fortify

Author	SHA1	Message	Date
Ophestra	52fcc48ac1	sandbox/init: drop capabilities During development the syscall filter caused me to make an incorrect assumption about SysProcAttr. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 06:32:08 +09:00
Ophestra	8b69bcd215	sandbox: cache kernel.cap_last_cap value Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 06:19:19 +09:00
Ophestra	2dd49c437c	app: create XDG_RUNTIME_DIR with perm 0700 Many programs complain about this. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 02:49:37 +09:00
Ophestra	92852d8235	release: 0.3.0 Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 02:18:59 +09:00
Ophestra	371dd5b938	nix: create current-system symlink This is copied at runtime because it appears to be impossible to obtain this path in nix. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 02:06:11 +09:00
Ophestra	4836d570ae	test: raise long timeout to 15 seconds The race detector really slows down container tooling. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 01:59:05 +09:00
Ophestra	985f9442e6	sandbox: copy symlink with magic prefix This does not dereference the symlink, but only reads one level of it. This is useful for symlink targets that are not yet known at the time the configuration is emitted. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-26 01:42:39 +09:00
Ophestra	67eb28466d	nix: create opengl-driver symlink Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 20:52:20 +09:00
Ophestra	c326c3f97d	fst/sandbox: do not create /etc in advance This is now handled by the setup op. This also gets rid of the hardcoded /etc path. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 20:00:34 +09:00
Ophestra	971c79bb80	sandbox: remove hardcoded parent perm Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 19:49:51 +09:00
Ophestra	f86d868274	sandbox: wrap error with its own text message PathError has a pretty good text message, many of them are wrapped with its own text message. This change adds a function to do just that to improve readability. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 19:42:20 +09:00
Ophestra	33940265a6	sandbox: do not ensure symlink target This masks EEXIST on target and might clobber filesystems and lead to other confusing behaviour. Create its parent instead. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 19:30:53 +09:00
Ophestra	b39f3aeb59	helper: remove bubblewrap wrapper Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 05:35:02 +09:00
Ophestra	61dbfeffe7	sandbox/wl: move into sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 05:26:37 +09:00
Ophestra	532feb4bfa	app: merge shim into app package Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 05:21:47 +09:00
Ophestra	ec5e91b8c9	system: optimise string formatting Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 04:42:30 +09:00
Ophestra	ee51320abf	test: check revert type selection Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 04:37:58 +09:00
Ophestra	5c4058d5ac	app: run in native sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 01:52:49 +09:00
Ophestra	e732dca762	wl: fix sync pipe keepalive Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 01:33:37 +09:00
Ophestra	a9adcd914b	fortify/parse: omit try fd fallthrough message This reduces noise in verbose output. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 01:21:11 +09:00
Ophestra	3dd4ff29c8	test/sandbox: check mount table length Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:36:53 +09:00
Ophestra	61d86c5e10	test/sandbox: fix stdout tty check Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:23:50 +09:00
Ophestra	d097eaa28f	test/sandbox: unquote fail messages Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:03:53 +09:00
Ophestra	ad3576c164	sandbox: resolve tty name Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:03:07 +09:00
Ophestra	b989a4601a	test/sandbox: fail on mismatched mount entry Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 13:43:32 +09:00
Ophestra	a11237b158	sandbox/vfs: add doc comments Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 13:21:55 +09:00
Ophestra	40f00d570e	sandbox: set mkdir perm Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 12:51:39 +09:00
Ophestra	0eb1bc6301	test/sandbox: verify outcome via mountinfo Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 01:42:38 +09:00
Ophestra	1eb837eab8	test/sandbox: warn about misuse in doc comment Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 23:28:28 +09:00
Ophestra	0a4e633db2	nix: filter test from source Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 22:20:19 +09:00
Ophestra	e8809125d4	sandbox: verify outcome via mountinfo This contains much more information than /proc/mounts and allows for more fields to be checked. This also removes the dependency on the test package. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 22:17:36 +09:00
Ophestra	806ce18c0a	test/sandbox: check mapuid outcome Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:56:07 +09:00
Ophestra	b71d2bf534	test/sandbox: check tty outcome This makes no difference currently but has different behaviour in the native sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:28:57 +09:00
Ophestra	46059b1840	test/sandbox: print mismatching file content Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:24:52 +09:00
Ophestra	d2c329bcea	test: format path aid offsets Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 17:21:14 +09:00
Ophestra	2d379b5a38	test/sandbox: pass want file as argument This avoids building the check program multiple times. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 15:00:59 +09:00
Ophestra	75e0c5d406	test/sandbox: parse full test case This makes declaring multiple tests much cleaner. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 14:53:50 +09:00
Ophestra	770b37ae16	sandbox/vfs: match MS_NOSYMFOLLOW flag Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 13:57:30 +09:00
Ophestra	c638193268	sandbox: apply vfs options to bind mounts Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 05:27:57 +09:00
Ophestra	8c3a817881	sandbox/vfs: unfold mount hierarchy This presents all visible mount points under path. This is useful for applying extra vfs options to bind mounts. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 05:23:31 +09:00
Ophestra	e2fce321c1	sandbox/vfs: expose mountinfo line scanning Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 02:46:58 +09:00
Ophestra	241702ae3a	go: 1.23 Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-22 18:20:06 +09:00
Ophestra	d21d9c5b1d	sandbox/vfs: parse vfs options Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 17:12:10 +09:00
Ophestra	a70daf2250	sandbox: resolve inverted flags in op Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 12:58:38 +09:00
Ophestra	632b18addd	test/sandbox: rename misleading bind destination Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 12:56:11 +09:00
Ophestra	a57a7a6a16	test/sandbox: check type handling host_passthrough Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 12:21:08 +09:00
Ophestra	5098b12e4a	sandbox/vfs: count mountinfo entries Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 12:14:33 +09:00
Ophestra	9ddf5794dd	sandbox/vfs: implement proc_pid_mountinfo(5) parser Test cases are mostly taken from util-linux. This implementation is more correct and slightly faster than the one found in github:kubernetes/utils. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 00:35:49 +09:00
Ophestra	b74a08dda9	sandbox: prepare ops early Some setup code needs to run in host root. This change allows that to happen. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-18 02:17:46 +09:00
Ophestra	1b9408864f	sandbox: pass cmd to cancel function This is not usually in scope otherwise. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 22:36:39 +09:00

1 2 3 4 5 ...

681 Commits