|
|
9a239fa1a5
|
helper/bwrap: integrate seccomp into helper interface
Build / Create distribution (push) Successful in 1m36s
Test / Run NixOS test (push) Successful in 3m40s
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-22 01:52:57 +09:00 |
|
|
|
20a3d4c458
|
proc/priv/shim: resolve and load seccomp rules
Build / Create distribution (push) Successful in 1m33s
Test / Run NixOS test (push) Successful in 3m36s
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-20 23:52:56 +09:00 |
|
|
|
3df344828f
|
proc/priv/shim: seccomp bpf filter via libseccomp
Build / Create distribution (push) Successful in 1m59s
Test / Run NixOS test (push) Successful in 4m11s
Rulesets adapted from Flatpak for compatibility.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-20 23:39:47 +09:00 |
|
|
|
27f5922d5c
|
fst: include syscall filter configuration
Build / Create distribution (push) Successful in 3m0s
Test / Run NixOS test (push) Successful in 5m19s
This value is passed through to shim.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-20 21:12:39 +09:00 |
|
|
|
3c55fc8e86
|
proc/priv/shim: do not log bwrap args
Build / Create distribution (push) Successful in 1m22s
Test / Run NixOS test (push) Successful in 3m30s
This message is very long and does not serve much real purpose. Remove it to de-clutter verbose messages.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-20 19:51:28 +09:00 |
|
|
|
eb0ef2d115
|
helper/bwrap: generic extra file interface
Build / Create distribution (push) Successful in 1m32s
Test / Run NixOS test (push) Successful in 3m50s
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-20 00:20:04 +09:00 |
|
|
|
2f70506865
|
helper/bwrap: move sync to helper state
Build / Create distribution (push) Successful in 1m25s
Test / Run NixOS test (push) Successful in 3m33s
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-19 18:38:13 +09:00 |
|
|
|
cae567c109
|
proc/priv/shim: remove unnecessary state
Build / Create distribution (push) Successful in 1m27s
Test / Run NixOS test (push) Successful in 3m37s
These values are only used during process creation.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-19 18:09:07 +09:00 |
|
|
|
b31d055e20
|
proc/priv/init: early init check
Build / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m45s
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-18 12:33:33 +09:00 |
|
|
|
7baca66a56
|
proc: remove duplicate compile-time fortify reference
Build / Create distribution (push) Successful in 1m46s
Test / Run NixOS test (push) Successful in 3m44s
This is no longer needed since shim and init are now part of the main program.
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-18 11:59:33 +09:00 |
|
|
|
27d2914286
|
proc/priv/init: merge init into main program
Build / Create distribution (push) Successful in 1m47s
Test / Run NixOS test (push) Successful in 3m46s
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-18 11:47:01 +09:00 |
|
|
|
ea8f228af3
|
proc/priv/shim: merge shim into main program
Build / Create distribution (push) Successful in 2m15s
Test / Run NixOS test (push) Successful in 2m53s
Signed-off-by: Ophestra <cat@gensokyo.uk>
|
2025-01-17 23:43:32 +09:00 |
|
