fortify

Author	SHA1	Message	Date
Ophestra	feef2a0495	sandbox: wrap fmsg interface All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Successful in 2m33s Details Test / Fpkg (push) Successful in 3m27s Details Test / Data race detector (push) Successful in 4m2s Details Test / Flake checks (push) Successful in 53s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-17 02:36:26 +09:00
Ophestra	273d97af85	ldd: lib paths resolve function All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Successful in 2m37s Details Test / Fpkg (push) Successful in 3m37s Details Test / Data race detector (push) Successful in 3m50s Details Test / Flake checks (push) Successful in 56s Details This is what always happens right after a ldd call, so implement it here. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-16 01:20:09 +09:00
Ophestra	e64e7608ca	sandbox: expose cancel behaviour All checks were successful Test / Create distribution (push) Successful in 40s Details Test / Fpkg (push) Successful in 11m53s Details Test / Fortify (push) Successful in 1m57s Details Test / Data race detector (push) Successful in 2m33s Details Test / Flake checks (push) Successful in 58s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-15 03:04:27 +09:00
Ophestra	4bb5d9780f	ldd: run in native sandbox All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m27s Details Test / Fpkg (push) Successful in 3m22s Details Test / Data race detector (push) Successful in 3m43s Details Test / Flake checks (push) Successful in 48s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 17:55:55 +09:00
Ophestra	f41fd94628	sandbox: write uid/gid map as init All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m30s Details Test / Fpkg (push) Successful in 3m21s Details Test / Data race detector (push) Successful in 3m39s Details Test / Flake checks (push) Successful in 48s Details This avoids PR_SET_DUMPABLE in the parent process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 17:42:22 +09:00
Ophestra	94895bbacb	sandbox: invert seccomp ruleset defaults All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Fortify (push) Successful in 2m31s Details Test / Fpkg (push) Successful in 3m20s Details Test / Data race detector (push) Successful in 3m35s Details Test / Flake checks (push) Successful in 50s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:38:32 +09:00
Ophestra	f332200ca4	sandbox: mount container /dev All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m29s Details Test / Fpkg (push) Successful in 3m26s Details Test / Data race detector (push) Successful in 3m33s Details Test / Flake checks (push) Successful in 51s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-14 02:18:44 +09:00
Ophestra	9b1a60b5c9	sandbox: native container tooling All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Fortify (push) Successful in 2m28s Details Test / Fpkg (push) Successful in 3m23s Details Test / Data race detector (push) Successful in 3m35s Details Test / Flake checks (push) Successful in 48s Details This should eventually replace bwrap. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-03-13 21:36:26 +09:00

8 Commits