532feb4bfa
app: merge shim into app package
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-25 05:21:47 +09:00
ec5e91b8c9
system: optimise string formatting
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-25 04:42:30 +09:00
5c4058d5ac
app: run in native sandbox
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-25 01:52:49 +09:00
24618ab9a1
sandbox: move out of internal
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 02:55:36 +09:00
9a1f8e129f
sandbox: wrap fmsg interface
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 02:44:07 +09:00
ee10860357
seccomp: install output atomically
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 01:10:27 +09:00
2647a71be1
seccomp: move out of helper
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-14 22:42:40 +09:00
4133b555ba
internal/app: rename init to init0
...
This makes way for the new container init.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-13 21:57:54 +09:00
9e15898c8f
internal/prctl: rename prctl wrappers
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-07 22:56:35 +09:00
673b648bd3
cmd/fpkg: call app in-process
...
Wrapping fortify is slow, painful and error-prone. Start apps in-process instead.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 19:51:44 +09:00
56539d8db5
fortify: move internal commands up
...
This improves readability.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 18:02:11 +09:00
840ceb615a
app: handle RunState errors
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 17:36:14 +09:00
741d011543
fortify: configure seccomp logger early
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 17:19:36 +09:00
f0a082ec84
fortify: improve handling of RevertErr
...
All this error wrapping is getting a bit ridiculous and I might want to do something about that somewhere down the line.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-25 00:45:00 +09:00
478b27922c
fortify: handle errors via MustParse
...
The errSuccess behaviour is kept for beforeExit.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 12:57:59 +09:00
79957f8ea7
fortify: test help message
...
This helps catch regressions in "command".
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 02:51:35 +09:00
7e52463445
fortify: integrate command handler
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 02:35:02 +09:00
c64b8163e7
app: separate instance from process state
...
This works better for the implementation.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-21 16:06:24 +09:00
3c80fd2b0f
app: defer system.I revert
...
Just returning an error after a successful call of commit will leave garbage behind with no way for the caller to clean them. This change ensures revert is always called after successful commit with at least per-process state enabled.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-19 21:12:11 +09:00
648e1d641a
app: separate interface from implementation
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-18 23:07:28 +09:00
e0f321b2c4
sys: rename from linux
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-18 18:47:48 +09:00
2c9c7fee5b
linux: wrap fsu lookup error
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-18 17:39:53 +09:00
e9b0f9faef
fmsg: export logBaseError function
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-18 13:02:51 +09:00
90cb01b274
system: move out of internal
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-17 19:00:43 +09:00
e599b5583d
fmsg: implement suspend in writer
...
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-16 18:51:53 +09:00
33a4ab11c2
internal: move shim and init into app
...
This structure makes more sense, as both processes are part of an app's lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-16 16:28:46 +09:00
3054527ca5
fortify: prevent exit status 0 on app failure
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-15 14:40:19 +09:00
aaebb8f3ab
fortify: check print behaviour
...
These output are supposed to be deterministic, so checking them is a good way to catch regressions.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-14 14:44:28 +09:00
fe7d208cf7
helper: use generic extra files interface
...
This replaces the pipes object and integrates context into helper process lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 23:34:15 +09:00
e14923ae53
helper/proc: move package out of internal
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-08 13:03:45 +09:00
163f15e93f
helper/seccomp: separate seccomp package
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-25 12:59:11 +09:00
a30f5e1226
fortify: set up seccomp verbose logging early
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-22 01:58:54 +09:00
9a239fa1a5
helper/bwrap: integrate seccomp into helper interface
...
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-22 01:52:57 +09:00
20a3d4c458
proc/priv/shim: resolve and load seccomp rules
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-20 23:52:56 +09:00
b31d055e20
proc/priv/init: early init check
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 12:33:33 +09:00
27d2914286
proc/priv/init: merge init into main program
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 11:47:01 +09:00
ea8f228af3
proc/priv/shim: merge shim into main program
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-17 23:43:32 +09:00
124743ffd3
app: expose single run method
...
App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-15 23:39:51 +09:00
6acd0d4e88
linux/std: handle fsu exit status 1
...
Printing "exit status 1" is confusing. This handles the ExitError and returns EACCES instead.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-01 21:34:57 +09:00
35b7142317
fortify: show system info when instance is not specified
...
This contains useful information not obtainable by external tools.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-01 19:35:50 +09:00
70bffeaa1e
fortify: clean up config loading
...
Move duplicate code to function. Also handle - as config from stdin.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-23 17:57:54 +09:00
8a9ba5e0ad
fortify: show short mode omit filesystems
...
Filesystem information can be quite noisy in permissive defaults.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 13:20:33 +09:00
cb98baa19d
fortify: clean up ps formatting code
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 20:34:40 +09:00
4f4c690d38
fortify: move json indent call
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 19:06:25 +09:00
df7f692e61
fortify: move show formatting out of main
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 18:33:30 +09:00
68660a2ad4
fortify: config/state pretty-print subcommand
...
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 12:29:04 +09:00
df6fc298f6
migrate to git.gensokyo.uk/security/fortify
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-20 00:20:02 +09:00
5d25bee786
fortify: remove systemd check
...
This is no longer necessary as fortify no longer integrates with external user switchers.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-19 11:14:31 +09:00
2f676c9d6e
fst: rename from fipc
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 15:50:46 +09:00
b752ec4468
fipc: export config struct
...
Also store full config as part of state.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 13:45:55 +09:00
