security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 35 Wiki Activity

sandbox: move out of internal
All checks were successful
Test / Create distribution (push) Successful in 18s
Details
Test / Fpkg (push) Successful in 2m40s
Details
Test / Data race detector (push) Successful in 3m13s
Details
Test / Fortify (push) Successful in 3m1s
Details
Test / Flake checks (push) Successful in 51s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-03-17 02:55:36 +09:00
parent 9ce4706a07
commit 24618ab9a1
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
37 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/fpkg/main.go
View File

@ -17,8 +17,8 @@ import (
"git.gensokyo.uk/security/fortify/internal/app/init0" "git.gensokyo.uk/security/fortify/internal/app/init0"
"git.gensokyo.uk/security/fortify/internal/app/shim" "git.gensokyo.uk/security/fortify/internal/app/shim"
"git.gensokyo.uk/security/fortify/internal/fmsg" "git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox"
"git.gensokyo.uk/security/fortify/internal/sys" "git.gensokyo.uk/security/fortify/internal/sys"
"git.gensokyo.uk/security/fortify/sandbox"
) )
const shellPath = "/run/current-system/sw/bin/bash" const shellPath = "/run/current-system/sw/bin/bash"

2
dbus/dbus_test.go
View File

@ -15,7 +15,7 @@ import (
"git.gensokyo.uk/security/fortify/helper" "git.gensokyo.uk/security/fortify/helper"
"git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/fmsg" "git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/sandbox"
) )
func TestNew(t *testing.T) { func TestNew(t *testing.T) {

4
dbus/proc.go
View File

@ -14,9 +14,9 @@ import (
"syscall" "syscall"
"git.gensokyo.uk/security/fortify/helper" "git.gensokyo.uk/security/fortify/helper"
"git.gensokyo.uk/security/fortify/internal/sandbox"
"git.gensokyo.uk/security/fortify/ldd" "git.gensokyo.uk/security/fortify/ldd"
"git.gensokyo.uk/security/fortify/seccomp" "git.gensokyo.uk/security/fortify/sandbox"
"git.gensokyo.uk/security/fortify/sandbox/seccomp"
) )
// Start launches the D-Bus proxy. // Start launches the D-Bus proxy.

2
helper/bwrap/config_test.go
View File

@ -7,7 +7,7 @@ import (
"git.gensokyo.uk/security/fortify/helper/bwrap" "git.gensokyo.uk/security/fortify/helper/bwrap"
"git.gensokyo.uk/security/fortify/helper/proc" "git.gensokyo.uk/security/fortify/helper/proc"
"git.gensokyo.uk/security/fortify/seccomp" "git.gensokyo.uk/security/fortify/sandbox/seccomp"
) )
func TestConfig_Args(t *testing.T) { func TestConfig_Args(t *testing.T) {

2
helper/bwrap/seccomp.go
View File

@ -5,7 +5,7 @@ import (
"strconv" "strconv"
"git.gensokyo.uk/security/fortify/helper/proc" "git.gensokyo.uk/security/fortify/helper/proc"
"git.gensokyo.uk/security/fortify/seccomp" "git.gensokyo.uk/security/fortify/sandbox/seccomp"
) )
type SyscallPolicy struct { type SyscallPolicy struct {

2
helper/container.go
View File

@ -9,7 +9,7 @@ import (
"sync" "sync"
"git.gensokyo.uk/security/fortify/helper/proc" "git.gensokyo.uk/security/fortify/helper/proc"
"git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/sandbox"
) )
// New initialises a Helper instance with wt as the null-terminated argument writer. // New initialises a Helper instance with wt as the null-terminated argument writer.

2
helper/container_test.go
View File

@ -10,7 +10,7 @@ import (
"git.gensokyo.uk/security/fortify/helper" "git.gensokyo.uk/security/fortify/helper"
"git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/fmsg" "git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/sandbox"
) )
func TestContainer(t *testing.T) { func TestContainer(t *testing.T) {

2
internal/app/init0/main.go
View File

@ -11,7 +11,7 @@ import (
"git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/fmsg" "git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/sandbox"
) )
const ( const (

2
internal/app/shim/main.go
View File

@ -16,7 +16,7 @@ import (
"git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/app/init0" "git.gensokyo.uk/security/fortify/internal/app/init0"
"git.gensokyo.uk/security/fortify/internal/fmsg" "git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/sandbox"
) )
// everything beyond this point runs as unconstrained target user // everything beyond this point runs as unconstrained target user

2
internal/app/shim/manager.go
View File

@ -13,7 +13,7 @@ import (
"git.gensokyo.uk/security/fortify/helper/proc" "git.gensokyo.uk/security/fortify/helper/proc"
"git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/fmsg" "git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/sandbox"
) )
// used by the parent process // used by the parent process

4
internal/output.go
View File

@ -2,8 +2,8 @@ package internal
import ( import (
"git.gensokyo.uk/security/fortify/internal/fmsg" "git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/sandbox"
"git.gensokyo.uk/security/fortify/seccomp" "git.gensokyo.uk/security/fortify/sandbox/seccomp"
"git.gensokyo.uk/security/fortify/system" "git.gensokyo.uk/security/fortify/system"
) )

2
internal/sys/std.go
View File

@ -15,7 +15,7 @@ import (
"git.gensokyo.uk/security/fortify/fst" "git.gensokyo.uk/security/fortify/fst"
"git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/fmsg" "git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/sandbox"
) )
// Std implements System using the standard library. // Std implements System using the standard library.

2
ldd/exec.go
View File

@ -8,7 +8,7 @@ import (
"os/exec" "os/exec"
"time" "time"
"git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/sandbox"
) )
const lddTimeout = 2 * time.Second const lddTimeout = 2 * time.Second

2
main.go
View File

@ -23,9 +23,9 @@ import (
"git.gensokyo.uk/security/fortify/internal/app/init0" "git.gensokyo.uk/security/fortify/internal/app/init0"
"git.gensokyo.uk/security/fortify/internal/app/shim" "git.gensokyo.uk/security/fortify/internal/app/shim"
"git.gensokyo.uk/security/fortify/internal/fmsg" "git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox"
"git.gensokyo.uk/security/fortify/internal/state" "git.gensokyo.uk/security/fortify/internal/state"
"git.gensokyo.uk/security/fortify/internal/sys" "git.gensokyo.uk/security/fortify/internal/sys"
"git.gensokyo.uk/security/fortify/sandbox"
"git.gensokyo.uk/security/fortify/system" "git.gensokyo.uk/security/fortify/system"
) )

0
internal/sandbox/const.go → sandbox/const.go
View File

2
internal/sandbox/container.go → sandbox/container.go
View File

@ -13,7 +13,7 @@ import (
"syscall" "syscall"
"time" "time"
"git.gensokyo.uk/security/fortify/seccomp" "git.gensokyo.uk/security/fortify/sandbox/seccomp"
) )
type HardeningFlags uintptr type HardeningFlags uintptr

4
internal/sandbox/container_test.go → sandbox/container_test.go
View File

@ -14,9 +14,9 @@ import (
"git.gensokyo.uk/security/fortify/fst" "git.gensokyo.uk/security/fortify/fst"
"git.gensokyo.uk/security/fortify/internal" "git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/fmsg" "git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox"
"git.gensokyo.uk/security/fortify/ldd" "git.gensokyo.uk/security/fortify/ldd"
"git.gensokyo.uk/security/fortify/seccomp" "git.gensokyo.uk/security/fortify/sandbox"
"git.gensokyo.uk/security/fortify/sandbox/seccomp"
check "git.gensokyo.uk/security/fortify/test/sandbox" check "git.gensokyo.uk/security/fortify/test/sandbox"
) )

0
internal/sandbox/executable.go → sandbox/executable.go
View File

2
internal/sandbox/executable_test.go → sandbox/executable_test.go
View File

@ -4,7 +4,7 @@ import (
"os" "os"
"testing" "testing"
"git.gensokyo.uk/security/fortify/internal/sandbox" "git.gensokyo.uk/security/fortify/sandbox"
) )
func TestExecutable(t *testing.T) { func TestExecutable(t *testing.T) {

2
internal/sandbox/init.go → sandbox/init.go
View File

@ -13,7 +13,7 @@ import (
"syscall" "syscall"
"time" "time"
"git.gensokyo.uk/security/fortify/seccomp" "git.gensokyo.uk/security/fortify/sandbox/seccomp"
) )
const ( const (

0
internal/sandbox/mount.go → sandbox/mount.go
View File

0
internal/sandbox/msg.go → sandbox/msg.go
View File

0
internal/sandbox/output.go → sandbox/output.go
View File

0
internal/sandbox/overflow.go → sandbox/overflow.go
View File

0
internal/sandbox/params.go → sandbox/params.go
View File

0
internal/sandbox/path.go → sandbox/path.go
View File

0
seccomp/api.go → sandbox/seccomp/api.go
View File

0
seccomp/export.go → sandbox/seccomp/export.go
View File

2
seccomp/export_test.go → sandbox/seccomp/export_test.go
View File

@ -8,7 +8,7 @@ import (
"syscall" "syscall"
"testing" "testing"
"git.gensokyo.uk/security/fortify/seccomp" "git.gensokyo.uk/security/fortify/sandbox/seccomp"
) )
func TestExport(t *testing.T) { func TestExport(t *testing.T) {

0
seccomp/output.go → sandbox/seccomp/output.go
View File

0
seccomp/seccomp-build.c → sandbox/seccomp/seccomp-build.c
View File

0
seccomp/seccomp-build.h → sandbox/seccomp/seccomp-build.h
View File

0
seccomp/seccomp.go → sandbox/seccomp/seccomp.go
View File

2
seccomp/seccomp_test.go → sandbox/seccomp/seccomp_test.go
View File

@ -6,7 +6,7 @@ import (
"syscall" "syscall"
"testing" "testing"
"git.gensokyo.uk/security/fortify/seccomp" "git.gensokyo.uk/security/fortify/sandbox/seccomp"
) )
func TestLibraryError(t *testing.T) { func TestLibraryError(t *testing.T) {

0
internal/sandbox/sequential.go → sandbox/sequential.go
View File

0
internal/sandbox/syscall.go → sandbox/syscall.go
View File

2
system/output.go
View File

@ -1,6 +1,6 @@
package system package system
import "git.gensokyo.uk/security/fortify/internal/sandbox" import "git.gensokyo.uk/security/fortify/sandbox"
var msg sandbox.Msg = new(sandbox.DefaultMsg) var msg sandbox.Msg = new(sandbox.DefaultMsg)