fortify

Author	SHA1	Message	Date
Ophestra Umiker	b752ec4468	fipc: export config struct All checks were successful Tests / Go tests (push) Successful in 1m12s Details Nix / NixOS tests (push) Successful in 10m51s Details Also store full config as part of state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 13:45:55 +09:00
Ophestra Umiker	b3ef53b193	app: integrate security-context-v1 All checks were successful test / test (push) Successful in 37s Details Should be able to get rid of XDG_RUNTIME_DIR share after this. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:25:33 +09:00
Ophestra Umiker	b291f0b710	app: add nixos-based config test case All checks were successful test / test (push) Successful in 20s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-21 12:13:21 +09:00
Ophestra Umiker	05b7dbf066	app: alternative inner home path All checks were successful test / test (push) Successful in 24s Details Support binding home to an alternative path in the mount namespace. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 00:18:21 +09:00
Ophestra Umiker	df33123bd7	app: integrate fsu All checks were successful test / test (push) Successful in 21s Details This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
Ophestra Umiker	3dfc1fcd56	app: support full /dev access All checks were successful test / test (push) Successful in 22s Details Also moved /dev/fortify to /fortify since it is impossible to create new directories in /dev from the init namespace and bind mounting its contents has undesirable side effects. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 03:49:39 +09:00
Ophestra Umiker	69cc64ef56	linux: provide access to stdout All checks were successful test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 22:55:46 +09:00
Ophestra Umiker	fc25ac2523	app: separate auto etc from permissive defaults All checks were successful test / test (push) Successful in 23s Details Populating /etc with symlinks is quite useful even outside the permissive defaults usage pattern. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 22:18:05 +09:00
Ophestra Umiker	7962681f4a	app: format mapped uid instead of real uid All checks were successful test / test (push) Successful in 19s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 00:49:32 +09:00
Ophestra Umiker	584732f80a	cmd: shim and init into separate binaries All checks were successful test / test (push) Successful in 19s Details This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
Ophestra Umiker	51e84ba8a5	system/dbus: compare sealed value by string All checks were successful test / test (push) Successful in 19s Details Stringer method of dbus.Proxy returns a string representation of its args stream when sealed. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-27 12:09:34 +09:00
Ophestra Umiker	7df9d8d01d	system: move sd_booted implementation to os abstraction This implements lazy loading of the systemd marker (they are not accessed in init and shim) and ensures consistent behaviour when running with a stub. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-27 12:09:34 +09:00
Ophestra Umiker	093e99d062	app: separate nixos test cases from tests All checks were successful test / test (push) Successful in 20s Details Test cases are very long, separating them improves editor performance. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-25 17:44:29 +09:00

13 Commits