27 18:06:26 +09:00
  • aef847b5ae helper/bwrap: fix typo in --dir config builder cat 2024-12-27 15:34:43 +09:00
  • 0a2aa5823b cmd/fshim: bind finit inside sandbox cat 2024-12-27 14:44:57 +09:00
  • b956ce4052 ldd: trim leading and trailing white spaces from name cat 2024-12-26 16:53:01 +09:00
  • dc579dc610 dbus/run: bind ldd entry absolute name cat 2024-12-26 16:36:03 +09:00
  • ade57c39af ldd: add fhs glibc test case cat 2024-12-26 16:29:10 +09:00
  • 614ad86a5b dbus: fail on LookPath error cat 2024-12-26 15:29:26 +09:00
  • 831dc6a181 dist: create checksum in dist directory cat 2024-12-26 15:14:35 +09:00
  • c67b8ab9ac fst/config: improve correctness of comments cat 2024-12-26 00:45:29 +09:00
  • 7c5aaa38e2 dist: include zsh completion cat 2024-12-25 23:41:54 +09:00
  • b52b1a5f90 dist/install: do not replace existing fsurc cat 2024-12-25 23:37:15 +09:00
  • 9fc82d67b7 fortify/parse: accept config stream fd cat 2024-12-23 20:09:07 +09:00
  • 70bffeaa1e fortify: clean up config loading cat 2024-12-23 17:57:54 +09:00
  • c109ac2653 release: 0.2.7 cat 2024-12-22 13:34:50 +09:00
  • 58f8731b2e nix: include fortify show output cat 2024-12-22 13:28:21 +09:00
  • 8a9ba5e0ad fortify: show short mode omit filesystems cat 2024-12-22 13:20:33 +09:00
  • f608f28a6a app: mount /dev/kvm in permissive defaults cat 2024-12-22 12:37:24 +09:00
  • aecfae1874 fortify: sort by time of start cat 2024-12-22 12:06:54 +09:00