fortify

Author	SHA1	Message	Date
Ophestra	f86d868274	sandbox: wrap error with its own text message PathError has a pretty good text message, many of them are wrapped with its own text message. This change adds a function to do just that to improve readability. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 19:42:20 +09:00
Ophestra	33940265a6	sandbox: do not ensure symlink target This masks EEXIST on target and might clobber filesystems and lead to other confusing behaviour. Create its parent instead. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 19:30:53 +09:00
Ophestra	61dbfeffe7	sandbox/wl: move into sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 05:26:37 +09:00
Ophestra	5c4058d5ac	app: run in native sandbox Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-25 01:52:49 +09:00
Ophestra	ad3576c164	sandbox: resolve tty name Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 16:03:07 +09:00
Ophestra	a11237b158	sandbox/vfs: add doc comments Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 13:21:55 +09:00
Ophestra	40f00d570e	sandbox: set mkdir perm Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-24 12:51:39 +09:00
Ophestra	e8809125d4	sandbox: verify outcome via mountinfo This contains much more information than /proc/mounts and allows for more fields to be checked. This also removes the dependency on the test package. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 22:17:36 +09:00
Ophestra	75e0c5d406	test/sandbox: parse full test case This makes declaring multiple tests much cleaner. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 14:53:50 +09:00
Ophestra	770b37ae16	sandbox/vfs: match MS_NOSYMFOLLOW flag Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 13:57:30 +09:00
Ophestra	c638193268	sandbox: apply vfs options to bind mounts Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 05:27:57 +09:00
Ophestra	8c3a817881	sandbox/vfs: unfold mount hierarchy This presents all visible mount points under path. This is useful for applying extra vfs options to bind mounts. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 05:23:31 +09:00
Ophestra	e2fce321c1	sandbox/vfs: expose mountinfo line scanning Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-23 02:46:58 +09:00
Ophestra	d21d9c5b1d	sandbox/vfs: parse vfs options Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 17:12:10 +09:00
Ophestra	a70daf2250	sandbox: resolve inverted flags in op Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 12:58:38 +09:00
Ophestra	5098b12e4a	sandbox/vfs: count mountinfo entries Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 12:14:33 +09:00
Ophestra	9ddf5794dd	sandbox/vfs: implement proc_pid_mountinfo(5) parser Test cases are mostly taken from util-linux. This implementation is more correct and slightly faster than the one found in github:kubernetes/utils. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-21 00:35:49 +09:00
Ophestra	b74a08dda9	sandbox: prepare ops early Some setup code needs to run in host root. This change allows that to happen. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-18 02:17:46 +09:00
Ophestra	1b9408864f	sandbox: pass cmd to cancel function This is not usually in scope otherwise. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 22:36:39 +09:00
Ophestra	cc89dbdf63	sandbox: place files with content Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 22:13:22 +09:00
Ophestra	228f3301f2	sandbox: create directories Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 22:03:06 +09:00
Ophestra	07181138e5	sandbox/mount: pass absolute path This should never be used unless there is a good reason to, like using a file in the intermediate root. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 21:53:31 +09:00
Ophestra	816b372f14	sandbox: cancel process on serve error Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 21:49:45 +09:00
Ophestra	d7eddd54a2	sandbox: rename params struct Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 21:45:08 +09:00
Ophestra	af3619d440	sandbox: create symlinks Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 16:37:56 +09:00
Ophestra	528674cb6e	sandbox/init: fail early on nil op Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 16:17:03 +09:00
Ophestra	70c9757e26	sandbox/mount: rename device flag Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 16:10:55 +09:00
Ophestra	c83a7e2efc	sandbox: mount container /dev/mqueue Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 15:42:40 +09:00
Ophestra	904208b87f	sandbox: unwrap path string Mount proc and dev takes no additional parameters. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 15:33:20 +09:00
Ophestra	007b52d81f	sandbox/seccomp: check for both partial read outcomes This eliminates intermittent test failures. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 12:51:21 +09:00
Ophestra	24618ab9a1	sandbox: move out of internal Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 02:55:36 +09:00

31 Commits

No results found.