security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

internal/outcome: expose pipewire via pipewire-pulse
All checks were successful
Test / Create distribution (push) Successful in 28s
Details
Test / Sandbox (push) Successful in 42s
Details
Test / Hakurei (push) Successful in 3m20s
Details
Test / Hpkg (push) Successful in 2m13s
Details
Test / Sandbox (race detector) (push) Successful in 4m25s
Details
Test / Hakurei (race detector) (push) Successful in 3m21s
Details
Test / Flake checks (push) Successful in 1m30s
Details

Browse Source 
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst.

Closes #29.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-12-15 12:43:58 +09:00
parent 2e80660169
commit 54610aaddc
14 changed files with 113 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
options.md
View File

@@ -35,7 +35,7 @@ package
*Default:*
` <derivation hakurei-static-x86_64-unknown-linux-musl-0.3.1> `
` <derivation hakurei-static-x86_64-unknown-linux-musl-0.3.2> `
@@ -73,11 +73,11 @@ null or boolean
## environment\.hakurei\.apps\.\<name>\.enablements\.pulse
## environment\.hakurei\.apps\.\<name>\.enablements\.pipewire
Whether to share the PulseAudio socket and cookie\.
Whether to share the PipeWire server via pipewire-pulse on a SecurityContext socket\.
@@ -95,7 +95,7 @@ null or boolean
Whether to share the Wayland socket\.
Whether to share the Wayland server via security-context-v1\.
@@ -805,7 +805,7 @@ package
*Default:*
` <derivation hakurei-hsu-0.3.1> `
` <derivation hakurei-hsu-0.3.2> `