security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 35 Wiki Activity

seccomp: move out of helper
All checks were successful
Test / Create distribution (push) Successful in 29s
Details
Test / Fortify (push) Successful in 2m53s
Details
Test / Fpkg (push) Successful in 4m0s
Details
Test / Data race detector (push) Successful in 4m9s
Details
Test / Flake checks (push) Successful in 59s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-03-14 22:42:40 +09:00
parent 7c60a4d8e8
commit 2647a71be1
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
14 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/fpkg/main.go
View File

@ -13,13 +13,13 @@ import (
"git.gensokyo.uk/security/fortify/command"
"git.gensokyo.uk/security/fortify/fst"
"git.gensokyo.uk/security/fortify/helper/bwrap"
"git.gensokyo.uk/security/fortify/helper/seccomp"
"git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/app/init0"
"git.gensokyo.uk/security/fortify/internal/app/shim"
"git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox"
"git.gensokyo.uk/security/fortify/internal/sys"
"git.gensokyo.uk/security/fortify/seccomp"
)
const shellPath = "/run/current-system/sw/bin/bash"

2
helper/bwrap/config_test.go
View File

@ -8,7 +8,7 @@ import (
"git.gensokyo.uk/security/fortify/helper/bwrap"
"git.gensokyo.uk/security/fortify/helper/proc"
"git.gensokyo.uk/security/fortify/helper/seccomp"
"git.gensokyo.uk/security/fortify/seccomp"
)
func TestConfig_Args(t *testing.T) {

2
helper/bwrap/seccomp.go
View File

@ -5,7 +5,7 @@ import (
"strconv"
"git.gensokyo.uk/security/fortify/helper/proc"
"git.gensokyo.uk/security/fortify/helper/seccomp"
"git.gensokyo.uk/security/fortify/seccomp"
)
type SyscallPolicy struct {

2
internal/app/shim/main.go
View File

@ -14,10 +14,10 @@ import (
"git.gensokyo.uk/security/fortify/fst"
"git.gensokyo.uk/security/fortify/helper"
"git.gensokyo.uk/security/fortify/helper/proc"
"git.gensokyo.uk/security/fortify/helper/seccomp"
"git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/app/init0"
"git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/seccomp"
)
// everything beyond this point runs as unconstrained target user

2
internal/sandbox/container.go
View File

@ -12,9 +12,9 @@ import (
"syscall"
"git.gensokyo.uk/security/fortify/helper/proc"
"git.gensokyo.uk/security/fortify/helper/seccomp"
"git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/seccomp"
)
type HardeningFlags uintptr

2
internal/sandbox/init.go
View File

@ -14,9 +14,9 @@ import (
"time"
"git.gensokyo.uk/security/fortify/helper/proc"
"git.gensokyo.uk/security/fortify/helper/seccomp"
"git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/seccomp"
)
const (

2
main.go
View File

@ -18,7 +18,6 @@ import (
"git.gensokyo.uk/security/fortify/command"
"git.gensokyo.uk/security/fortify/dbus"
"git.gensokyo.uk/security/fortify/fst"
"git.gensokyo.uk/security/fortify/helper/seccomp"
"git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/app"
"git.gensokyo.uk/security/fortify/internal/app/init0"
@ -27,6 +26,7 @@ import (
"git.gensokyo.uk/security/fortify/internal/sandbox"
"git.gensokyo.uk/security/fortify/internal/state"
"git.gensokyo.uk/security/fortify/internal/sys"
"git.gensokyo.uk/security/fortify/seccomp"
"git.gensokyo.uk/security/fortify/system"
)

0
helper/seccomp/api.go → seccomp/api.go
View File

0
helper/seccomp/export.go → seccomp/export.go
View File

2
helper/seccomp/export_test.go → seccomp/export_test.go
View File

@ -9,7 +9,7 @@ import (
"syscall"
"testing"
"git.gensokyo.uk/security/fortify/helper/seccomp"
"git.gensokyo.uk/security/fortify/seccomp"
)
func TestExport(t *testing.T) {

0
helper/seccomp/seccomp-build.c → seccomp/seccomp-build.c
View File

0
helper/seccomp/seccomp-build.h → seccomp/seccomp-build.h
View File

0
helper/seccomp/seccomp.go → seccomp/seccomp.go
View File

2
helper/seccomp/seccomp_test.go → seccomp/seccomp_test.go
View File

@ -6,7 +6,7 @@ import (
"syscall"
"testing"
"git.gensokyo.uk/security/fortify/helper/seccomp"
"git.gensokyo.uk/security/fortify/seccomp"
)
func TestLibraryError(t *testing.T) {