fortify

Author	SHA1	Message	Date
Ophestra Umiker	3f993021f8	nix: permissive defaults nixos test All checks were successful test / test (push) Successful in 37s Details Adapted from nixos sway integration tests. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 22:56:10 +09:00
Ophestra Umiker	4d3bd5338f	nix: implement flake checks All checks were successful test / test (push) Successful in 36s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 20:54:28 +09:00
Ophestra Umiker	138666d753	nix: skip acl test All checks were successful test / test (push) Successful in 39s Details The nix build environment does not support ACLs. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 19:29:01 +09:00
Ophestra Umiker	f4628e181b	acl: create test file in tmpdir All checks were successful test / test (push) Successful in 37s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 18:58:09 +09:00
Ophestra Umiker	c8a90666c5	acl: refactor and clean up All checks were successful test / test (push) Successful in 37s Details Move all C code to c.go, switch to pkg-config, set up finalizer for acl. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 18:27:19 +09:00
Ophestra Umiker	ee41b37606	acl: add tests All checks were successful test / test (push) Successful in 37s Details These tests test UpdatePerm correctness by parsing getfacl output. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-16 16:00:31 +09:00
Ophestra Umiker	e3f1d7ba60	release: 0.2.2 All checks were successful release / release (push) Successful in 44s Details test / test (push) Successful in 35s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 21:47:22 +09:00
Ophestra Umiker	39e3ac3ccd	nix: require /etc/userdb nix-daemon All checks were successful test / test (push) Successful in 36s Details There seems to be some kind of credential caching in nix-daemon. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 21:07:57 +09:00
Ophestra Umiker	33c95b80ca	cmd/fuserdb: rename home directories All checks were successful test / test (push) Successful in 36s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 20:23:46 +09:00
Ophestra Umiker	40cc8a68d1	nix: rename home directories All checks were successful test / test (push) Successful in 38s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 20:15:37 +09:00
Ophestra Umiker	f773c92411	system: prevent duplicate Wayland op All checks were successful test / test (push) Successful in 36s Details Wayland is implemented as an Op to enforce dependency and cleanup, its implementation does not allow multiple instances on a single sys object, nor would doing that make any sense. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 19:45:37 +09:00
Ophestra Umiker	16ab734fcd	update README document All checks were successful test / test (push) Successful in 37s Details A lot of this information is no longer true since fsu. Remove them for now and write up proper documentation later. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 17:04:36 +09:00
Ophestra Umiker	cc816a1aaa	proc: cleaner extra files All checks were successful test / test (push) Successful in 37s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 16:05:04 +09:00
Ophestra Umiker	b3ef53b193	app: integrate security-context-v1 All checks were successful test / test (push) Successful in 37s Details Should be able to get rid of XDG_RUNTIME_DIR share after this. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:25:33 +09:00
Ophestra Umiker	8d0573405a	helper/bwrap: implement sync fd All checks were successful test / test (push) Successful in 38s Details This is required by wayland security-context-v1. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:21:37 +09:00
Ophestra Umiker	38e92edb8e	system/wayland: integrate security-context-v1 All checks were successful test / test (push) Successful in 37s Details Had to pass the sync fd through sys. The rest are just part of a standard Op. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:20:15 +09:00
Ophestra Umiker	2d606b1f4b	wl: implement security-context-v1 All checks were successful test / test (push) Successful in 38s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:15:13 +09:00
Ophestra Umiker	1b5b089c78	fortify: rename --dbus-id to --id All checks were successful test / test (push) Successful in 19s Details This value is no longer specific to D-Bus defaults. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 03:26:09 +09:00
Ophestra Umiker	6b8ddca7b4	nix: track nixos stable 24.11 All checks were successful test / test (push) Successful in 25s Details Reduce rebuilds during development on my system. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 00:44:04 +09:00
Ophestra Umiker	95668ac998	nix: expose no_new_session in module All checks were successful test / test (push) Successful in 14s Details Useful for shells and terminal programs like chat clients. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-28 00:19:06 +09:00
Ophestra Umiker	b291f0b710	app: add nixos-based config test case All checks were successful test / test (push) Successful in 20s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-21 12:13:21 +09:00
Ophestra Umiker	3a20b149ce	update README document All checks were successful test / test (push) Successful in 26s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-21 11:22:34 +09:00
Ophestra Umiker	30b8bce90a	fortify: zsh completion All checks were successful test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-20 01:25:19 +09:00
Ophestra Umiker	de0d78daae	release: 0.2.1 All checks were successful release / release (push) Successful in 1m4s Details test / test (push) Successful in 20s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 21:03:50 +09:00
Ophestra Umiker	6bf33ce507	fortify: use resolved username All checks were successful test / test (push) Successful in 21s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 21:03:09 +09:00
Ophestra Umiker	9faf3b3596	app: validate username All checks were successful test / test (push) Successful in 23s Details This value is used for passwd generation. Bad input can cause very confusing issues. This is not a security issue, however validation will improve user experience. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 21:01:41 +09:00
Ophestra Umiker	d99c8b1fb4	release: 0.2.0 All checks were successful release / release (push) Successful in 44s Details test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 18:15:09 +09:00
Ophestra Umiker	6e4870775f	update README document All checks were successful test / test (push) Successful in 20s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 18:14:06 +09:00
Ophestra Umiker	0a546885e3	nix: update options doc All checks were successful test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 18:12:35 +09:00
Ophestra Umiker	653d69da0a	nix: module descriptions All checks were successful test / test (push) Successful in 24s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 18:10:57 +09:00
Ophestra Umiker	f8256137ae	nix: separate module options from implementation All checks were successful test / test (push) Successful in 25s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 17:08:22 +09:00
Ophestra Umiker	54b47b0315	nix: copy pixmaps directory to share package All checks were successful test / test (push) Successful in 21s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 14:46:08 +09:00
Ophestra Umiker	ae2628e57a	cmd/fshim/ipc: install signal handler on shim start All checks were successful test / test (push) Successful in 20s Details Getting killed at this point will result in inconsistent state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 13:33:46 +09:00
Ophestra Umiker	c026a4b5dc	fortify: permissive defaults resolve home directory from os All checks were successful test / test (push) Successful in 21s Details When starting with the permissive defaults "run" command, attempt to resolve home directory from os by default and fall back to /var/empty. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 13:01:07 +09:00
Ophestra Umiker	748a0ae2c8	nix: wrap program from libexec All checks were successful test / test (push) Successful in 24s Details This avoids renaming the fortify binary. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 12:58:47 +09:00
Ophestra Umiker	8f3f0c7bbf	nix: integrate dynamic users All checks were successful test / test (push) Successful in 21s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 02:49:48 +09:00
Ophestra Umiker	05b7dbf066	app: alternative inner home path All checks were successful test / test (push) Successful in 24s Details Support binding home to an alternative path in the mount namespace. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 00:18:21 +09:00
Ophestra Umiker	866270ff05	fmsg: add to wg prior to enqueue All checks were successful test / test (push) Successful in 27s Details Adding after channel write is racy. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:50:02 +09:00
Ophestra Umiker	c1fad649e8	app/start: check for cleanup and abort condition All checks were successful test / test (push) Successful in 21s Details Dirty fix. Will rewrite after fsu integration complete. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:41:52 +09:00
Ophestra Umiker	b5f01ef20b	app: append # for ChangeHosts message with numerical uid All checks were successful test / test (push) Successful in 21s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:40:37 +09:00
Ophestra Umiker	2e23cef7bb	cmd/fuserdb: generate group entries Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:31:06 +09:00
Ophestra Umiker	6a6d30af1f	cmd/fuserdb: systemd userdb drop-in entries generator All checks were successful test / test (push) Successful in 20s Details This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 02:16:02 +09:00
Ophestra Umiker	df33123bd7	app: integrate fsu All checks were successful test / test (push) Successful in 21s Details This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
Ophestra Umiker	1a09b55bd4	nix: remove portal paths from default All checks were successful test / test (push) Successful in 27s Details Despite presenting itself as a generic desktop integration interface, xdg-desktop portal is highly flatpak-centric and only supports flatpak and snap in practice. It is a significant attack surface to begin with as it is a privileged process which accepts input from unprivileged processes, and the lack of support for anything other than fortify also introduces various information leaks when exposed to fortify as it treats fortified programs as unsandboxed, privileged programs in many cases. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-10 22:24:17 +09:00
Ophestra Umiker	9a13b311ac	app/config: rename map_real_uid from use_real_uid All checks were successful test / test (push) Successful in 19s Details This option only changes mapped uid in the user namespace. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-09 12:01:34 +09:00
Ophestra Umiker	45fead18c3	cmd/fshim: set no_new_privs flag Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-09 11:50:56 +09:00
Ophestra Umiker	431aa32291	nix: remove absolute Exec paths All checks were successful test / test (push) Successful in 26s Details Absolute paths set for Exec causes the program to be launched as the privileged user. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-08 02:05:47 +09:00
Ophestra Umiker	3962705126	nix: keep fshim and finit names All checks were successful test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 14:59:28 +09:00
Ophestra Umiker	ad80be721b	nix: improve start script All checks were successful test / test (push) Successful in 23s Details Zsh store path in shebang. Replace writeShellScript with writeScript since runtimeShell is not overridable. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 14:09:41 +09:00
Ophestra Umiker	f831948bca	release: 0.1.0 All checks were successful release / release (push) Successful in 28s Details test / test (push) Successful in 21s Details This release significantly changes the command line interface, and updates the NixOS module to finally produce meaningful sandbox configuration. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 04:37:43 +09:00

1 2 3 4 5 ...

267 Commits