|
9a239fa1a5
|
helper/bwrap: integrate seccomp into helper interface
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-22 01:52:57 +09:00 |
|
|
20a3d4c458
|
proc/priv/shim: resolve and load seccomp rules
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-20 23:52:56 +09:00 |
|
|
3df344828f
|
proc/priv/shim: seccomp bpf filter via libseccomp
Rulesets adapted from Flatpak for compatibility.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-20 23:39:47 +09:00 |
|
|
27f5922d5c
|
fst: include syscall filter configuration
This value is passed through to shim.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-20 21:12:39 +09:00 |
|
|
3c55fc8e86
|
proc/priv/shim: do not log bwrap args
This message is very long and does not serve much real purpose. Remove it to de-clutter verbose messages.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-20 19:51:28 +09:00 |
|
|
eb0ef2d115
|
helper/bwrap: generic extra file interface
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-20 00:20:04 +09:00 |
|
|
2f70506865
|
helper/bwrap: move sync to helper state
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-19 18:38:13 +09:00 |
|
|
cae567c109
|
proc/priv/shim: remove unnecessary state
These values are only used during process creation.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-19 18:09:07 +09:00 |
|
|
b31d055e20
|
proc/priv/init: early init check
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-18 12:33:33 +09:00 |
|
|
7baca66a56
|
proc: remove duplicate compile-time fortify reference
This is no longer needed since shim and init are now part of the main program.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-18 11:59:33 +09:00 |
|
|
27d2914286
|
proc/priv/init: merge init into main program
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-18 11:47:01 +09:00 |
|
|
ea8f228af3
|
proc/priv/shim: merge shim into main program
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-17 23:43:32 +09:00 |
|