fortify

Author	SHA1	Message	Date
Ophestra	d2c3d1bfbd	test/sandbox/mount: work around /run tmpfs nondeterminism Some checks failed Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Failing after 1m46s Details Test / Data race detector (push) Failing after 2m29s Details Test / Fpkg (push) Successful in 3m27s Details Test / Flake checks (push) Has been skipped Details The special case is ugly and does not work for all paths, but it is guaranteed to work in the test. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-12 15:01:27 +09:00
Ophestra	fe7d208cf7	helper: use generic extra files interface All checks were successful Test / Create distribution (push) Successful in 1m38s Details Test / Run NixOS test (push) Successful in 4m36s Details This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-13 23:34:15 +09:00
Ophestra	5b7b3fa9a4	helper/seccomp: implement reader interface via pipe All checks were successful Test / Create distribution (push) Successful in 1m6s Details Test / Run NixOS test (push) Successful in 2m44s Details This also does not require the libc tmpfile call. BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-03 19:43:03 +09:00