c3ba0c3cce
nix: rename nixos test
...
Tests / Go tests (push) Successful in 39s
Nix / NixOS tests (push) Successful in 5m0s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 13:02:12 +09:00
b453f70ca2
cmd/fsu: check uid range before syscall
...
Tests / Go tests (push) Successful in 43s
Nix / NixOS tests (push) Successful in 5m0s
This limits potential exploits to the fortify uid range.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 13:01:36 +09:00
c2b178e626
xcb: refactor and clean up
...
Tests / Go tests (push) Successful in 45s
Nix / NixOS tests (push) Successful in 5m2s
No clean way to write Go tests for this package. Will rely on NixOS tests for now.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 12:46:36 +09:00
aeda40fc92
nix: test x11 permissive defaults
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 4m51s
Also invoke glinfo/wayland-info as part of tests.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 12:40:29 +09:00
65dc39956f
workflows: set action names
...
Tests / Go tests (push) Successful in 42s
Nix / NixOS tests (push) Successful in 4m33s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 11:12:39 +09:00
35505c8a26
workflows: invoke nix flake checks
...
check / nix-flake-check (push) Successful in 4m32s
test / test (push) Successful in 37s
Integration tests are implemented as nix flake checks.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-17 10:49:43 +09:00
3f993021f8
nix: permissive defaults nixos test
...
test / test (push) Successful in 37s
Adapted from nixos sway integration tests.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 22:56:10 +09:00
4d3bd5338f
nix: implement flake checks
...
test / test (push) Successful in 36s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 20:54:28 +09:00
138666d753
nix: skip acl test
...
test / test (push) Successful in 39s
The nix build environment does not support ACLs.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 19:29:01 +09:00
f4628e181b
acl: create test file in tmpdir
...
test / test (push) Successful in 37s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 18:58:09 +09:00
c8a90666c5
acl: refactor and clean up
...
test / test (push) Successful in 37s
Move all C code to c.go, switch to pkg-config, set up finalizer for acl.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 18:27:19 +09:00
ee41b37606
acl: add tests
...
test / test (push) Successful in 37s
These tests test UpdatePerm correctness by parsing getfacl output.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-16 16:00:31 +09:00
e3f1d7ba60
release: 0.2.2
...
release / release (push) Successful in 44s
test / test (push) Successful in 35s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-07 21:47:22 +09:00
39e3ac3ccd
nix: require /etc/userdb nix-daemon
...
test / test (push) Successful in 36s
There seems to be some kind of credential caching in nix-daemon.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-07 21:07:57 +09:00
33c95b80ca
cmd/fuserdb: rename home directories
...
test / test (push) Successful in 36s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-07 20:23:46 +09:00
40cc8a68d1
nix: rename home directories
...
test / test (push) Successful in 38s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-07 20:15:37 +09:00
f773c92411
system: prevent duplicate Wayland op
...
test / test (push) Successful in 36s
Wayland is implemented as an Op to enforce dependency and cleanup, its implementation does not allow multiple instances on a single sys object, nor would doing that make any sense.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-07 19:45:37 +09:00
16ab734fcd
update README document
...
test / test (push) Successful in 37s
A lot of this information is no longer true since fsu. Remove them for now and write up proper documentation later.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-06 17:04:36 +09:00
cc816a1aaa
proc: cleaner extra files
...
test / test (push) Successful in 37s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-06 16:05:04 +09:00
b3ef53b193
app: integrate security-context-v1
...
test / test (push) Successful in 37s
Should be able to get rid of XDG_RUNTIME_DIR share after this.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-06 04:25:33 +09:00
8d0573405a
helper/bwrap: implement sync fd
...
test / test (push) Successful in 38s
This is required by wayland security-context-v1.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-06 04:21:37 +09:00
38e92edb8e
system/wayland: integrate security-context-v1
...
test / test (push) Successful in 37s
Had to pass the sync fd through sys. The rest are just part of a standard Op.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-06 04:20:15 +09:00
2d606b1f4b
wl: implement security-context-v1
...
test / test (push) Successful in 38s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-06 04:15:13 +09:00
1b5b089c78
fortify: rename --dbus-id to --id
...
test / test (push) Successful in 19s
This value is no longer specific to D-Bus defaults.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-06 03:26:09 +09:00
6b8ddca7b4
nix: track nixos stable 24.11
...
test / test (push) Successful in 25s
Reduce rebuilds during development on my system.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-06 00:44:04 +09:00
95668ac998
nix: expose no_new_session in module
...
test / test (push) Successful in 14s
Useful for shells and terminal programs like chat clients.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-28 00:19:06 +09:00
b291f0b710
app: add nixos-based config test case
...
test / test (push) Successful in 20s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-21 12:13:21 +09:00
3a20b149ce
update README document
...
test / test (push) Successful in 26s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-21 11:22:34 +09:00
30b8bce90a
fortify: zsh completion
...
test / test (push) Successful in 22s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-20 01:25:19 +09:00
de0d78daae
release: 0.2.1
...
release / release (push) Successful in 1m4s
test / test (push) Successful in 20s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-19 21:03:50 +09:00
6bf33ce507
fortify: use resolved username
...
test / test (push) Successful in 21s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-19 21:03:09 +09:00
9faf3b3596
app: validate username
...
test / test (push) Successful in 23s
This value is used for passwd generation. Bad input can cause very confusing issues. This is not a security issue, however validation will improve user experience.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-19 21:01:41 +09:00
d99c8b1fb4
release: 0.2.0
...
release / release (push) Successful in 44s
test / test (push) Successful in 22s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-19 18:15:09 +09:00
6e4870775f
update README document
...
test / test (push) Successful in 20s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-19 18:14:06 +09:00
0a546885e3
nix: update options doc
...
test / test (push) Successful in 22s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-19 18:12:35 +09:00
653d69da0a
nix: module descriptions
...
test / test (push) Successful in 24s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-19 18:10:57 +09:00
f8256137ae
nix: separate module options from implementation
...
test / test (push) Successful in 25s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-19 17:08:22 +09:00
54b47b0315
nix: copy pixmaps directory to share package
...
test / test (push) Successful in 21s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-18 14:46:08 +09:00
ae2628e57a
cmd/fshim/ipc: install signal handler on shim start
...
test / test (push) Successful in 20s
Getting killed at this point will result in inconsistent state.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-18 13:33:46 +09:00
c026a4b5dc
fortify: permissive defaults resolve home directory from os
...
test / test (push) Successful in 21s
When starting with the permissive defaults "run" command, attempt to resolve home directory from os by default and fall back to /var/empty.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-18 13:01:07 +09:00
748a0ae2c8
nix: wrap program from libexec
...
test / test (push) Successful in 24s
This avoids renaming the fortify binary.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-18 12:58:47 +09:00
8f3f0c7bbf
nix: integrate dynamic users
...
test / test (push) Successful in 21s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-18 02:49:48 +09:00
05b7dbf066
app: alternative inner home path
...
test / test (push) Successful in 24s
Support binding home to an alternative path in the mount namespace.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-18 00:18:21 +09:00
866270ff05
fmsg: add to wg prior to enqueue
...
test / test (push) Successful in 27s
Adding after channel write is racy.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-17 23:50:02 +09:00
c1fad649e8
app/start: check for cleanup and abort condition
...
test / test (push) Successful in 21s
Dirty fix. Will rewrite after fsu integration complete.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-17 23:41:52 +09:00
b5f01ef20b
app: append # for ChangeHosts message with numerical uid
...
test / test (push) Successful in 21s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-17 23:40:37 +09:00
2e23cef7bb
cmd/fuserdb: generate group entries
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-17 23:31:06 +09:00
6a6d30af1f
cmd/fuserdb: systemd userdb drop-in entries generator
...
test / test (push) Successful in 20s
This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-17 02:16:02 +09:00
df33123bd7
app: integrate fsu
...
test / test (push) Successful in 21s
This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-16 21:19:45 +09:00
1a09b55bd4
nix: remove portal paths from default
...
test / test (push) Successful in 27s
Despite presenting itself as a generic desktop integration interface, xdg-desktop portal is highly flatpak-centric and only supports flatpak and snap in practice. It is a significant attack surface to begin with as it is a privileged process which accepts input from unprivileged processes, and the lack of support for anything other than fortify also introduces various information leaks when exposed to fortify as it treats fortified programs as unsandboxed, privileged programs in many cases.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-10 22:24:17 +09:00
