security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 36 Wiki Activity

fortify: print comp values early
Some checks failed
Test / Create distribution (push) Successful in 28s
Details
Test / Fpkg (push) Successful in 3m32s
Details
Test / Fortify (push) Failing after 18m0s
Details
Test / Data race detector (push) Failing after 18m58s
Details
Test / Flake checks (push) Has been skipped
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-02-26 20:10:32 +09:00
parent 673b648bd3
commit e564b5bdec
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
3 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/fpkg/main.go
View File

@ -62,6 +62,10 @@ func main() {
if flagVerbose { if flagVerbose {
seccomp.CPrintln = log.Println seccomp.CPrintln = log.Println
} }
// read comp values early to allow for early failure
fmsg.Verbosef("version %s", internal.Version())
fmsg.Verbosef("setuid helper at %s", internal.MustFsuPath())
return nil return nil
}). }).
Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console"). Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console").

4
main.go
View File

@ -73,6 +73,10 @@ func buildCommand(out io.Writer) command.Command {
if flagVerbose { if flagVerbose {
seccomp.CPrintln = log.Println seccomp.CPrintln = log.Println
} }
// read comp values early to allow for early failure
fmsg.Verbosef("version %s", internal.Version())
fmsg.Verbosef("setuid helper at %s", internal.MustFsuPath())
return nil return nil
}). }).
Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console"). Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console").

5
test/test.py
View File

@ -83,7 +83,8 @@ machine.succeed(
"fortify-fhs -c '(cd /tmp/src && go generate ./... && go test ./... && touch /tmp/success-gotest)' &> /tmp/gotest &") "fortify-fhs -c '(cd /tmp/src && go generate ./... && go test ./... && touch /tmp/success-gotest)' &> /tmp/gotest &")
# To check fortify's version: # To check fortify's version:
print(machine.succeed("sudo -u alice -i fortify version")) fortifyVersion = machine.succeed("sudo -u alice -i fortify version")
print(fortifyVersion)
# Wait for Sway to complete startup: # Wait for Sway to complete startup:
machine.wait_for_file("/run/user/1000/wayland-1") machine.wait_for_file("/run/user/1000/wayland-1")
@ -101,7 +102,7 @@ print(machine.fail("sudo -u alice -i fsu"))
# Verify PrintBaseError behaviour: # Verify PrintBaseError behaviour:
if denyOutput != "fsu: uid 1001 is not in the fsurc file\n": if denyOutput != "fsu: uid 1001 is not in the fsurc file\n":
raise Exception(f"unexpected deny output:\n{denyOutput}") raise Exception(f"unexpected deny output:\n{denyOutput}")
if denyOutputVerbose != "fsu: uid 1001 is not in the fsurc file\nfortify: *cannot obtain uid from fsu: permission denied\n": if denyOutputVerbose != f"fortify: version {fortifyVersion}fortify: setuid helper at /run/wrappers/bin/fsu\nfsu: uid 1001 is not in the fsurc file\nfortify: *cannot obtain uid from fsu: permission denied\n":
raise Exception(f"unexpected deny verbose output:\n{denyOutputVerbose}") raise Exception(f"unexpected deny verbose output:\n{denyOutputVerbose}")
# Start fortify permissive defaults outside Wayland session: # Start fortify permissive defaults outside Wayland session: