78aaae7ee0
helper/args: copy args on wt creation
...
Test / Create distribution (push) Successful in 26s
Test / Fortify (push) Successful in 2m49s
Test / Data race detector (push) Successful in 3m4s
Test / Fpkg (push) Successful in 3m15s
Test / Flake checks (push) Successful in 1m1s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-27 18:22:07 +09:00
5c82f1ed3e
helper/stub: output to stdout
...
Test / Create distribution (push) Successful in 19s
Test / Fortify (push) Successful in 43s
Test / Fpkg (push) Successful in 1m26s
Test / Data race detector (push) Successful in 2m28s
Test / Flake checks (push) Successful in 1m0s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-27 17:25:10 +09:00
b39f3aeb59
helper: remove bubblewrap wrapper
...
Test / Create distribution (push) Successful in 19s
Test / Fortify (push) Successful in 2m12s
Test / Fpkg (push) Successful in 3m34s
Test / Data race detector (push) Successful in 4m19s
Test / Flake checks (push) Successful in 57s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-25 05:35:02 +09:00
1b9408864f
sandbox: pass cmd to cancel function
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m35s
Test / Fpkg (push) Successful in 3m36s
Test / Data race detector (push) Successful in 4m11s
Test / Flake checks (push) Successful in 49s
This is not usually in scope otherwise.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 22:36:39 +09:00
24618ab9a1
sandbox: move out of internal
...
Test / Create distribution (push) Successful in 18s
Test / Fpkg (push) Successful in 2m40s
Test / Data race detector (push) Successful in 3m13s
Test / Fortify (push) Successful in 3m1s
Test / Flake checks (push) Successful in 51s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 02:55:36 +09:00
9ce4706a07
sandbox: move params setup functions
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m37s
Test / Fpkg (push) Successful in 3m30s
Test / Data race detector (push) Successful in 4m8s
Test / Flake checks (push) Successful in 57s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 02:48:32 +09:00
9a1f8e129f
sandbox: wrap fmsg interface
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m27s
Test / Fpkg (push) Successful in 3m36s
Test / Data race detector (push) Successful in 4m16s
Test / Flake checks (push) Successful in 55s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 02:44:07 +09:00
ee10860357
seccomp: install output atomically
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m33s
Test / Fpkg (push) Successful in 3m17s
Test / Data race detector (push) Successful in 4m1s
Test / Flake checks (push) Successful in 49s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 01:10:27 +09:00
44277dc0f1
dbus: run in native sandbox
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m31s
Test / Fpkg (push) Successful in 3m25s
Test / Data race detector (push) Successful in 4m5s
Test / Flake checks (push) Successful in 53s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 00:13:14 +09:00
42de09e896
helper: implement native container backend
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m36s
Test / Fpkg (push) Successful in 3m23s
Test / Data race detector (push) Successful in 3m52s
Test / Flake checks (push) Successful in 49s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-16 02:57:46 +09:00
1576fea8a3
helper: raise WaitDelay during tests
...
Test / Create distribution (push) Successful in 24s
Test / Fpkg (push) Successful in 3m19s
Test / Data race detector (push) Successful in 3m54s
Test / Fortify (push) Successful in 1m39s
Test / Flake checks (push) Successful in 49s
Helper runs very slowly with race detector. This prevents it from timing out.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-16 02:49:41 +09:00
273d97af85
ldd: lib paths resolve function
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m37s
Test / Fpkg (push) Successful in 3m37s
Test / Data race detector (push) Successful in 3m50s
Test / Flake checks (push) Successful in 56s
This is what always happens right after a ldd call, so implement it here.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-16 01:20:09 +09:00
891316d924
helper/stub: copy args to stderr
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m33s
Test / Fpkg (push) Successful in 3m30s
Test / Data race detector (push) Successful in 3m52s
Test / Flake checks (push) Successful in 53s
Some helpers are implemented via go test itself in tests, and as a result stdout gets clobbered.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-16 00:39:42 +09:00
6e7ddb2d2e
helper: eliminate commandContext replacement
...
Test / Create distribution (push) Successful in 26s
Test / Fortify (push) Successful in 2m44s
Test / Fpkg (push) Successful in 3m42s
Test / Data race detector (push) Successful in 3m51s
Test / Flake checks (push) Successful in 57s
This is done more cleanly by modifying Args in cmdF.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-16 00:01:25 +09:00
10a21ce3ef
helper: expose extra files to direct
...
Test / Create distribution (push) Successful in 42s
Test / Fpkg (push) Successful in 11m23s
Test / Fortify (push) Successful in 5m32s
Test / Data race detector (push) Successful in 2m35s
Test / Flake checks (push) Successful in 56s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-15 02:27:40 +09:00
0f1f0e4364
helper: combine helper ipc setup
...
Test / Create distribution (push) Successful in 43s
Test / Fortify (push) Successful in 6m53s
Test / Fpkg (push) Successful in 11m51s
Test / Data race detector (push) Successful in 2m32s
Test / Flake checks (push) Successful in 56s
The two-step args call is no longer necessary since stat is passed on initialisation.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-15 02:10:22 +09:00
f9bf20a3c7
helper: rearrange initialisation args
...
Test / Create distribution (push) Successful in 41s
Test / Fortify (push) Successful in 3m3s
Test / Data race detector (push) Successful in 4m32s
Test / Fpkg (push) Successful in 4m47s
Test / Flake checks (push) Successful in 1m3s
This improves consistency across two different helper implementations.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-15 01:06:31 +09:00
73c1a83032
helper: move process wrapper to direct
...
Test / Create distribution (push) Successful in 27s
Test / Fortify (push) Successful in 2m42s
Test / Fpkg (push) Successful in 3m49s
Test / Data race detector (push) Successful in 4m1s
Test / Flake checks (push) Successful in 59s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-15 00:33:25 +09:00
f443d315ad
helper: clean up interface
...
Test / Create distribution (push) Successful in 26s
Test / Fortify (push) Successful in 2m37s
Test / Fpkg (push) Successful in 3m40s
Test / Data race detector (push) Successful in 3m54s
Test / Flake checks (push) Successful in 59s
The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-15 00:27:44 +09:00
9e18d1de77
helper/proc: pass extra files and start
...
Test / Create distribution (push) Successful in 28s
Test / Fortify (push) Successful in 2m41s
Test / Fpkg (push) Successful in 3m38s
Test / Data race detector (push) Successful in 3m53s
Test / Flake checks (push) Successful in 59s
For integration with native container tooling.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-14 23:23:57 +09:00
2647a71be1
seccomp: move out of helper
...
Test / Create distribution (push) Successful in 29s
Test / Fortify (push) Successful in 2m53s
Test / Fpkg (push) Successful in 4m0s
Test / Data race detector (push) Successful in 4m9s
Test / Flake checks (push) Successful in 59s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-14 22:42:40 +09:00
7c60a4d8e8
helper: embed context on creation
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m34s
Test / Fpkg (push) Successful in 3m22s
Test / Data race detector (push) Successful in 3m44s
Test / Flake checks (push) Successful in 49s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-14 18:30:22 +09:00
29c3f8becb
helper/seccomp: improve error handling
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m32s
Test / Fpkg (push) Successful in 3m18s
Test / Data race detector (push) Successful in 3m26s
Test / Flake checks (push) Successful in 47s
This passes both errno and libseccomp return value.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-12 15:52:48 +09:00
be16970e77
helper/seccomp: seccomp_load on negative fd
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m32s
Test / Fpkg (push) Successful in 3m23s
Test / Data race detector (push) Successful in 3m28s
Test / Flake checks (push) Successful in 50s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-12 15:18:52 +09:00
61e58aa14d
helper/proc: expose setup file
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m34s
Test / Fpkg (push) Successful in 3m29s
Test / Data race detector (push) Successful in 3m27s
Test / Flake checks (push) Successful in 51s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-09 17:22:31 +09:00
39dc8e7bd8
dbus: set process group id
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m18s
Test / Data race detector (push) Successful in 3m11s
Test / Flake checks (push) Successful in 40s
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-25 18:12:41 +09:00
eda4d612c2
fortify: keep external files alive
...
Test / Create distribution (push) Successful in 19s
Test / Run NixOS test (push) Successful in 3m10s
This should eliminate sporadic failures, like the known double close in "seccomp".
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 03:24:37 +09:00
d1f83f40d6
helper/bwrap: rename Write to WriteFile
...
Test / Create distribution (push) Successful in 25s
Test / Run NixOS test (push) Successful in 3m25s
In case this might want to be an io.Writer.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-19 00:34:19 +09:00
e599b5583d
fmsg: implement suspend in writer
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 2m18s
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-16 18:51:53 +09:00
1fa5e992e4
helper/bwrap: expose address of DataConfig
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 2m7s
This allows the caller to defer fulfilling its payload.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-16 12:33:59 +09:00
72b0160aad
helper/bwrap: implement file copy flags
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m42s
These are significantly more efficient and less error-prone than mounting an external tmpfile. This should also reduce attack surface as the resulting files are private to its specific sandbox.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-15 03:13:15 +09:00
be7d944b39
helper/bwrap: PositionalArg implement fmt.Stringer
...
Test / Create distribution (push) Successful in 49s
Test / Run NixOS test (push) Successful in 3m28s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-15 00:11:48 +09:00
ace97952cc
helper/bwrap: merge Args and FDArgs
...
Test / Create distribution (push) Successful in 1m13s
Test / Run NixOS test (push) Successful in 4m34s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-14 18:13:06 +09:00
88040504b2
helper/bwrap: remove fmsg import
...
Test / Create distribution (push) Successful in 57s
Test / Run NixOS test (push) Successful in 8m13s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-14 18:05:00 +09:00
fe7d208cf7
helper: use generic extra files interface
...
Test / Create distribution (push) Successful in 1m38s
Test / Run NixOS test (push) Successful in 4m36s
This replaces the pipes object and integrates context into helper process lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 23:34:15 +09:00
60c2873750
helper/proc: cancel ec on parent ctx
...
Test / Create distribution (push) Successful in 1m31s
Test / Run NixOS test (push) Successful in 4m13s
This allows errors written during a timeout to be received and handled.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 23:08:28 +09:00
d1d20c06fb
helper/seccomp: use sync.Once for closeWrite
...
Test / Create distribution (push) Successful in 1m29s
Test / Run NixOS test (push) Successful in 4m13s
This makes the code much cleaner, and eliminates the intermittent ErrInvalid errors.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 22:49:16 +09:00
1e6a059668
helper/seccomp: benchmark exporter
...
Test / Create distribution (push) Successful in 1m44s
Test / Run NixOS test (push) Successful in 4m32s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 22:37:51 +09:00
58eb8f971d
proc/pipe: implement args and stat file
...
Test / Create distribution (push) Successful in 1m30s
Test / Run NixOS test (push) Successful in 4m11s
This is a generic implementation of helper/pipe.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 19:57:24 +09:00
0a1d7c01cd
helper/proc: count dispatched errs
...
Test / Create distribution (push) Successful in 1m28s
Test / Run NixOS test (push) Successful in 3m59s
This helps debug implementation errors of [proc.File].
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 19:55:37 +09:00
60ca1c6c55
helper/proc: store file addresses in linked list
...
Test / Create distribution (push) Successful in 1m28s
Test / Run NixOS test (push) Successful in 4m5s
Storing extra files as a slice requires the caller to allocate a large enough slice before initialising any file and never grow the slice.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 17:42:12 +09:00
099da78af5
helper/seccomp: eliminate data race on pfd
...
Test / Create distribution (push) Successful in 2m10s
Test / Run NixOS test (push) Successful in 4m50s
Turns out the doc comment on os.File was lying about its methods being safe for concurrent use. The race detector picked up a data race from concurrent use of Fd and Close.
This change eliminates that by calling Fd in the prepare routine.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 10:40:51 +09:00
18466cfd02
helper/proc: declare generic extra files interface
...
Test / Create distribution (push) Successful in 1m29s
Test / Run NixOS test (push) Successful in 4m4s
Helpers use extra files for various purposes. This provides a generic interface for implementing the fulfillment of these extra files without having to specifically handle them in the process creation code.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-11 16:34:47 +09:00
e14923ae53
helper/proc: move package out of internal
...
Test / Create distribution (push) Successful in 1m32s
Test / Run NixOS test (push) Successful in 4m6s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-08 13:03:45 +09:00
568d7758d5
helper/seccomp: panic on invalid closeWrite use
...
Test / Create distribution (push) Successful in 1m46s
Test / Run NixOS test (push) Successful in 4m39s
Returning an error here puts exporter in an invalid state. The caller should guard against this condition instead.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-07 12:58:20 +09:00
5b7b3fa9a4
helper/seccomp: implement reader interface via pipe
...
Test / Create distribution (push) Successful in 1m6s
Test / Run NixOS test (push) Successful in 2m44s
This also does not require the libc tmpfile call.
BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-03 19:43:03 +09:00
7b96cd6ded
helper/seccomp: do not call F_println if not verbose
...
Test / Create distribution (push) Successful in 1m42s
Test / Run NixOS test (push) Successful in 3m34s
This (slightly) improves performance.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-25 13:19:38 +09:00
163f15e93f
helper/seccomp: separate seccomp package
...
Test / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m31s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-25 12:59:11 +09:00
37780456a7
helper: block more unusual/privileged syscalls
...
Test / Create distribution (push) Successful in 1m44s
Test / Run NixOS test (push) Successful in 3m35s
These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-25 12:35:47 +09:00
9a239fa1a5
helper/bwrap: integrate seccomp into helper interface
...
Build / Create distribution (push) Successful in 1m36s
Test / Run NixOS test (push) Successful in 3m40s
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-22 01:52:57 +09:00
