fortify

Author	SHA1	Message	Date
Ophestra	e6cd2bb2a8	cmd/fpkg: integrate command handler Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-23 23:25:12 +09:00
Ophestra	0fb72e5d99	cmd/fpkg/build: prepend extra nix flags Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-23 20:21:09 +09:00
Ophestra	8bf162820b	nix: separate fsu from package This appears to be the only way to build them with different configuration. This enables static linking in the main package. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-23 18:13:37 +09:00
Ophestra	eb0c16dd8c	cmd/fpkg: rename buildPackage file Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-21 18:13:34 +09:00
Ophestra	4fa1e97026	cmd/fpkg: rename shell to shellPath Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-21 17:50:20 +09:00
Ophestra	90cb01b274	system: move out of internal Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 19:00:43 +09:00
Ophestra	e599b5583d	fmsg: implement suspend in writer This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-16 18:51:53 +09:00
Ophestra	1fd571d561	cmd/fsu: check parse behaviour Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-14 16:43:55 +09:00
Ophestra	be30e2f11e	cmd/fsu: revert offset in error message Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-14 15:31:39 +09:00
Ophestra	134247b57d	nix: configure target users via nixos This makes patching home-manager no longer necessary. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-23 17:04:19 +09:00
Ophestra	580128922b	cmd/fpkg: expose syscall policy options Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 12:01:30 +09:00
Ophestra	7baca66a56	proc: remove duplicate compile-time fortify reference This is no longer needed since shim and init are now part of the main program. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:59:33 +09:00
Ophestra	27d2914286	proc/priv/init: merge init into main program Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:47:01 +09:00
Ophestra	ea8f228af3	proc/priv/shim: merge shim into main program Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 23:43:32 +09:00
Ophestra	124743ffd3	app: expose single run method App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-15 23:39:51 +09:00
Ophestra	22a4b99674	cmd/fpkg/install: deduplicate nix store Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-30 02:25:04 +09:00
Ophestra	1464ef774b	cmd/fpkg: expose nixGL wrappers Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-30 02:02:20 +09:00
Ophestra	66ba4cea5c	cmd/fpkg: remove workDir acl from activation Activation does not require access to workDir, and by this point all information is available in dataHome. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 23:48:45 +09:00
Ophestra	f8d0786509	cmd/fpkg: include nixGL source in inner store Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 23:37:11 +09:00
Ophestra	aff80b6b00	cmd/fpkg: optional network access when invoking with nix daemon This is useful for building nixGL. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 18:32:44 +09:00
Ophestra	a98a176907	cmd/fpkg: bind and document more gpu devices Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 18:25:26 +09:00
Ophestra	5302879b88	cmd/fpkg: improve readability of fortify invocations Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 17:55:56 +09:00
Ophestra	891b3cbde7	cmd/fpkg: compare all three store paths Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 17:10:41 +09:00
Ophestra	c795293f36	cmd/fpkg: clean up broken links before activation Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 15:21:40 +09:00
Ophestra	c1a459a0b1	cmd/fpkg/start: correct drop to shell wording Activation no longer happens during application startup. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 00:56:14 +09:00
Ophestra	e0e2f40e84	cmd/fpkg: app bundle helper This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 13:21:49 +09:00
Ophestra	9b206072fa	cmd/fshim: ensure data directory Ensuring home directory in shim causes the directory to be owned by the target user. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-28 14:39:01 +09:00
Ophestra	0a2aa5823b	cmd/fshim: bind finit inside sandbox The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-27 14:44:57 +09:00
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	52f21a19f3	cmd/fshim: switch to setup pipe The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 19:39:25 +09:00
Ophestra Umiker	7be53a2438	cmd/fshim: switch to generic setup func Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 17:20:31 +09:00
Ophestra Umiker	f69e8e753e	cmd/finit: switch to generic receive func Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 16:49:19 +09:00
Ophestra Umiker	b453f70ca2	cmd/fsu: check uid range before syscall This limits potential exploits to the fortify uid range. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 13:01:36 +09:00
Ophestra Umiker	33c95b80ca	cmd/fuserdb: rename home directories Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 20:23:46 +09:00
Ophestra Umiker	cc816a1aaa	proc: cleaner extra files Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 16:05:04 +09:00
Ophestra Umiker	b3ef53b193	app: integrate security-context-v1 Should be able to get rid of XDG_RUNTIME_DIR share after this. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:25:33 +09:00
Ophestra Umiker	ae2628e57a	cmd/fshim/ipc: install signal handler on shim start Getting killed at this point will result in inconsistent state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 13:33:46 +09:00
Ophestra Umiker	2e23cef7bb	cmd/fuserdb: generate group entries Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:31:06 +09:00
Ophestra Umiker	6a6d30af1f	cmd/fuserdb: systemd userdb drop-in entries generator This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 02:16:02 +09:00
Ophestra Umiker	df33123bd7	app: integrate fsu This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
Ophestra Umiker	45fead18c3	cmd/fshim: set no_new_privs flag Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-09 11:50:56 +09:00
Ophestra Umiker	88abcbe0b2	cmd/fsu: remove import of internal package Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 12:32:14 +09:00
Ophestra Umiker	8cd3651bb6	cmd/fshim/ipc: friendly setup timeout message This message eventually gets returned by the app's Start method, so they should be wrapped to provide a friendly message. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-03 02:03:30 +09:00
Ophestra Umiker	584732f80a	cmd: shim and init into separate binaries This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
Ophestra Umiker	aa1f96eeeb	fsu: check parent executable path Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 18:52:23 +09:00
Ophestra Umiker	d9cb2a9f2b	fsu: implement simple setuid user switcher Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 00:02:34 +09:00

46 Commits

No results found.