fortify

Author	SHA1	Message	Date
Ophestra	72b0160aad	helper/bwrap: implement file copy flags All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m42s Details These are significantly more efficient and less error-prone than mounting an external tmpfile. This should also reduce attack surface as the resulting files are private to its specific sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 03:13:15 +09:00
Ophestra	ace97952cc	helper/bwrap: merge Args and FDArgs All checks were successful Test / Create distribution (push) Successful in 1m13s Details Test / Run NixOS test (push) Successful in 4m34s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-14 18:13:06 +09:00
Ophestra	2f70506865	helper/bwrap: move sync to helper state All checks were successful Build / Create distribution (push) Successful in 1m25s Details Test / Run NixOS test (push) Successful in 3m33s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-19 18:38:13 +09:00
Ophestra	3e11ce6868	helper/bwrap: separate sequential/static args All checks were successful Tests / Go tests (push) Successful in 41s Details Nix / NixOS tests (push) Successful in 3m59s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-15 13:07:06 +09:00
Ophestra	e2489059c1	helper/bwrap: implement overlayfs builder All checks were successful Tests / Go tests (push) Successful in 33s Details Nix / NixOS tests (push) Successful in 4m5s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-05 20:09:35 +09:00
Ophestra	2e3f6a4c51	helper/bwrap: move test out of bwrap package All checks were successful Tests / Go tests (push) Successful in 36s Details Nix / NixOS tests (push) Successful in 4m51s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-05 19:45:24 +09:00
Ophestra Umiker	184a5f29fa	helper/bwrap: add fortify permissive default test case Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-15 02:56:13 +09:00
Ophestra Umiker	2faf510146	helper/bwrap: ordered filesystem args The argument builder was written based on the incorrect assumption that bwrap arguments are unordered. The argument builder is replaced in this commit to correct that mistake. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-15 02:15:55 +09:00
Ophestra Umiker	713872a5cd	helper/bwrap: move interfaceArgs before stringArgs Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-11 04:12:47 +09:00
Ophestra Umiker	b99ed94386	helper/bwrap: pass --unshare-user when unshare everything Bubblewrap apparently requires --unshare-user even when --unshare-all is set to apply --disable-userns. This behaviour is not clearly documented. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 00:22:48 +09:00
Ophestra Umiker	6a2802cf30	helper: move bwrap into helper Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-07 14:40:35 +09:00

11 Commits