security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases36 Wiki Activity
478 Commits 5 Branches 36 Tags 5 MiB
82a072f641
Commit Graph

11 Commits

Author SHA1 Message Date
Ophestra
468696f611
internal: beforeExit before reachable fatal calls 
These are the only two calls to log.Fatal* reachable during suspended output. Call fmsg.BeforeExit here to catch that.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 19:03:34 +09:00
Ophestra
e599b5583d
fmsg: implement suspend in writer 
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 18:51:53 +09:00
Ophestra
ea8d1c07df
priv/shim: move /sbin/init setup to app 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-15 03:06:10 +09:00
Ophestra
ea8f228af3
proc/priv/shim: merge shim into main program 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-17 23:43:32 +09:00
Ophestra
562f5ed797
fst: hide sockets exposed via Filesystem 
This is mostly useful for permissive defaults.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-15 10:13:18 +09:00
Ophestra
6acd0d4e88
linux/std: handle fsu exit status 1 
Printing "exit status 1" is confusing. This handles the ExitError and returns EACCES instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-01-01 21:34:57 +09:00
Ophestra Umiker
df6fc298f6
migrate to git.gensokyo.uk/security/fortify 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
5d25bee786
fortify: remove systemd check 
This is no longer necessary as fortify no longer integrates with external user switchers.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-19 11:14:31 +09:00
Ophestra Umiker
df33123bd7
app: integrate fsu 
This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-16 21:19:45 +09:00
Ophestra Umiker
69cc64ef56
linux: provide access to stdout 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-04 22:55:46 +09:00
Ophestra Umiker
584732f80a
cmd: shim and init into separate binaries 
This change also fixes a deadlock when shim fails to connect and complete the setup.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-02 03:13:57 +09:00