31 Commits

Author	SHA1	Message	Date
Ophestra	22a4b99674	cmd/fpkg/install: deduplicate nix store ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-30 02:25:04 +09:00
Ophestra	1464ef774b	cmd/fpkg: expose nixGL wrappers ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-30 02:02:20 +09:00
Ophestra	66ba4cea5c	cmd/fpkg: remove workDir acl from activation ... Activation does not require access to workDir, and by this point all information is available in dataHome. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 23:48:45 +09:00
Ophestra	f8d0786509	cmd/fpkg: include nixGL source in inner store ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 23:37:11 +09:00
Ophestra	aff80b6b00	cmd/fpkg: optional network access when invoking with nix daemon ... This is useful for building nixGL. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 18:32:44 +09:00
Ophestra	a98a176907	cmd/fpkg: bind and document more gpu devices ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 18:25:26 +09:00
Ophestra	5302879b88	cmd/fpkg: improve readability of fortify invocations ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 17:55:56 +09:00
Ophestra	891b3cbde7	cmd/fpkg: compare all three store paths ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 17:10:41 +09:00
Ophestra	c795293f36	cmd/fpkg: clean up broken links before activation ... Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 15:21:40 +09:00
Ophestra	c1a459a0b1	cmd/fpkg/start: correct drop to shell wording ... Activation no longer happens during application startup. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 00:56:14 +09:00
Ophestra	e0e2f40e84	cmd/fpkg: app bundle helper ... This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 13:21:49 +09:00
Ophestra	9b206072fa	cmd/fshim: ensure data directory ... Ensuring home directory in shim causes the directory to be owned by the target user. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-28 14:39:01 +09:00
Ophestra	0a2aa5823b	cmd/fshim: bind finit inside sandbox ... The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-27 14:44:57 +09:00
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	52f21a19f3	cmd/fshim: switch to setup pipe ... The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 19:39:25 +09:00
Ophestra Umiker	7be53a2438	cmd/fshim: switch to generic setup func ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 17:20:31 +09:00
Ophestra Umiker	f69e8e753e	cmd/finit: switch to generic receive func ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 16:49:19 +09:00
Ophestra Umiker	b453f70ca2	cmd/fsu: check uid range before syscall ... This limits potential exploits to the fortify uid range. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 13:01:36 +09:00
Ophestra Umiker	33c95b80ca	cmd/fuserdb: rename home directories ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 20:23:46 +09:00
Ophestra Umiker	cc816a1aaa	proc: cleaner extra files ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 16:05:04 +09:00
Ophestra Umiker	b3ef53b193	app: integrate security-context-v1 ... Should be able to get rid of XDG_RUNTIME_DIR share after this. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:25:33 +09:00
Ophestra Umiker	ae2628e57a	cmd/fshim/ipc: install signal handler on shim start ... Getting killed at this point will result in inconsistent state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 13:33:46 +09:00
Ophestra Umiker	2e23cef7bb	cmd/fuserdb: generate group entries ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:31:06 +09:00
Ophestra Umiker	6a6d30af1f	cmd/fuserdb: systemd userdb drop-in entries generator ... This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 02:16:02 +09:00
Ophestra Umiker	df33123bd7	app: integrate fsu ... This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
Ophestra Umiker	45fead18c3	cmd/fshim: set no_new_privs flag ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-09 11:50:56 +09:00
Ophestra Umiker	88abcbe0b2	cmd/fsu: remove import of internal package ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 12:32:14 +09:00
Ophestra Umiker	8cd3651bb6	cmd/fshim/ipc: friendly setup timeout message ... This message eventually gets returned by the app's Start method, so they should be wrapped to provide a friendly message. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-03 02:03:30 +09:00
Ophestra Umiker	584732f80a	cmd: shim and init into separate binaries ... This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
Ophestra Umiker	aa1f96eeeb	fsu: check parent executable path ... Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 18:52:23 +09:00
Ophestra Umiker	d9cb2a9f2b	fsu: implement simple setuid user switcher ... Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 00:02:34 +09:00