Commit Graph

395 Commits

Author SHA1 Message Date
3c55fc8e86
proc/priv/shim: do not log bwrap args
This message is very long and does not serve much real purpose. Remove it to de-clutter verbose messages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-20 19:51:28 +09:00
eb0ef2d115
helper/bwrap: generic extra file interface
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-20 00:20:04 +09:00
2f70506865
helper/bwrap: move sync to helper state
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-19 18:38:13 +09:00
cae567c109
proc/priv/shim: remove unnecessary state
These values are only used during process creation.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-19 18:09:07 +09:00
1ec901f79e
release: 0.2.10
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 22:50:08 +09:00
715addaccd
helper/bwrap: append --sync-fd before --
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 12:30:03 +09:00
b31d055e20
proc/priv/init: early init check
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 12:33:33 +09:00
7baca66a56
proc: remove duplicate compile-time fortify reference
This is no longer needed since shim and init are now part of the main program.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 11:59:33 +09:00
27d2914286
proc/priv/init: merge init into main program
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 11:47:01 +09:00
ea8f228af3
proc/priv/shim: merge shim into main program
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-17 23:43:32 +09:00
16db3dabe2
internal: do PR_SET_PDEATHSIG once
This prctl affects the entire process, doing it on every OS thread is pointless.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-17 23:08:46 +09:00
c4de450217
nix: do not force static linking on nix
In a typical Nix or NixOS-based setup, the entire /nix/store directory is available to the sandbox.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-17 22:56:16 +09:00
b60c01f440
fortify: switch to static linking
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-16 17:32:52 +09:00
124743ffd3
app: expose single run method
App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-15 23:39:51 +09:00
be4d8b6300
release: 0.2.9
This release mostly contains permissive defaults fixes and optimisations. It also contains a proof of concept version of fpkg.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-15 13:14:43 +09:00
3e11ce6868
helper/bwrap: separate sequential/static args
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-15 13:07:06 +09:00
562f5ed797
fst: hide sockets exposed via Filesystem
This is mostly useful for permissive defaults.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-15 10:13:18 +09:00
db03565614
fst: move sandbox struct to separate file
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-15 09:42:44 +09:00
7d99e45b88
helper/bwrap: register OverlayConfig with gob
This is required for copying bwrap configurations across processes.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-14 12:25:10 +09:00
1651eb06df
dbus: implement dbus_parse_address
This parses D-Bus addresses according to spec. It does significantly fewer copies than dbus_parse_address.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-12 23:24:03 +09:00
ac543a1ce8
dbus: rename makeTestCases
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-12 23:21:28 +09:00
e2489059c1
helper/bwrap: implement overlayfs builder
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-05 20:09:35 +09:00
2e3f6a4c51
helper/bwrap: move test out of bwrap package
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-05 19:45:24 +09:00
2162029f46
helper/bwrap: add json struct tag to filesystem
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-05 19:41:04 +09:00
a1148edd00
fst/config: allocate filesystem slice
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-04 00:16:41 +09:00
6acd0d4e88
linux/std: handle fsu exit status 1
Printing "exit status 1" is confusing. This handles the ExitError and returns EACCES instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-01 21:34:57 +09:00
35b7142317
fortify: show system info when instance is not specified
This contains useful information not obtainable by external tools.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-01 19:35:50 +09:00
c4d6651cae
update reverse-DNS style identifiers
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-31 16:16:38 +09:00
22a4b99674
cmd/fpkg/install: deduplicate nix store
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-30 02:25:04 +09:00
1464ef774b
cmd/fpkg: expose nixGL wrappers
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-30 02:02:20 +09:00
66ba4cea5c
cmd/fpkg: remove workDir acl from activation
Activation does not require access to workDir, and by this point all information is available in dataHome.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 23:48:45 +09:00
f8d0786509
cmd/fpkg: include nixGL source in inner store
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 23:37:11 +09:00
56a73bb019
nix: create nixpkgs symlink
This is included as part of the system as nixGL needs to be built somewhere between activation and start.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 23:23:11 +09:00
fb8abf63db
nix: update flake lock
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 23:14:16 +09:00
63802c5f0d
nix: nixos test create parent directory
This tests directory creation in shim.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 22:36:53 +09:00
aff80b6b00
cmd/fpkg: optional network access when invoking with nix daemon
This is useful for building nixGL.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 18:32:44 +09:00
a98a176907
cmd/fpkg: bind and document more gpu devices
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 18:25:26 +09:00
5302879b88
cmd/fpkg: improve readability of fortify invocations
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 17:55:56 +09:00
891b3cbde7
cmd/fpkg: compare all three store paths
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 17:10:41 +09:00
c795293f36
cmd/fpkg: clean up broken links before activation
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 15:21:40 +09:00
42e1043300
nix: set home-manager user information
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 15:11:36 +09:00
5416b07daa
nix: remove unused argument 'self'
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 14:49:55 +09:00
e57a0e9bf2
nix: rename fortifyBundle to buildPackage
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 14:35:37 +09:00
ab48706ebe
dist: install fpkg to /usr/bin
This is a high level user-facing tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 01:04:53 +09:00
c1a459a0b1
cmd/fpkg/start: correct drop to shell wording
Activation no longer happens during application startup.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 00:56:14 +09:00
5125e96ecf
nix: generate application package build script
This takes some metadata, sandbox options, a launch script and a list of home-manager modules. The result needs to be executed in an environment with nix daemon access, and it produces the final package file.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 00:42:21 +09:00
e0e2f40e84
cmd/fpkg: app bundle helper
This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 13:21:49 +09:00
bf8094c6ca
internal: include path to fortify main program
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 12:48:48 +09:00
2e3bb1893e
release: 0.2.8
This release mostly fixes bugs uncovered when running fortify on a generic linux distribution.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-29 01:09:47 +09:00
9b206072fa
cmd/fshim: ensure data directory
Ensuring home directory in shim causes the directory to be owned by the target user.

Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-28 14:39:01 +09:00