fortify

Author	SHA1	Message	Date
Ophestra	4230281194	sandbox: return error on doubled start All checks were successful Test / Create distribution (push) Successful in 18s Details Test / Fpkg (push) Successful in 35s Details Test / Fortify (push) Successful in 38s Details Test / Data race detector (push) Successful in 36s Details Test / Flake checks (push) Successful in 58s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 03:30:14 +09:00
Ophestra	e64e7608ca	sandbox: expose cancel behaviour All checks were successful Test / Create distribution (push) Successful in 40s Details Test / Fpkg (push) Successful in 11m53s Details Test / Fortify (push) Successful in 1m57s Details Test / Data race detector (push) Successful in 2m33s Details Test / Flake checks (push) Successful in 58s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 03:04:27 +09:00
Ophestra	2647a71be1	seccomp: move out of helper All checks were successful Test / Create distribution (push) Successful in 29s Details Test / Fortify (push) Successful in 2m53s Details Test / Fpkg (push) Successful in 4m0s Details Test / Data race detector (push) Successful in 4m9s Details Test / Flake checks (push) Successful in 59s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 22:42:40 +09:00
Ophestra	f41fd94628	sandbox: write uid/gid map as init All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m30s Details Test / Fpkg (push) Successful in 3m21s Details Test / Data race detector (push) Successful in 3m39s Details Test / Flake checks (push) Successful in 48s Details This avoids PR_SET_DUMPABLE in the parent process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 17:42:22 +09:00
Ophestra	94895bbacb	sandbox: invert seccomp ruleset defaults All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Successful in 2m31s Details Test / Fpkg (push) Successful in 3m20s Details Test / Data race detector (push) Successful in 3m35s Details Test / Flake checks (push) Successful in 50s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:38:32 +09:00
Ophestra	a092b042ab	sandbox: pass params to setup ops All checks were successful Test / Create distribution (push) Successful in 20s Details Test / Fortify (push) Successful in 2m5s Details Test / Fpkg (push) Successful in 3m26s Details Test / Data race detector (push) Successful in 3m49s Details Test / Flake checks (push) Successful in 55s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:11:38 +09:00
Ophestra	9b1a60b5c9	sandbox: native container tooling All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m28s Details Test / Fpkg (push) Successful in 3m23s Details Test / Data race detector (push) Successful in 3m35s Details Test / Flake checks (push) Successful in 48s Details This should eventually replace bwrap. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 21:36:26 +09:00

7 Commits