fortify

Author	SHA1	Message	Date
Ophestra	fdef9567a7	helper/seccomp: call seccomp_load on negative fd Some checks failed Test / Create distribution (push) Successful in 25s Details Test / Data race detector (push) Failing after 2m20s Details Test / Fortify (push) Successful in 2m54s Details Test / Fpkg (push) Successful in 3m41s Details Test / Flake checks (push) Has been skipped Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-12 14:12:21 +09:00
Ophestra	fe7d208cf7	helper: use generic extra files interface All checks were successful Test / Create distribution (push) Successful in 1m38s Details Test / Run NixOS test (push) Successful in 4m36s Details This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-13 23:34:15 +09:00
Ophestra	5b7b3fa9a4	helper/seccomp: implement reader interface via pipe All checks were successful Test / Create distribution (push) Successful in 1m6s Details Test / Run NixOS test (push) Successful in 2m44s Details This also does not require the libc tmpfile call. BPF programs emitted by libseccomp seems to be deterministic. The tests would catch regressions as it verifies the program against known good output backed by manual testing. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-03 19:43:03 +09:00