security/hakurei
6
3
Fork 1
Code Issues 11 Pull Requests 2 Actions 2 Packages Projects Releases 14 Wiki Activity

hst: expose scheduling priority
All checks were successful
Test / Create distribution (push) Successful in 35s
Details
Test / ShareFS (push) Successful in 40s
Details
Test / Sandbox (push) Successful in 44s
Details
Test / Hakurei (push) Successful in 49s
Details
Test / Sandbox (race detector) (push) Successful in 44s
Details
Test / Hakurei (race detector) (push) Successful in 48s
Details
Test / Flake checks (push) Successful in 1m14s
Details

Browse Source 
This is useful when limits are configured to allow it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2026-03-12 01:20:08 +09:00
parent 196b200d0f
commit 1ee7704edd
6 changed files with 31 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/hakurei/command.go
View File

@@ -16,6 +16,7 @@ import (
"hakurei.app/command"
"hakurei.app/container/check"
"hakurei.app/container/fhs"
"hakurei.app/container/std"
"hakurei.app/hst"
"hakurei.app/internal/dbus"
"hakurei.app/internal/env"
@@ -88,7 +89,9 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
flagGroups command.RepeatableFlag
flagHomeDir string
flagUserName string
flagSched string
flagSchedPolicy string
flagSchedPriority int
flagPrivateRuntime, flagPrivateTmpdir bool
@@ -178,9 +181,12 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
},
}
if err := config.SchedPolicy.UnmarshalText([]byte(flagSched)); err != nil {
if err := config.SchedPolicy.UnmarshalText(
[]byte(flagSchedPolicy),
); err != nil {
log.Fatal(err)
}
config.SchedPriority = std.Int(flagSchedPriority)
// bind GPU stuff
if et&(hst.EX11|hst.EWayland) != 0 {
@@ -292,8 +298,10 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr
"Container home directory").
Flag(&flagUserName, "u", command.StringFlag("chronos"),
"Passwd user name within sandbox").
Flag(&flagSched, "sched", command.StringFlag(""),
Flag(&flagSchedPolicy, "policy", command.StringFlag(""),
"Scheduling policy to set for the container").
Flag(&flagSchedPriority, "priority", command.IntFlag(0),
"Scheduling priority to set for the container").
Flag(&flagPrivateRuntime, "private-runtime", command.BoolFlag(false),
"Do not share XDG_RUNTIME_DIR between containers under the same identity").
Flag(&flagPrivateTmpdir, "private-tmpdir", command.BoolFlag(false),

8
cmd/hakurei/command_test.go
View File

@@ -36,7 +36,7 @@ Commands:
},
{
"run", []string{"run", "-h"}, `
Usage: hakurei run [-h | --help] [--dbus-config <value>] [--dbus-system <value>] [--mpris] [--dbus-log] [--id <value>] [-a <int>] [-g <value>] [-d <value>] [-u <value>] [--sched <value>] [--private-runtime] [--private-tmpdir] [--wayland] [-X] [--dbus] [--pipewire] [--pulse] COMMAND [OPTIONS]
Usage: hakurei run [-h | --help] [--dbus-config <value>] [--dbus-system <value>] [--mpris] [--dbus-log] [--id <value>] [-a <int>] [-g <value>] [-d <value>] [-u <value>] [--policy <value>] [--priority <int>] [--private-runtime] [--private-tmpdir] [--wayland] [-X] [--dbus] [--pipewire] [--pulse] COMMAND [OPTIONS]
Flags:
-X Enable direct connection to X11
@@ -60,14 +60,16 @@ Flags:
Allow owning MPRIS D-Bus path, has no effect if custom config is available
-pipewire
Enable connection to PipeWire via SecurityContext
-policy string
Scheduling policy to set for the container
-priority int
Scheduling priority to set for the container
-private-runtime
Do not share XDG_RUNTIME_DIR between containers under the same identity
-private-tmpdir
Do not share TMPDIR between containers under the same identity
-pulse
Enable PulseAudio compatibility daemon
-sched string
Scheduling policy to set for the container
-u string
Passwd user name within sandbox (default "chronos")
-wayland