rosa/hakurei
6
4
Fork 2
Code Issues 10 Pull Requests 1 Actions 1 Packages Projects Releases 20 Wiki Activity

Commit Graph

  • 3962705126 nix: keep fshim and finit names cat 2024-11-06 14:59:28 +09:00
  • ad80be721b nix: improve start script cat 2024-11-06 14:09:41 +09:00
  • f831948bca release: 0.1.0 cat 2024-11-06 04:37:43 +09:00
  • 2e31b3d3a1 update README document cat 2024-11-06 04:35:52 +09:00
  • 4d90e73366 nix: generate strict sandbox configuration cat 2024-11-06 04:25:15 +09:00
  • 3dfc1fcd56 app: support full /dev access cat 2024-11-06 03:49:39 +09:00
  • 89bafd0c22 fortify: root check before command handling cat 2024-11-05 12:57:03 +09:00
  • 861bb1274f fortify: override default usage function cat 2024-11-05 00:12:31 +09:00
  • 714818c8aa fortify: implement cleaner argument structure cat 2024-11-04 23:08:29 +09:00
  • 69cc64ef56 linux: provide access to stdout cat 2024-11-04 22:55:46 +09:00
  • fc25ac2523 app: separate auto etc from permissive defaults cat 2024-11-04 22:18:05 +09:00
  • d909b1190a app/config: UseRealUID as true in template cat 2024-11-04 19:45:31 +09:00
  • cfd05b10f1 release: 0.0.11 cat 2024-11-04 13:46:47 +09:00
  • aa067436a7 workflows: build all packages with full ldflags cat 2024-11-04 13:43:57 +09:00
  • d7df24c999 fmsg: drop messages when msgbuf is full during withhold cat 2024-11-04 12:56:19 +09:00
  • 88abcbe0b2 cmd/fsu: remove import of internal package cat 2024-11-04 12:32:14 +09:00
  • af15b1c048 app: support mapping target uid as privileged uid in sandbox cat 2024-11-04 03:15:39 +09:00
  • 7962681f4a app: format mapped uid instead of real uid cat 2024-11-04 00:49:32 +09:00
  • bfcce3ff75 system/dbus: buffer xdg-dbus-proxy messages cat 2024-11-03 03:07:02 +09:00
  • 8cd3651bb6 cmd/fshim/ipc: friendly setup timeout message cat 2024-11-03 02:03:30 +09:00
  • 422d8e00d5 fortify: replace direct syscall with prctl wrapper cat 2024-11-02 17:00:25 +09:00
  • 584732f80a cmd: shim and init into separate binaries cat 2024-11-02 03:03:44 +09:00
  • 4b7b899bb3 add package doc comments cat 2024-10-28 20:57:59 +09:00
  • 563c39c2d9 release: 0.0.10 cat 2024-10-28 20:38:10 +09:00
  • aa1f96eeeb fsu: check parent executable path cat 2024-10-28 18:52:23 +09:00
  • 431dc095e5 app/start: skip cleanup if shim is nil cat 2024-10-28 14:21:15 +09:00
  • 60e91b9b0f shim: expose checkPid in constructor cat 2024-10-27 23:49:37 +09:00
  • d9cb2a9f2b fsu: implement simple setuid user switcher cat 2024-10-27 23:45:52 +09:00
  • 09feda3783 fortify: exit if seal returns error cat 2024-10-27 23:18:16 +09:00
  • 51e84ba8a5 system/dbus: compare sealed value by string cat 2024-10-27 11:56:20 +09:00
  • 7df9d8d01d system: move sd_booted implementation to os abstraction cat 2024-10-27 12:08:17 +09:00
  • 6d8bcb63f2 release: 0.0.9 cat 2024-10-27 01:25:24 +09:00
  • c7b77d6e5e fmsg: initialise dequeue prior to withhold/resume cat 2024-10-27 01:24:30 +09:00
  • 2f34627d37 release: 0.0.8 cat 2024-10-27 00:49:50 +09:00
  • 1d6ea81205 shim: user switcher process management struct cat 2024-10-27 00:46:15 +09:00
  • ae1a102882 fmsg: support temporarily withholding output cat 2024-10-26 23:09:32 +09:00
  • 093e99d062 app: separate nixos test cases from tests cat 2024-10-25 17:44:29 +09:00
  • ad7e389eee app: test app permissive defaults sealing behaviour cat 2024-10-25 17:12:13 +09:00
  • 5b249e4a66 system: print number of ops completed at point of failure cat 2024-10-25 17:08:21 +09:00
  • 2a348c7f91 system: include more info in ACL Stringer cat 2024-10-25 16:23:22 +09:00
  • eb767e7642 app/start: cleaner command not found message cat 2024-10-25 16:12:18 +09:00
  • 3bfe8dbf5d internal: ReadDir wrapper return fs.DirEntry cat 2024-10-25 14:56:29 +09:00
  • 8fa791a2f8 app/seal: symlink /etc entries in permissive default cat 2024-10-25 13:31:57 +09:00
  • b932ac8260 app/config: support creating symlinks within sandbox cat 2024-10-25 13:29:01 +09:00
  • 050ffceb27 helper/bwrap: register generic PermConfig types with gob cat 2024-10-25 13:26:01 +09:00
  • 31350d74e5 shim: kill shim if setup becomes impossible cat 2024-10-25 13:19:37 +09:00
  • 3b82cc55de internal: use fallback paths when XDG_RUNTIME_DIR is not absolute cat 2024-10-25 12:14:57 +09:00
  • 6bc5be7e5a internal: wrap calls to os standard library functions cat 2024-10-23 21:46:21 +09:00
  • e35c5fe3ed system: sys comparison method cat 2024-10-23 14:15:13 +09:00
  • 20195ece47 system: return sys in queueing methods cat 2024-10-23 12:34:16 +09:00
  • cafed5f234 shim: abort setup on failed start and process exit cat 2024-10-21 21:23:56 +09:00
  • 42e0b168e3 fmsg: produce all output through fmsg cat 2024-10-21 20:47:02 +09:00
  • 380d1f4585 app: move wayland mediation to shim package cat 2024-10-20 22:54:47 +09:00
  • 133f23e0de release: 0.0.7 cat 2024-10-20 19:50:59 +09:00
  • 65af1684e3 migrate to git.ophivana.moe/security/fortify cat 2024-10-20 19:50:13 +09:00
  • cdda33555c update README document cat 2024-10-20 00:24:50 +09:00
  • ad0034b09a app: move app ID to app struct cat 2024-10-20 00:07:48 +09:00
  • 1da845d78b workflows: call apt-get without sudo cat 2024-10-18 22:56:49 +09:00
  • 55bb348d5f state: store launch method instead of launcher path cat 2024-10-18 22:25:09 +09:00
  • ecce832d93 release: 0.0.6 cat 2024-10-18 01:26:42 +09:00
  • 65bd7d18db app/share: fix order to ensure SharePath before any of its subdirectories cat 2024-10-18 01:21:58 +09:00
  • 4ebb98649e release: 0.0.5 cat 2024-10-17 20:48:41 +09:00
  • 919e5b5cd5 init: start timeout only if reaped PID is the initial process cat 2024-10-17 20:46:25 +09:00
  • 40161c5938 nix: remove fortify package from default devShell cat 2024-10-17 20:35:10 +09:00
  • 679e719f9e system: tests for all Op implementations except DBus cat 2024-10-17 20:28:55 +09:00
  • 064db9f020 system/mkdir: type label in String method cat 2024-10-17 16:37:23 +09:00
  • 73a698c7cb ldd: run ldd with read-only filesystem and unshared net cat 2024-10-17 15:37:27 +09:00
  • 57c1b3eda6 system: handle invalid enablement in String method cat 2024-10-17 14:31:13 +09:00
  • 5401882ed0 init: post initial process death exit timeout cat 2024-10-17 02:38:24 +09:00
  • dd78728fb3 workflows: test workflow to run tests every commit cat 2024-10-17 00:18:20 +09:00
  • 354c23dd28 workflows: add lines between steps cat 2024-10-17 00:17:40 +09:00
  • c21168a741 system: move enablements from state package cat 2024-10-16 14:38:57 +09:00
  • 084cd84f36 app: port app to use the system package cat 2024-10-16 01:38:59 +09:00
  • 430f1a5b4e system: isolate app/system into generic implementation cat 2024-10-16 01:31:23 +09:00
  • 0fd63e85e7 fmsg/errors: isolate app/error into a separate package cat 2024-10-16 01:29:44 +09:00
  • 33cf0bed54 dbus: various accessors for dbus.Proxy internal fields cat 2024-10-16 01:27:49 +09:00
  • 689f5bed57 release: 0.0.4 cat 2024-10-15 02:56:49 +09:00
  • 184a5f29fa helper/bwrap: add fortify permissive default test case cat 2024-10-15 02:56:13 +09:00
  • 3015266e5a helper/bwrap: sort SetEnv arguments cat 2024-10-15 02:55:48 +09:00
  • aa5dd2313c app: filter /tmp from permissive default cat 2024-10-15 02:54:50 +09:00
  • 2faf510146 helper/bwrap: ordered filesystem args cat 2024-10-15 02:15:55 +09:00
  • a0db19b9ad helper/bwrap: format mode in octal cat 2024-10-14 13:47:50 +09:00
  • aaed5080f4 fortify: move PR_SET_DUMPABLE to the beginning of main cat 2024-10-14 02:48:37 +09:00
  • 41a7eb567e release: 0.0.3 cat 2024-10-14 02:31:11 +09:00
  • 1302bcede0 init: custom init process inside sandbox cat 2024-10-14 02:27:02 +09:00
  • 315c9b8849 fortify: refuse to run as root cat 2024-10-13 20:06:47 +09:00
  • 3739b56504 shim: update payload comment cat 2024-10-13 17:19:50 +09:00
  • 77f2c320a6 shim: re-exec self on startup cat 2024-10-13 16:56:10 +09:00
  • b470941911 shim: get rid of insane launch condition cat 2024-10-13 12:09:38 +09:00
  • e4536b87ad app: generate and replace passwd and group files cat 2024-10-13 02:43:00 +09:00
  • 65a5f8fb08 app/config: map bwrap tmpfs in app config cat 2024-10-13 02:39:27 +09:00
  • aee96b0fdf helper/bwrap: allow pushing generic arguments to the end of argument stream cat 2024-10-13 02:26:01 +09:00
  • 655020eb5d app/config: always use nobody UID within sandbox cat 2024-10-13 00:50:24 +09:00
  • f320dfc2ee fortify: set SUID_DUMP_DISABLE after flag parse cat 2024-10-13 00:09:14 +09:00
  • c818ea649a app/seal: skip /mnt in permissive default cat 2024-10-13 00:07:48 +09:00
  • b091260fd3 update README document cat 2024-10-13 00:07:10 +09:00
  • b9d5fe49cb nix: pass $SHELL for shell interpreter cat 2024-10-12 23:01:06 +09:00
  • d37dcff2fc app/seal: allow GPU access in permissive default when either X11/Wayland is enabled cat 2024-10-12 22:55:53 +09:00
  • 805ef99f9b app: filesystem struct that maps to all bwrap bind options cat 2024-10-12 22:33:04 +09:00
  • 283bcba05b fortify/config: flag to print template config serialised as JSON cat 2024-10-12 19:46:40 +09:00