fortify

Author	SHA1	Message	Date
Ophestra	9a10eeab90	app/seal: embed enablements All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Run NixOS test (push) Successful in 3m28s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 00:41:51 +09:00
Ophestra	a748d40745	app: store values with string representation All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Run NixOS test (push) Successful in 3m26s Details Improves code readability without changing memory layout. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-19 00:25:00 +09:00
Ophestra	e0f321b2c4	sys: rename from linux All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Run NixOS test (push) Successful in 3m28s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-18 18:47:48 +09:00
Ophestra	90cb01b274	system: move out of internal All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Run NixOS test (push) Successful in 3m17s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 19:00:43 +09:00
Ophestra	3ae2ab652e	system/wayland: sync file at caller specified address All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Run NixOS test (push) Successful in 3m14s Details Storing this in sys is incredibly ugly: sys should be stateless and Ops must keep track of their state. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 13:24:17 +09:00
Ophestra	82a072f641	system/tmpfiles: implement private tmpfiles All checks were successful Test / Create distribution (push) Successful in 19s Details Test / Run NixOS test (push) Successful in 3m30s Details These are only available within the mount namespace and should significantly reduce attack surface. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-17 00:07:52 +09:00
Ophestra	e599b5583d	fmsg: implement suspend in writer All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Run NixOS test (push) Successful in 2m18s Details This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-16 18:51:53 +09:00
Ophestra	268a90f1a5	app: improve WAYLAND_DISPLAY correctness All checks were successful Test / Create distribution (push) Successful in 46s Details Test / Run NixOS test (push) Successful in 3m35s Details This now has identical behaviour as wayland C library. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 14:45:09 +09:00
Ophestra	ddb2f9c11b	app: remove wayland socket hard link All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m32s Details This Op was not doing anything useful. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 10:54:00 +09:00
Ophestra	0340c67995	app: port passwd and group files to copy All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m41s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 03:19:06 +09:00
Ophestra	ea8d1c07df	priv/shim: move /sbin/init setup to app All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m36s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 03:06:10 +09:00
Ophestra	23e1152baa	app/share: clean BaseError message All checks were successful Build / Create distribution (push) Successful in 1m35s Details Test / Run NixOS test (push) Successful in 3m42s Details This removes trailing '\n' in the PulseAudio warning. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 11:54:16 +09:00
Ophestra	c4d6651cae	update reverse-DNS style identifiers All checks were successful Tests / Go tests (push) Successful in 1m6s Details Nix / NixOS tests (push) Successful in 4m11s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-31 16:16:38 +09:00
Ophestra	b9e2003d5b	app: ensure extra paths All checks were successful Tests / Go tests (push) Successful in 36s Details Nix / NixOS tests (push) Successful in 3m37s Details The primary use case for extra perms is app-specific state directories, which may or may not exist (first run of any app). Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-28 14:07:49 +09:00
Ophestra	847b667489	app: extra acl entries from configuration Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-28 13:23:27 +09:00
Ophestra	0107620d8c	app: merge share methods All checks were successful Tests / Go tests (push) Successful in 32s Details Nix / NixOS tests (push) Successful in 3m25s Details This significantly increases readability and makes order of ops more obvious. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-28 11:12:35 +09:00

16 Commits