fortify

History

Ophestra e9a7cd526f All checks were successful Test / Create distribution (push) Successful in 27s Details Test / Sandbox (push) Successful in 1m45s Details Test / Fortify (push) Successful in 2m36s Details Test / Sandbox (race detector) (push) Successful in 2m49s Details Test / Fpkg (push) Successful in 3m33s Details Test / Fortify (race detector) (push) Successful in 4m13s Details Test / Flake checks (push) Successful in 1m6s Details app: improve shim process management This ensures a signal gets delivered to the process instead of relying on parent death behaviour. SIGCONT was chosen as it is the only signal an unprivileged process is allowed to send to processes with different credentials. A custom signal handler is installed because the Go runtime does not expose signal information other than which signal was received, and shim must check pid to ensure reasonable behaviour. Signed-off-by: Ophestra <cat@gensokyo.uk>		2025-04-07 03:55:17 +09:00
..
sandbox	test: separate app and sandbox	2025-03-30 22:09:46 +09:00
configuration.nix	test: separate app and sandbox	2025-03-30 22:09:46 +09:00
default.nix	nix: clean up flake outputs	2025-03-17 12:26:19 +09:00
test.py	app: improve shim process management	2025-04-07 03:55:17 +09:00