security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

sandbox/seccomp: rename flag type and constants
All checks were successful
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (push) Successful in 1m38s
Details
Test / Fortify (push) Successful in 2m39s
Details
Test / Sandbox (race detector) (push) Successful in 2m55s
Details
Test / Fpkg (push) Successful in 3m26s
Details
Test / Fortify (race detector) (push) Successful in 4m5s
Details
Test / Flake checks (push) Successful in 56s
Details

Browse Source 
The names are ambiguous. Rename them to make more sense.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-04-08 01:59:45 +09:00
parent 50127ed5f9
commit 584405f7cc
14 changed files with 64 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/fpkg/app.go
View File

@@ -111,10 +111,10 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool
},
}
if app.Multiarch {
config.Confinement.Sandbox.Seccomp |= seccomp.FlagMultiarch
config.Confinement.Sandbox.Seccomp |= seccomp.FilterMultiarch
}
if app.Bluetooth {
config.Confinement.Sandbox.Seccomp |= seccomp.FlagBluetooth
config.Confinement.Sandbox.Seccomp |= seccomp.FilterBluetooth
}
return config
}

4
cmd/fpkg/with.go
View File

@@ -39,7 +39,7 @@ func withNixDaemon(
Hostname: formatHostname(app.Name) + "-" + action,
Userns: true, // nix sandbox requires userns
Net: net,
Seccomp: seccomp.FlagMultiarch,
Seccomp: seccomp.FilterMultiarch,
Tty: dropShell,
Filesystem: []*fst.FilesystemConfig{
{Src: pathSet.nixPath, Dst: "/nix", Write: true, Must: true},
@@ -76,7 +76,7 @@ func withCacheDir(
Shell: shellPath,
Sandbox: &fst.SandboxConfig{
Hostname: formatHostname(app.Name) + "-" + action,
Seccomp: seccomp.FlagMultiarch,
Seccomp: seccomp.FilterMultiarch,
Tty: dropShell,
Filesystem: []*fst.FilesystemConfig{
{Src: path.Join(workDir, "nix"), Dst: "/nix", Must: true},