security/fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 35 Wiki Activity
706 Commits 5 Branches 35 Tags 4.8 MiB
d32070e121
Commit Graph

11 Commits

Author SHA1 Message Date
Ophestra
184e9db2b2
sandbox: support privileged container
All checks were successful
Test / Create distribution (push) Successful in 26s
Details
Test / Fortify (push) Successful in 2m34s
Details
Test / Fpkg (push) Successful in 3m25s
Details
Test / Data race detector (push) Successful in 4m27s
Details
Test / Flake checks (push) Successful in 53s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-27 19:40:19 +09:00
Ophestra
d613257841
sandbox/init: clear inheritable set
All checks were successful
Test / Create distribution (push) Successful in 28s
Details
Test / Fpkg (push) Successful in 3m52s
Details
Test / Data race detector (push) Successful in 4m47s
Details
Test / Fortify (push) Successful in 2m4s
Details
Test / Flake checks (push) Successful in 57s
Details 
Inheritable should not be able to affect anything regardless of its value, due to no_new_privs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 07:46:13 +09:00
Ophestra
52fcc48ac1
sandbox/init: drop capabilities
All checks were successful
Test / Create distribution (push) Successful in 26s
Details
Test / Fortify (push) Successful in 2m39s
Details
Test / Fpkg (push) Successful in 3m31s
Details
Test / Data race detector (push) Successful in 4m32s
Details
Test / Flake checks (push) Successful in 58s
Details 
During development the syscall filter caused me to make an incorrect assumption about SysProcAttr.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-26 06:32:08 +09:00
Ophestra
971c79bb80
sandbox: remove hardcoded parent perm
All checks were successful
Test / Create distribution (push) Successful in 27s
Details
Test / Fortify (push) Successful in 2m43s
Details
Test / Fpkg (push) Successful in 3m41s
Details
Test / Data race detector (push) Successful in 4m32s
Details
Test / Flake checks (push) Successful in 59s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-25 19:49:51 +09:00
Ophestra
ad3576c164
sandbox: resolve tty name
All checks were successful
Test / Create distribution (push) Successful in 19s
Details
Test / Fortify (push) Successful in 2m17s
Details
Test / Fpkg (push) Successful in 3m15s
Details
Test / Data race detector (push) Successful in 4m10s
Details
Test / Flake checks (push) Successful in 56s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-24 16:03:07 +09:00
Ophestra
b74a08dda9
sandbox: prepare ops early
All checks were successful
Test / Create distribution (push) Successful in 24s
Details
Test / Fortify (push) Successful in 2m27s
Details
Test / Fpkg (push) Successful in 3m33s
Details
Test / Data race detector (push) Successful in 4m9s
Details
Test / Flake checks (push) Successful in 53s
Details 
Some setup code needs to run in host root. This change allows that to happen.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-18 02:17:46 +09:00
Ophestra
1b9408864f
sandbox: pass cmd to cancel function
All checks were successful
Test / Create distribution (push) Successful in 25s
Details
Test / Fortify (push) Successful in 2m35s
Details
Test / Fpkg (push) Successful in 3m36s
Details
Test / Data race detector (push) Successful in 4m11s
Details
Test / Flake checks (push) Successful in 49s
Details 
This is not usually in scope otherwise.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 22:36:39 +09:00
Ophestra
d7eddd54a2
sandbox: rename params struct
All checks were successful
Test / Create distribution (push) Successful in 25s
Details
Test / Fortify (push) Successful in 2m33s
Details
Test / Fpkg (push) Successful in 3m27s
Details
Test / Data race detector (push) Successful in 4m3s
Details
Test / Flake checks (push) Successful in 59s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 21:45:08 +09:00
Ophestra
af3619d440
sandbox: create symlinks
All checks were successful
Test / Create distribution (push) Successful in 24s
Details
Test / Fortify (push) Successful in 2m30s
Details
Test / Fpkg (push) Successful in 3m21s
Details
Test / Data race detector (push) Successful in 4m3s
Details
Test / Flake checks (push) Successful in 48s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 16:37:56 +09:00
Ophestra
528674cb6e
sandbox/init: fail early on nil op
All checks were successful
Test / Create distribution (push) Successful in 25s
Details
Test / Fortify (push) Successful in 2m27s
Details
Test / Fpkg (push) Successful in 3m21s
Details
Test / Data race detector (push) Successful in 4m3s
Details
Test / Flake checks (push) Successful in 49s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 16:17:03 +09:00
Ophestra
24618ab9a1
sandbox: move out of internal
All checks were successful
Test / Create distribution (push) Successful in 18s
Details
Test / Fpkg (push) Successful in 2m40s
Details
Test / Data race detector (push) Successful in 3m13s
Details
Test / Fortify (push) Successful in 3m1s
Details
Test / Flake checks (push) Successful in 51s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-03-17 02:55:36 +09:00