fortify

Author	SHA1	Message	Date
Ophestra Umiker	08ce7f4a1f	cmd/fuserdb: systemd userdb drop-in entries generator All checks were successful test / test (push) Successful in 21s Details This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 02:03:18 +09:00
Ophestra Umiker	df33123bd7	app: integrate fsu All checks were successful test / test (push) Successful in 21s Details This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
Ophestra Umiker	3962705126	nix: keep fshim and finit names All checks were successful test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 14:59:28 +09:00
Ophestra Umiker	f831948bca	release: 0.1.0 All checks were successful release / release (push) Successful in 28s Details test / test (push) Successful in 21s Details This release significantly changes the command line interface, and updates the NixOS module to finally produce meaningful sandbox configuration. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 04:37:43 +09:00
Ophestra Umiker	cfd05b10f1	release: 0.0.11 All checks were successful release / release (push) Successful in 28s Details test / test (push) Successful in 19s Details This will be the final release before major command line interface changes. This version is tagged as it contains many fixes that still impacts the permissive defaults usage pattern. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 13:46:47 +09:00
Ophestra Umiker	88abcbe0b2	cmd/fsu: remove import of internal package All checks were successful test / test (push) Successful in 24s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 12:32:14 +09:00
Ophestra Umiker	584732f80a	cmd: shim and init into separate binaries All checks were successful test / test (push) Successful in 19s Details This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
Ophestra Umiker	563c39c2d9	release: 0.0.10 All checks were successful release / release (push) Successful in 24s Details test / test (push) Successful in 19s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 20:38:10 +09:00
Ophestra Umiker	aa1f96eeeb	fsu: check parent executable path All checks were successful test / test (push) Successful in 19s Details Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 18:52:23 +09:00
Ophestra Umiker	d9cb2a9f2b	fsu: implement simple setuid user switcher Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 00:02:34 +09:00
Ophestra Umiker	6d8bcb63f2	release: 0.0.9 All checks were successful release / release (push) Successful in 27s Details test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-27 01:25:24 +09:00
Ophestra Umiker	2f34627d37	release: 0.0.8 All checks were successful release / release (push) Successful in 31s Details test / test (push) Successful in 20s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-27 00:49:50 +09:00
Ophestra Umiker	133f23e0de	release: 0.0.7 All checks were successful release / release (push) Successful in 21s Details test / test (push) Successful in 11s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-20 19:50:59 +09:00
Ophestra Umiker	ecce832d93	release: 0.0.6 All checks were successful release / release (push) Successful in 1m46s Details test / test (push) Successful in 1m39s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-18 01:26:42 +09:00
Ophestra Umiker	4ebb98649e	release: 0.0.5 All checks were successful release / release (push) Successful in 1m26s Details test / test (push) Successful in 3m6s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-17 20:48:41 +09:00
Ophestra Umiker	689f5bed57	release: 0.0.4 All checks were successful release / release (push) Successful in 1m32s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-15 02:56:49 +09:00
Ophestra Umiker	41a7eb567e	release: 0.0.3 All checks were successful release / release (push) Successful in 2m38s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-14 02:31:11 +09:00
Ophestra Umiker	f4c44a9441	release: 0.0.2 All checks were successful release / release (push) Successful in 2m15s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-10 00:13:06 +09:00
Ophestra Umiker	22dfa73efe	release: 0.0.1 All checks were successful release / release (push) Successful in 1m51s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 20:48:38 +09:00
Ophestra Umiker	996bf67ac2	release: 0.0.0-beta.5 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-28 00:25:16 +09:00
Ophestra Umiker	a75229991c	nix: make bubblewrap available in PATH Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-23 18:21:12 +09:00
Ophestra Umiker	9a9fcdb9ec	release: 0.0.0-beta.4 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-22 01:18:47 +09:00
Ophestra Umiker	2763ec730e	release: 0.0.0-beta.3 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-17 23:17:39 +09:00
Ophestra Umiker	6a6f62efa6	release: 0.0.0-beta.2 This project started as a Go implementation of https://github.com/intgr/ego. That is clearly no longer what it is anymore and the tagged releases no longer made sense, so we're going back to v0. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-16 20:41:02 +09:00
Ophestra Umiker	c1bfe2cd74	release: 1.1.0 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-09 05:14:53 +09:00
Ophestra Umiker	cdc08817a7	nix: add xdg-dbus-proxy to PATH via wrapProgram Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-09 04:37:12 +09:00
Ophestra Umiker	58d3a1fbc7	release: 1.0.4 Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-04 19:57:47 +09:00
Ophestra Umiker	945cce2f5e	nix: implement nixos module Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-04 17:03:21 +09:00

28 Commits