532feb4bfa
app: merge shim into app package
...
Test / Create distribution (push) Successful in 26s
Test / Fortify (push) Successful in 2m48s
Test / Fpkg (push) Successful in 3m39s
Test / Data race detector (push) Successful in 4m35s
Test / Flake checks (push) Successful in 56s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-25 05:21:47 +09:00
ec5e91b8c9
system: optimise string formatting
...
Test / Create distribution (push) Successful in 20s
Test / Fpkg (push) Successful in 36s
Test / Fortify (push) Successful in 42s
Test / Data race detector (push) Successful in 43s
Test / Flake checks (push) Successful in 1m10s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-25 04:42:30 +09:00
5c4058d5ac
app: run in native sandbox
...
Test / Create distribution (push) Successful in 20s
Test / Fortify (push) Successful in 2m5s
Test / Fpkg (push) Successful in 3m0s
Test / Data race detector (push) Successful in 4m12s
Test / Flake checks (push) Successful in 1m4s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-25 01:52:49 +09:00
24618ab9a1
sandbox: move out of internal
...
Test / Create distribution (push) Successful in 18s
Test / Fpkg (push) Successful in 2m40s
Test / Data race detector (push) Successful in 3m13s
Test / Fortify (push) Successful in 3m1s
Test / Flake checks (push) Successful in 51s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 02:55:36 +09:00
9a1f8e129f
sandbox: wrap fmsg interface
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m27s
Test / Fpkg (push) Successful in 3m36s
Test / Data race detector (push) Successful in 4m16s
Test / Flake checks (push) Successful in 55s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 02:44:07 +09:00
ee10860357
seccomp: install output atomically
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m33s
Test / Fpkg (push) Successful in 3m17s
Test / Data race detector (push) Successful in 4m1s
Test / Flake checks (push) Successful in 49s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 01:10:27 +09:00
2647a71be1
seccomp: move out of helper
...
Test / Create distribution (push) Successful in 29s
Test / Fortify (push) Successful in 2m53s
Test / Fpkg (push) Successful in 4m0s
Test / Data race detector (push) Successful in 4m9s
Test / Flake checks (push) Successful in 59s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-14 22:42:40 +09:00
4133b555ba
internal/app: rename init to init0
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m27s
Test / Fpkg (push) Successful in 3m21s
Test / Data race detector (push) Successful in 3m40s
Test / Flake checks (push) Successful in 48s
This makes way for the new container init.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-13 21:57:54 +09:00
9e15898c8f
internal/prctl: rename prctl wrappers
...
Test / Create distribution (push) Successful in 26s
Test / Fortify (push) Successful in 2m39s
Test / Data race detector (push) Successful in 3m29s
Test / Fpkg (push) Successful in 3m34s
Test / Flake checks (push) Successful in 51s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-07 22:56:35 +09:00
673b648bd3
cmd/fpkg: call app in-process
...
Test / Create distribution (push) Successful in 28s
Test / Fortify (push) Successful in 2m31s
Test / Data race detector (push) Successful in 3m25s
Test / Fpkg (push) Successful in 3m29s
Test / Flake checks (push) Successful in 55s
Wrapping fortify is slow, painful and error-prone. Start apps in-process instead.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 19:51:44 +09:00
56539d8db5
fortify: move internal commands up
...
Test / Create distribution (push) Successful in 26s
Test / Fortify (push) Successful in 2m30s
Test / Data race detector (push) Successful in 3m27s
Test / Fpkg (push) Successful in 3m34s
Test / Flake checks (push) Successful in 52s
This improves readability.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 18:02:11 +09:00
840ceb615a
app: handle RunState errors
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m27s
Test / Data race detector (push) Successful in 3m24s
Test / Fpkg (push) Successful in 3m30s
Test / Flake checks (push) Successful in 52s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 17:36:14 +09:00
741d011543
fortify: configure seccomp logger early
...
Test / Create distribution (push) Successful in 26s
Test / Data race detector (push) Successful in 3m27s
Test / Fortify (push) Successful in 2m27s
Test / Fpkg (push) Successful in 3m28s
Test / Flake checks (push) Successful in 51s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 17:19:36 +09:00
f0a082ec84
fortify: improve handling of RevertErr
...
Test / Create distribution (push) Successful in 26s
Test / Fortify (push) Successful in 2m17s
Test / Data race detector (push) Successful in 2m57s
Test / Flake checks (push) Successful in 43s
All this error wrapping is getting a bit ridiculous and I might want to do something about that somewhere down the line.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-25 00:45:00 +09:00
478b27922c
fortify: handle errors via MustParse
...
Test / Create distribution (push) Successful in 25s
Test / Run NixOS test (push) Successful in 3m29s
The errSuccess behaviour is kept for beforeExit.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 12:57:59 +09:00
79957f8ea7
fortify: test help message
...
Test / Create distribution (push) Successful in 19s
Test / Run NixOS test (push) Successful in 50s
This helps catch regressions in "command".
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 02:51:35 +09:00
7e52463445
fortify: integrate command handler
...
Test / Create distribution (push) Successful in 25s
Test / Run NixOS test (push) Successful in 3m24s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 02:35:02 +09:00
c64b8163e7
app: separate instance from process state
...
Test / Create distribution (push) Successful in 19s
Test / Run NixOS test (push) Successful in 1m59s
This works better for the implementation.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-21 16:06:24 +09:00
3c80fd2b0f
app: defer system.I revert
...
Test / Create distribution (push) Successful in 19s
Test / Run NixOS test (push) Successful in 49s
Just returning an error after a successful call of commit will leave garbage behind with no way for the caller to clean them. This change ensures revert is always called after successful commit with at least per-process state enabled.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-19 21:12:11 +09:00
648e1d641a
app: separate interface from implementation
...
Test / Create distribution (push) Successful in 26s
Test / Run NixOS test (push) Successful in 3m31s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-18 23:07:28 +09:00
e0f321b2c4
sys: rename from linux
...
Test / Create distribution (push) Successful in 26s
Test / Run NixOS test (push) Successful in 3m28s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-18 18:47:48 +09:00
2c9c7fee5b
linux: wrap fsu lookup error
...
Test / Create distribution (push) Successful in 35s
Test / Run NixOS test (push) Successful in 5m58s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-18 17:39:53 +09:00
e9b0f9faef
fmsg: export logBaseError function
...
Test / Create distribution (push) Successful in 25s
Test / Run NixOS test (push) Successful in 3m16s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-18 13:02:51 +09:00
90cb01b274
system: move out of internal
...
Test / Create distribution (push) Successful in 25s
Test / Run NixOS test (push) Successful in 3m17s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-17 19:00:43 +09:00
e599b5583d
fmsg: implement suspend in writer
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 2m18s
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-16 18:51:53 +09:00
33a4ab11c2
internal: move shim and init into app
...
Test / Create distribution (push) Successful in 24s
Test / Run NixOS test (push) Successful in 2m7s
This structure makes more sense, as both processes are part of an app's lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-16 16:28:46 +09:00
3054527ca5
fortify: prevent exit status 0 on app failure
...
Test / Create distribution (push) Successful in 46s
Test / Run NixOS test (push) Successful in 3m37s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-15 14:40:19 +09:00
aaebb8f3ab
fortify: check print behaviour
...
Test / Create distribution (push) Successful in 1m10s
Test / Run NixOS test (push) Successful in 3m59s
These output are supposed to be deterministic, so checking them is a good way to catch regressions.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-14 14:44:28 +09:00
fe7d208cf7
helper: use generic extra files interface
...
Test / Create distribution (push) Successful in 1m38s
Test / Run NixOS test (push) Successful in 4m36s
This replaces the pipes object and integrates context into helper process lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 23:34:15 +09:00
e14923ae53
helper/proc: move package out of internal
...
Test / Create distribution (push) Successful in 1m32s
Test / Run NixOS test (push) Successful in 4m6s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-08 13:03:45 +09:00
163f15e93f
helper/seccomp: separate seccomp package
...
Test / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m31s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-25 12:59:11 +09:00
a30f5e1226
fortify: set up seccomp verbose logging early
...
Build / Create distribution (push) Successful in 1m34s
Test / Run NixOS test (push) Successful in 4m4s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-22 01:58:54 +09:00
9a239fa1a5
helper/bwrap: integrate seccomp into helper interface
...
Build / Create distribution (push) Successful in 1m36s
Test / Run NixOS test (push) Successful in 3m40s
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-22 01:52:57 +09:00
20a3d4c458
proc/priv/shim: resolve and load seccomp rules
...
Build / Create distribution (push) Successful in 1m33s
Test / Run NixOS test (push) Successful in 3m36s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-20 23:52:56 +09:00
b31d055e20
proc/priv/init: early init check
...
Build / Create distribution (push) Successful in 1m39s
Test / Run NixOS test (push) Successful in 3m45s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 12:33:33 +09:00
27d2914286
proc/priv/init: merge init into main program
...
Build / Create distribution (push) Successful in 1m47s
Test / Run NixOS test (push) Successful in 3m46s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-18 11:47:01 +09:00
ea8f228af3
proc/priv/shim: merge shim into main program
...
Build / Create distribution (push) Successful in 2m15s
Test / Run NixOS test (push) Successful in 2m53s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-17 23:43:32 +09:00
124743ffd3
app: expose single run method
...
Tests / Go tests (push) Successful in 1m1s
Nix / NixOS tests (push) Successful in 3m20s
App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-15 23:39:51 +09:00
6acd0d4e88
linux/std: handle fsu exit status 1
...
Tests / Go tests (push) Successful in 34s
Nix / NixOS tests (push) Successful in 2m27s
Printing "exit status 1" is confusing. This handles the ExitError and returns EACCES instead.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-01 21:34:57 +09:00
35b7142317
fortify: show system info when instance is not specified
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 4m32s
This contains useful information not obtainable by external tools.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-01 19:35:50 +09:00
70bffeaa1e
fortify: clean up config loading
...
Tests / Go tests (push) Successful in 40s
Nix / NixOS tests (push) Successful in 3m28s
Move duplicate code to function. Also handle - as config from stdin.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-23 17:57:54 +09:00
8a9ba5e0ad
fortify: show short mode omit filesystems
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 3m19s
Filesystem information can be quite noisy in permissive defaults.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-22 13:20:33 +09:00
cb98baa19d
fortify: clean up ps formatting code
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m1s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 20:34:40 +09:00
4f4c690d38
fortify: move json indent call
...
Tests / Go tests (push) Successful in 36s
Nix / NixOS tests (push) Successful in 2m59s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 19:06:25 +09:00
df7f692e61
fortify: move show formatting out of main
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m1s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 18:33:30 +09:00
68660a2ad4
fortify: config/state pretty-print subcommand
...
Tests / Go tests (push) Successful in 43s
Nix / NixOS tests (push) Successful in 3m8s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-21 12:29:04 +09:00
df6fc298f6
migrate to git.gensokyo.uk/security/fortify
...
Tests / Go tests (push) Successful in 2m55s
Nix / NixOS tests (push) Successful in 5m10s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-20 00:20:02 +09:00
5d25bee786
fortify: remove systemd check
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 3m3s
This is no longer necessary as fortify no longer integrates with external user switchers.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-19 11:14:31 +09:00
2f676c9d6e
fst: rename from fipc
...
Tests / Go tests (push) Successful in 38s
Nix / NixOS tests (push) Successful in 5m48s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 15:50:46 +09:00
b752ec4468
fipc: export config struct
...
Tests / Go tests (push) Successful in 1m12s
Nix / NixOS tests (push) Successful in 10m51s
Also store full config as part of state.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-18 13:45:55 +09:00
