fortify

Author	SHA1	Message	Date
Ophestra	24618ab9a1	sandbox: move out of internal All checks were successful Test / Create distribution (push) Successful in 18s Details Test / Fpkg (push) Successful in 2m40s Details Test / Data race detector (push) Successful in 3m13s Details Test / Fortify (push) Successful in 3m1s Details Test / Flake checks (push) Successful in 51s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 02:55:36 +09:00
Ophestra	ee10860357	seccomp: install output atomically All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Successful in 2m33s Details Test / Fpkg (push) Successful in 3m17s Details Test / Data race detector (push) Successful in 4m1s Details Test / Flake checks (push) Successful in 49s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 01:10:27 +09:00
Ophestra	2647a71be1	seccomp: move out of helper All checks were successful Test / Create distribution (push) Successful in 29s Details Test / Fortify (push) Successful in 2m53s Details Test / Fpkg (push) Successful in 4m0s Details Test / Data race detector (push) Successful in 4m9s Details Test / Flake checks (push) Successful in 59s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 22:42:40 +09:00
Ophestra	be7d944b39	helper/bwrap: PositionalArg implement fmt.Stringer All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m28s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 00:11:48 +09:00
Ophestra	88040504b2	helper/bwrap: remove fmsg import All checks were successful Test / Create distribution (push) Successful in 57s Details Test / Run NixOS test (push) Successful in 8m13s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-14 18:05:00 +09:00
Ophestra	fe7d208cf7	helper: use generic extra files interface All checks were successful Test / Create distribution (push) Successful in 1m38s Details Test / Run NixOS test (push) Successful in 4m36s Details This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-13 23:34:15 +09:00
Ophestra	7b96cd6ded	helper/seccomp: do not call F_println if not verbose All checks were successful Test / Create distribution (push) Successful in 1m42s Details Test / Run NixOS test (push) Successful in 3m34s Details This (slightly) improves performance. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 13:19:38 +09:00
Ophestra	163f15e93f	helper/seccomp: separate seccomp package All checks were successful Test / Create distribution (push) Successful in 1m39s Details Test / Run NixOS test (push) Successful in 3m31s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 12:59:11 +09:00
Ophestra	37780456a7	helper: block more unusual/privileged syscalls All checks were successful Test / Create distribution (push) Successful in 1m44s Details Test / Run NixOS test (push) Successful in 3m35s Details These are toggled by F_EXT and exposed as SyscallPolicy.Compat in the Go interface. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 12:35:47 +09:00
Ophestra	9a239fa1a5	helper/bwrap: integrate seccomp into helper interface All checks were successful Build / Create distribution (push) Successful in 1m36s Details Test / Run NixOS test (push) Successful in 3m40s Details This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 01:52:57 +09:00

10 Commits