diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index a0f2822..ac26370 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -20,5 +20,5 @@ jobs: uses: https://gitea.com/actions/release-action@main with: files: |- - result/fortify-** + result/hakurei-** api_key: '${{secrets.RELEASE_TOKEN}}' diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml index dcf71fd..7009643 100644 --- a/.gitea/workflows/test.yml +++ b/.gitea/workflows/test.yml @@ -5,25 +5,25 @@ on: - pull_request jobs: - fortify: - name: Fortify + hakurei: + name: Hakurei runs-on: nix steps: - name: Checkout uses: actions/checkout@v4 - name: Run NixOS test - run: nix build --out-link "result" --print-out-paths --print-build-logs .#checks.x86_64-linux.fortify + run: nix build --out-link "result" --print-out-paths --print-build-logs .#checks.x86_64-linux.hakurei - name: Upload test output uses: actions/upload-artifact@v3 with: - name: "fortify-vm-output" + name: "hakurei-vm-output" path: result/* retention-days: 1 race: - name: Fortify (race detector) + name: Hakurei (race detector) runs-on: nix steps: - name: Checkout @@ -35,7 +35,7 @@ jobs: - name: Upload test output uses: actions/upload-artifact@v3 with: - name: "fortify-race-vm-output" + name: "hakurei-race-vm-output" path: result/* retention-days: 1 @@ -93,7 +93,7 @@ jobs: check: name: Flake checks needs: - - fortify + - hakurei - race - sandbox - sandbox-race @@ -116,15 +116,15 @@ jobs: - name: Build for test id: build-test run: >- - export FORTIFY_REV="$(git rev-parse --short HEAD)" && - sed -i.old 's/version = /version = "0.0.0-'$FORTIFY_REV'"; # version = /' package.nix && + export HAKUREI_REV="$(git rev-parse --short HEAD)" && + sed -i.old 's/version = /version = "0.0.0-'$HAKUREI_REV'"; # version = /' package.nix && nix build --print-out-paths --print-build-logs .#dist && mv package.nix.old package.nix && - echo "rev=$FORTIFY_REV" >> $GITHUB_OUTPUT + echo "rev=$HAKUREI_REV" >> $GITHUB_OUTPUT - name: Upload test build uses: actions/upload-artifact@v3 with: - name: "fortify-${{ steps.build-test.outputs.rev }}" + name: "hakurei-${{ steps.build-test.outputs.rev }}" path: result/* retention-days: 1 diff --git a/.gitignore b/.gitignore index 7257cef..2b91571 100644 --- a/.gitignore +++ b/.gitignore @@ -5,7 +5,7 @@ *.so *.dylib *.pkg -/fortify +/hakurei # Test binary, built with `go test -c` *.test @@ -29,4 +29,4 @@ go.work.sum security-context-v1-protocol.* # release -/dist/fortify-* \ No newline at end of file +/dist/hakurei-* \ No newline at end of file diff --git a/README.md b/README.md index 9f16102..4a932bc 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ -Fortify +Hakurei ======= -[![Go Reference](https://pkg.go.dev/badge/git.gensokyo.uk/security/fortify.svg)](https://pkg.go.dev/git.gensokyo.uk/security/fortify) -[![Go Report Card](https://goreportcard.com/badge/git.gensokyo.uk/security/fortify)](https://goreportcard.com/report/git.gensokyo.uk/security/fortify) +[![Go Reference](https://pkg.go.dev/badge/git.gensokyo.uk/security/hakurei.svg)](https://pkg.go.dev/git.gensokyo.uk/security/hakurei) +[![Go Report Card](https://goreportcard.com/badge/git.gensokyo.uk/security/hakurei)](https://goreportcard.com/report/git.gensokyo.uk/security/hakurei) Lets you run graphical applications as another user in a confined environment with a nice NixOS module to configure target users and provide launchers and desktop files for your privileged user. @@ -18,7 +18,7 @@ Why would you want this? If you have a flakes-enabled nix environment, you can try out the tool by running: ```shell -nix run git+https://git.gensokyo.uk/security/fortify -- help +nix run git+https://git.gensokyo.uk/security/hakurei -- help ``` ## Module usage @@ -34,35 +34,35 @@ To use the module, import it into your configuration with inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; - fortify = { - url = "git+https://git.gensokyo.uk/security/fortify"; + hakurei = { + url = "git+https://git.gensokyo.uk/security/hakurei"; # Optional but recommended to limit the size of your system closure. inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, fortify, ... }: + outputs = { self, nixpkgs, hakurei, ... }: { - nixosConfigurations.fortify = nixpkgs.lib.nixosSystem { + nixosConfigurations.hakurei = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - fortify.nixosModules.fortify + hakurei.nixosModules.hakurei ]; }; }; } ``` -This adds the `environment.fortify` option: +This adds the `environment.hakurei` option: ```nix { pkgs, ... }: { - environment.fortify = { + environment.hakurei = { enable = true; - stateDir = "/var/lib/fortify"; + stateDir = "/var/lib/hakurei"; users = { alice = 0; nixos = 10; diff --git a/acl/acl-update.c b/acl/acl-update.c index be796b5..c3e9e83 100644 --- a/acl/acl-update.c +++ b/acl/acl-update.c @@ -4,7 +4,7 @@ #include #include -int f_acl_update_file_by_uid(const char *path_p, uid_t uid, acl_perm_t *perms, +int hakurei_acl_update_file_by_uid(const char *path_p, uid_t uid, acl_perm_t *perms, size_t plen) { int ret = -1; bool v; diff --git a/acl/acl-update.h b/acl/acl-update.h index fa1541f..6ad1a87 100644 --- a/acl/acl-update.h +++ b/acl/acl-update.h @@ -1,4 +1,4 @@ #include -int f_acl_update_file_by_uid(const char *path_p, uid_t uid, acl_perm_t *perms, +int hakurei_acl_update_file_by_uid(const char *path_p, uid_t uid, acl_perm_t *perms, size_t plen); diff --git a/acl/acl.go b/acl/acl.go index bd2d9c4..30abc16 100644 --- a/acl/acl.go +++ b/acl/acl.go @@ -23,7 +23,7 @@ func Update(name string, uid int, perms ...Perm) error { p = &perms[0] } - r, err := C.f_acl_update_file_by_uid( + r, err := C.hakurei_acl_update_file_by_uid( C.CString(name), C.uid_t(uid), (*C.acl_perm_t)(p), diff --git a/acl/acl_test.go b/acl/acl_test.go index 9944b8a..cb5945d 100644 --- a/acl/acl_test.go +++ b/acl/acl_test.go @@ -7,7 +7,7 @@ import ( "reflect" "testing" - "git.gensokyo.uk/security/fortify/acl" + "git.gensokyo.uk/security/hakurei/acl" ) const testFileName = "acl.test" diff --git a/cmd/fpkg/app.go b/cmd/fpkg/app.go index 7246870..257956d 100644 --- a/cmd/fpkg/app.go +++ b/cmd/fpkg/app.go @@ -6,46 +6,46 @@ import ( "os" "path" - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/system" ) type appInfo struct { Name string `json:"name"` Version string `json:"version"` - // passed through to [fst.Config] + // passed through to [hst.Config] ID string `json:"id"` - // passed through to [fst.Config] + // passed through to [hst.Config] Identity int `json:"identity"` - // passed through to [fst.Config] + // passed through to [hst.Config] Groups []string `json:"groups,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] Devel bool `json:"devel,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] Userns bool `json:"userns,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] Net bool `json:"net,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] Device bool `json:"dev,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] Tty bool `json:"tty,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] MapRealUID bool `json:"map_real_uid,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] DirectWayland bool `json:"direct_wayland,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] SystemBus *dbus.Config `json:"system_bus,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] SessionBus *dbus.Config `json:"session_bus,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] Enablements system.Enablement `json:"enablements"` - // passed through to [fst.Config] + // passed through to [hst.Config] Multiarch bool `json:"multiarch,omitempty"` - // passed through to [fst.Config] + // passed through to [hst.Config] Bluetooth bool `json:"bluetooth,omitempty"` // allow gpu access within sandbox @@ -62,8 +62,8 @@ type appInfo struct { ActivationPackage string `json:"activation_package"` } -func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool) *fst.Config { - config := &fst.Config{ +func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool) *hst.Config { + config := &hst.Config{ ID: app.ID, Path: argv[0], @@ -75,7 +75,7 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool SessionBus: app.SessionBus, DirectWayland: app.DirectWayland, - Username: "fortify", + Username: "hakurei", Shell: shellPath, Data: pathSet.homeDir, Dir: path.Join("/data/data", app.ID), @@ -83,7 +83,7 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool Identity: app.Identity, Groups: app.Groups, - Container: &fst.ContainerConfig{ + Container: &hst.ContainerConfig{ Hostname: formatHostname(app.Name), Devel: app.Devel, Userns: app.Userns, @@ -91,9 +91,9 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool Device: app.Device, Tty: app.Tty || flagDropShell, MapRealUID: app.MapRealUID, - Filesystem: []*fst.FilesystemConfig{ + Filesystem: []*hst.FilesystemConfig{ {Src: path.Join(pathSet.nixPath, "store"), Dst: "/nix/store", Must: true}, - {Src: pathSet.metaPath, Dst: path.Join(fst.Tmp, "app"), Must: true}, + {Src: pathSet.metaPath, Dst: path.Join(hst.Tmp, "app"), Must: true}, {Src: "/etc/resolv.conf"}, {Src: "/sys/block"}, {Src: "/sys/bus"}, @@ -109,7 +109,7 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool Etc: path.Join(pathSet.cacheDir, "etc"), AutoEtc: true, }, - ExtraPerms: []*fst.ExtraPermConfig{ + ExtraPerms: []*hst.ExtraPermConfig{ {Path: dataHome, Execute: true}, {Ensure: true, Path: pathSet.baseDir, Read: true, Write: true, Execute: true}, }, @@ -147,7 +147,7 @@ func loadAppInfo(name string, beforeFail func()) *appInfo { func formatHostname(name string) string { if h, err := os.Hostname(); err != nil { log.Printf("cannot get hostname: %v", err) - return "fortify-" + name + return "hakurei-" + name } else { return h + "-" + name } diff --git a/cmd/fpkg/build.nix b/cmd/fpkg/build.nix index 0a0a558..b5c5080 100644 --- a/cmd/fpkg/build.nix +++ b/cmd/fpkg/build.nix @@ -57,7 +57,7 @@ let modules = modules ++ [ { home = { - username = "fortify"; + username = "hakurei"; homeDirectory = "/data/data/${id}"; stateVersion = "22.11"; }; @@ -65,7 +65,7 @@ let ]; }; - launcher = writeScript "fortify-${pname}" '' + launcher = writeScript "hakurei-${pname}" '' #!${runtimeShell} -el ${script} ''; diff --git a/cmd/fpkg/main.go b/cmd/fpkg/main.go index ac95bc1..7d44d41 100644 --- a/cmd/fpkg/main.go +++ b/cmd/fpkg/main.go @@ -10,13 +10,13 @@ import ( "path" "syscall" - "git.gensokyo.uk/security/fortify/command" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal" - "git.gensokyo.uk/security/fortify/internal/app/instance" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sys" - "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/hakurei/command" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal" + "git.gensokyo.uk/security/hakurei/internal/app/instance" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/internal/sys" + "git.gensokyo.uk/security/hakurei/sandbox" ) const shellPath = "/run/current-system/sw/bin/bash" @@ -28,7 +28,7 @@ var ( ) func init() { - fmsg.Prepare("fpkg") + hlog.Prepare("fpkg") if err := os.Setenv("SHELL", shellPath); err != nil { log.Fatalf("cannot set $SHELL: %v", err) } @@ -36,7 +36,7 @@ func init() { func main() { // early init path, skips root check and duplicate PR_SET_DUMPABLE - sandbox.TryArgv0(fmsg.Output{}, fmsg.Prepare, internal.InstallFmsg) + sandbox.TryArgv0(hlog.Output{}, hlog.Prepare, internal.InstallFmsg) if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil { log.Printf("cannot set SUID_DUMP_DISABLE: %s", err) @@ -60,7 +60,7 @@ func main() { return nil }). Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console"). - Flag(&flagDropShell, "s", command.BoolFlag(false), "Drop to a shell in place of next fortify action") + Flag(&flagDropShell, "s", command.BoolFlag(false), "Drop to a shell in place of next hakurei action") c.Command("shim", command.UsageInternal, func([]string) error { instance.ShimMain(); return errSuccess }) @@ -166,10 +166,10 @@ func main() { } // sec: should compare version string - fmsg.Verbosef("installing application %q version %q over local %q", + hlog.Verbosef("installing application %q version %q over local %q", bundle.ID, bundle.Version, a.Version) } else { - fmsg.Verbosef("application %q clean installation", bundle.ID) + hlog.Verbosef("application %q clean installation", bundle.ID) // sec: should install credentials } @@ -179,7 +179,7 @@ func main() { withCacheDir(ctx, "install", []string{ // export inner bundle path in the environment - "export BUNDLE=" + fst.Tmp + "/bundle", + "export BUNDLE=" + hst.Tmp + "/bundle", // replace inner /etc "mkdir -p etc", "chmod -R +w etc", @@ -218,7 +218,7 @@ func main() { "rm -rf .local/state/{nix,home-manager}", // run activation script bundle.ActivationPackage + "/activate", - }, false, func(config *fst.Config) *fst.Config { return config }, + }, false, func(config *hst.Config) *hst.Config { return config }, bundle, pathSet, flagDropShellActivate, cleanup) /* @@ -291,8 +291,8 @@ func main() { "--out-link /nix/.nixGL/auto/vulkan " + "--override-input nixpkgs path:/etc/nixpkgs " + "path:" + a.NixGL + "#nixVulkanNvidia", - }, true, func(config *fst.Config) *fst.Config { - config.Container.Filesystem = append(config.Container.Filesystem, []*fst.FilesystemConfig{ + }, true, func(config *hst.Config) *hst.Config { + config.Container.Filesystem = append(config.Container.Filesystem, []*hst.FilesystemConfig{ {Src: "/etc/resolv.conf"}, {Src: "/sys/block"}, {Src: "/sys/bus"}, @@ -325,7 +325,7 @@ func main() { if a.GPU { config.Container.Filesystem = append(config.Container.Filesystem, - &fst.FilesystemConfig{Src: path.Join(pathSet.nixPath, ".nixGL"), Dst: path.Join(fst.Tmp, "nixGL")}) + &hst.FilesystemConfig{Src: path.Join(pathSet.nixPath, ".nixGL"), Dst: path.Join(hst.Tmp, "nixGL")}) appendGPUFilesystem(config) } @@ -341,9 +341,9 @@ func main() { } c.MustParse(os.Args[1:], func(err error) { - fmsg.Verbosef("command returned %v", err) + hlog.Verbosef("command returned %v", err) if errors.Is(err, errSuccess) { - fmsg.BeforeExit() + hlog.BeforeExit() os.Exit(0) } }) diff --git a/cmd/fpkg/paths.go b/cmd/fpkg/paths.go index 2eaeb42..aa581c9 100644 --- a/cmd/fpkg/paths.go +++ b/cmd/fpkg/paths.go @@ -8,8 +8,8 @@ import ( "strconv" "sync/atomic" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/fmsg" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/hlog" ) var ( @@ -18,10 +18,10 @@ var ( func init() { // dataHome - if p, ok := os.LookupEnv("FORTIFY_DATA_HOME"); ok { + if p, ok := os.LookupEnv("HAKUREI_DATA_HOME"); ok { dataHome = p } else { - dataHome = "/var/lib/fortify/" + strconv.Itoa(os.Getuid()) + dataHome = "/var/lib/hakurei/" + strconv.Itoa(os.Getuid()) } } @@ -37,7 +37,7 @@ func lookPath(file string) string { var beforeRunFail = new(atomic.Pointer[func()]) func mustRun(name string, arg ...string) { - fmsg.Verbosef("spawning process: %q %q", name, arg) + hlog.Verbosef("spawning process: %q %q", name, arg) cmd := exec.Command(name, arg...) cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr if err := cmd.Run(); err != nil { @@ -71,8 +71,8 @@ func pathSetByApp(id string) *appPathSet { return pathSet } -func appendGPUFilesystem(config *fst.Config) { - config.Container.Filesystem = append(config.Container.Filesystem, []*fst.FilesystemConfig{ +func appendGPUFilesystem(config *hst.Config) { + config.Container.Filesystem = append(config.Container.Filesystem, []*hst.FilesystemConfig{ // flatpak commit 763a686d874dd668f0236f911de00b80766ffe79 {Src: "/dev/dri", Device: true}, // mali diff --git a/cmd/fpkg/proc.go b/cmd/fpkg/proc.go index 45fe352..7862e47 100644 --- a/cmd/fpkg/proc.go +++ b/cmd/fpkg/proc.go @@ -4,19 +4,19 @@ import ( "context" "os" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/app/instance" - "git.gensokyo.uk/security/fortify/internal/fmsg" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/app/instance" + "git.gensokyo.uk/security/hakurei/internal/hlog" ) -func mustRunApp(ctx context.Context, config *fst.Config, beforeFail func()) { +func mustRunApp(ctx context.Context, config *hst.Config, beforeFail func()) { rs := new(app.RunState) a := instance.MustNew(instance.ISetuid, ctx, std) var code int if sa, err := a.Seal(config); err != nil { - fmsg.PrintBaseError(err, "cannot seal app:") + hlog.PrintBaseError(err, "cannot seal app:") code = 1 } else { code = instance.PrintRunStateErr(instance.ISetuid, rs, sa.Run(rs)) diff --git a/cmd/fpkg/test/configuration.nix b/cmd/fpkg/test/configuration.nix index 2608fed..ce74228 100644 --- a/cmd/fpkg/test/configuration.nix +++ b/cmd/fpkg/test/configuration.nix @@ -50,9 +50,9 @@ ]; }; - environment.fortify = { + environment.hakurei = { enable = true; - stateDir = "/var/lib/fortify"; + stateDir = "/var/lib/hakurei"; users.alice = 0; extraHomeConfig = { diff --git a/cmd/fpkg/test/default.nix b/cmd/fpkg/test/default.nix index c0a2248..dcd2cc6 100644 --- a/cmd/fpkg/test/default.nix +++ b/cmd/fpkg/test/default.nix @@ -18,7 +18,7 @@ nixosTest { imports = [ ./configuration.nix - self.nixosModules.fortify + self.nixosModules.hakurei self.inputs.home-manager.nixosModules.home-manager ]; }; diff --git a/cmd/fpkg/test/test.py b/cmd/fpkg/test/test.py index 641062f..9b9dfc1 100644 --- a/cmd/fpkg/test/test.py +++ b/cmd/fpkg/test/test.py @@ -47,22 +47,22 @@ def wait_for_window(pattern): def collect_state_ui(name): - swaymsg(f"exec fortify ps > '/tmp/{name}.ps'") + swaymsg(f"exec hakurei ps > '/tmp/{name}.ps'") machine.copy_from_vm(f"/tmp/{name}.ps", "") - swaymsg(f"exec fortify --json ps > '/tmp/{name}.json'") + swaymsg(f"exec hakurei --json ps > '/tmp/{name}.json'") machine.copy_from_vm(f"/tmp/{name}.json", "") machine.screenshot(name) def check_state(name, enablements): - instances = json.loads(machine.succeed("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 fortify --json ps")) + instances = json.loads(machine.succeed("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 hakurei --json ps")) if len(instances) != 1: raise Exception(f"unexpected state length {len(instances)}") instance = next(iter(instances.values())) config = instance['config'] - if len(config['args']) != 1 or not (config['args'][0].startswith("/nix/store/")) or f"fortify-{name}-" not in (config['args'][0]): + if len(config['args']) != 1 or not (config['args'][0].startswith("/nix/store/")) or f"hakurei-{name}-" not in (config['args'][0]): raise Exception(f"unexpected args {instance['config']['args']}") if config['enablements'] != enablements: @@ -72,15 +72,15 @@ def check_state(name, enablements): start_all() machine.wait_for_unit("multi-user.target") -# To check fortify's version: -print(machine.succeed("sudo -u alice -i fortify version")) +# To check hakurei's version: +print(machine.succeed("sudo -u alice -i hakurei version")) # Wait for Sway to complete startup: machine.wait_for_file("/run/user/1000/wayland-1") machine.wait_for_file("/tmp/sway-ipc.sock") # Prepare fpkg directory: -machine.succeed("install -dm 0700 -o alice -g users /var/lib/fortify/1000") +machine.succeed("install -dm 0700 -o alice -g users /var/lib/hakurei/1000") # Install fpkg app: swaymsg("exec fpkg -v install /etc/foot.pkg && touch /tmp/fpkg-install-done") @@ -88,9 +88,9 @@ machine.wait_for_file("/tmp/fpkg-install-done") # Start app (foot) with Wayland enablement: swaymsg("exec fpkg -v start org.codeberg.dnkl.foot") -wait_for_window("fortify@machine-foot") +wait_for_window("hakurei@machine-foot") machine.send_chars("clear; wayland-info && touch /tmp/success-client\n") -machine.wait_for_file("/tmp/fortify.1000/tmpdir/2/success-client") +machine.wait_for_file("/tmp/hakurei.1000/tmpdir/2/success-client") collect_state_ui("app_wayland") check_state("foot", 13) # Verify acl on XDG_RUNTIME_DIR: @@ -104,5 +104,5 @@ machine.wait_until_fails("getfacl --absolute-names --omit-header --numeric /run/ swaymsg("exit", succeed=False) machine.wait_for_file("/tmp/sway-exit-ok") -# Print fortify runDir contents: -print(machine.succeed("find /run/user/1000/fortify")) \ No newline at end of file +# Print hakurei runDir contents: +print(machine.succeed("find /run/user/1000/hakurei")) \ No newline at end of file diff --git a/cmd/fpkg/with.go b/cmd/fpkg/with.go index 9de1a39..ffacec7 100644 --- a/cmd/fpkg/with.go +++ b/cmd/fpkg/with.go @@ -5,17 +5,17 @@ import ( "path" "strings" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" ) func withNixDaemon( ctx context.Context, - action string, command []string, net bool, updateConfig func(config *fst.Config) *fst.Config, + action string, command []string, net bool, updateConfig func(config *hst.Config) *hst.Config, app *appInfo, pathSet *appPathSet, dropShell bool, beforeFail func(), ) { - mustRunAppDropShell(ctx, updateConfig(&fst.Config{ + mustRunAppDropShell(ctx, updateConfig(&hst.Config{ ID: app.ID, Path: shellPath, @@ -31,24 +31,24 @@ func withNixDaemon( " && pkill nix-daemon", }, - Username: "fortify", + Username: "hakurei", Shell: shellPath, Data: pathSet.homeDir, Dir: path.Join("/data/data", app.ID), - ExtraPerms: []*fst.ExtraPermConfig{ + ExtraPerms: []*hst.ExtraPermConfig{ {Path: dataHome, Execute: true}, {Ensure: true, Path: pathSet.baseDir, Read: true, Write: true, Execute: true}, }, Identity: app.Identity, - Container: &fst.ContainerConfig{ + Container: &hst.ContainerConfig{ Hostname: formatHostname(app.Name) + "-" + action, Userns: true, // nix sandbox requires userns Net: net, Seccomp: seccomp.FilterMultiarch, Tty: dropShell, - Filesystem: []*fst.FilesystemConfig{ + Filesystem: []*hst.FilesystemConfig{ {Src: pathSet.nixPath, Dst: "/nix", Write: true, Must: true}, }, Link: [][2]string{ @@ -66,7 +66,7 @@ func withCacheDir( ctx context.Context, action string, command []string, workDir string, app *appInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) { - mustRunAppDropShell(ctx, &fst.Config{ + mustRunAppDropShell(ctx, &hst.Config{ ID: app.ID, Path: shellPath, @@ -76,7 +76,7 @@ func withCacheDir( Shell: shellPath, Data: pathSet.cacheDir, // this also ensures cacheDir via shim Dir: path.Join("/data/data", app.ID, "cache"), - ExtraPerms: []*fst.ExtraPermConfig{ + ExtraPerms: []*hst.ExtraPermConfig{ {Path: dataHome, Execute: true}, {Ensure: true, Path: pathSet.baseDir, Read: true, Write: true, Execute: true}, {Path: workDir, Execute: true}, @@ -84,13 +84,13 @@ func withCacheDir( Identity: app.Identity, - Container: &fst.ContainerConfig{ + Container: &hst.ContainerConfig{ Hostname: formatHostname(app.Name) + "-" + action, Seccomp: seccomp.FilterMultiarch, Tty: dropShell, - Filesystem: []*fst.FilesystemConfig{ + Filesystem: []*hst.FilesystemConfig{ {Src: path.Join(workDir, "nix"), Dst: "/nix", Must: true}, - {Src: workDir, Dst: path.Join(fst.Tmp, "bundle"), Must: true}, + {Src: workDir, Dst: path.Join(hst.Tmp, "bundle"), Must: true}, }, Link: [][2]string{ {app.CurrentSystem, "/run/current-system"}, @@ -103,7 +103,7 @@ func withCacheDir( }, dropShell, beforeFail) } -func mustRunAppDropShell(ctx context.Context, config *fst.Config, dropShell bool, beforeFail func()) { +func mustRunAppDropShell(ctx context.Context, config *hst.Config, dropShell bool, beforeFail func()) { if dropShell { config.Args = []string{shellPath, "-l"} mustRunApp(ctx, config, beforeFail) diff --git a/cmd/fsu/main.go b/cmd/hsu/main.go similarity index 79% rename from cmd/fsu/main.go rename to cmd/hsu/main.go index 33ecbf4..cefcad4 100644 --- a/cmd/fsu/main.go +++ b/cmd/hsu/main.go @@ -13,17 +13,17 @@ import ( ) const ( - fsuConfFile = "/etc/fsurc" - envShim = "FORTIFY_SHIM" - envAID = "FORTIFY_APP_ID" - envGroups = "FORTIFY_GROUPS" + hsuConfFile = "/etc/hsurc" + envShim = "HAKUREI_SHIM" + envAID = "HAKUREI_APP_ID" + envGroups = "HAKUREI_GROUPS" PR_SET_NO_NEW_PRIVS = 0x26 ) func main() { log.SetFlags(0) - log.SetPrefix("fsu: ") + log.SetPrefix("hsu: ") log.SetOutput(os.Stderr) if os.Geteuid() != 0 { @@ -40,9 +40,9 @@ func main() { if p, err := os.Readlink(pexe); err != nil { log.Fatalf("cannot read parent executable path: %v", err) } else if strings.HasSuffix(p, " (deleted)") { - log.Fatal("fortify executable has been deleted") - } else if p != mustCheckPath(fmain) && p != mustCheckPath(fpkg) { - log.Fatal("this program must be started by fortify") + log.Fatal("hakurei executable has been deleted") + } else if p != mustCheckPath(hmain) && p != mustCheckPath(fpkg) { + log.Fatal("this program must be started by hakurei") } else { toolPath = p } @@ -52,27 +52,27 @@ func main() { // aid uid := 1000000 - // refuse to run if fsurc is not protected correctly - if s, err := os.Stat(fsuConfFile); err != nil { + // refuse to run if hsurc is not protected correctly + if s, err := os.Stat(hsuConfFile); err != nil { log.Fatal(err) } else if s.Mode().Perm() != 0400 { - log.Fatal("bad fsurc perm") + log.Fatal("bad hsurc perm") } else if st := s.Sys().(*syscall.Stat_t); st.Uid != 0 || st.Gid != 0 { - log.Fatal("fsurc must be owned by uid 0") + log.Fatal("hsurc must be owned by uid 0") } // authenticate before accepting user input - if f, err := os.Open(fsuConfFile); err != nil { + if f, err := os.Open(hsuConfFile); err != nil { log.Fatal(err) } else if fid, ok := mustParseConfig(f, puid); !ok { - log.Fatalf("uid %d is not in the fsurc file", puid) + log.Fatalf("uid %d is not in the hsurc file", puid) } else { uid += fid * 10000 } // allowed aid range 0 to 9999 if as, ok := os.LookupEnv(envAID); !ok { - log.Fatal("FORTIFY_APP_ID not set") + log.Fatal("HAKUREI_APP_ID not set") } else if aid, err := parseUint32Fast(as); err != nil || aid < 0 || aid > 9999 { log.Fatal("invalid aid") } else { @@ -82,12 +82,12 @@ func main() { // pass through setup fd to shim var shimSetupFd string if s, ok := os.LookupEnv(envShim); !ok { - // fortify requests target uid + // hakurei requests target uid // print resolved uid and exit fmt.Print(uid) os.Exit(0) } else if len(s) != 1 || s[0] > '9' || s[0] < '3' { - log.Fatal("FORTIFY_SHIM holds an invalid value") + log.Fatal("HAKUREI_SHIM holds an invalid value") } else { shimSetupFd = s } @@ -124,7 +124,7 @@ func main() { panic("uid out of bounds") } - // careful! users in the allowlist is effectively allowed to drop groups via fsu + // careful! users in the allowlist is effectively allowed to drop groups via hsu if err := syscall.Setresgid(uid, uid, uid); err != nil { log.Fatalf("cannot set gid: %v", err) @@ -138,7 +138,7 @@ func main() { if _, _, errno := syscall.AllThreadsSyscall(syscall.SYS_PRCTL, PR_SET_NO_NEW_PRIVS, 1, 0); errno != 0 { log.Fatalf("cannot set no_new_privs flag: %s", errno.Error()) } - if err := syscall.Exec(toolPath, []string{"fortify", "shim"}, []string{envShim + "=" + shimSetupFd}); err != nil { + if err := syscall.Exec(toolPath, []string{"hakurei", "shim"}, []string{envShim + "=" + shimSetupFd}); err != nil { log.Fatalf("cannot start shim: %v", err) } diff --git a/cmd/fsu/package.nix b/cmd/hsu/package.nix similarity index 51% rename from cmd/fsu/package.nix rename to cmd/hsu/package.nix index ab5c4b4..96ec563 100644 --- a/cmd/fsu/package.nix +++ b/cmd/hsu/package.nix @@ -1,19 +1,19 @@ { lib, buildGoModule, - fortify ? abort "fortify package required", + hakurei ? abort "hakurei package required", }: buildGoModule { - pname = "${fortify.pname}-fsu"; - inherit (fortify) version; + pname = "${hakurei.pname}-hsu"; + inherit (hakurei) version; src = ./.; - inherit (fortify) vendorHash; + inherit (hakurei) vendorHash; env.CGO_ENABLED = 0; preBuild = '' - go mod init fsu >& /dev/null + go mod init hsu >& /dev/null ''; ldflags = @@ -24,7 +24,7 @@ buildGoModule { ) [ "-s -w" ] { - fmain = "${fortify}/libexec/fortify"; - fpkg = "${fortify}/libexec/fpkg"; + hmain = "${hakurei}/libexec/hakurei"; + fpkg = "${hakurei}/libexec/fpkg"; }; } diff --git a/cmd/fsu/parse.go b/cmd/hsu/parse.go similarity index 94% rename from cmd/fsu/parse.go rename to cmd/hsu/parse.go index 4b3e22a..35704c6 100644 --- a/cmd/fsu/parse.go +++ b/cmd/hsu/parse.go @@ -50,7 +50,7 @@ func parseConfig(r io.Reader, puid int) (fid int, ok bool, err error) { if ok { // allowed fid range 0 to 99 if fid, err = parseUint32Fast(lf[1]); err != nil || fid < 0 || fid > 99 { - return -1, false, fmt.Errorf("invalid fortify uid on line %d", line) + return -1, false, fmt.Errorf("invalid identity on line %d", line) } return } diff --git a/cmd/fsu/parse_test.go b/cmd/hsu/parse_test.go similarity index 96% rename from cmd/fsu/parse_test.go rename to cmd/hsu/parse_test.go index baa239b..d5d3946 100644 --- a/cmd/fsu/parse_test.go +++ b/cmd/hsu/parse_test.go @@ -65,7 +65,7 @@ func Test_parseConfig(t *testing.T) { {"empty", 0, -1, "", ``}, {"invalid field", 0, -1, "invalid entry on line 1", `9`}, {"invalid puid", 0, -1, "invalid parent uid on line 1", `f 9`}, - {"invalid fid", 1000, -1, "invalid fortify uid on line 1", `1000 f`}, + {"invalid fid", 1000, -1, "invalid identity on line 1", `1000 f`}, {"match", 1000, 0, "", `1000 0`}, } diff --git a/cmd/fsu/path.go b/cmd/hsu/path.go similarity index 93% rename from cmd/fsu/path.go rename to cmd/hsu/path.go index 6ed5600..b4a7756 100644 --- a/cmd/fsu/path.go +++ b/cmd/hsu/path.go @@ -8,7 +8,7 @@ import ( const compPoison = "INVALIDINVALIDINVALIDINVALIDINVALID" var ( - fmain = compPoison + hmain = compPoison fpkg = compPoison ) diff --git a/command/builder_test.go b/command/builder_test.go index 22ce7ae..f7a7a8f 100644 --- a/command/builder_test.go +++ b/command/builder_test.go @@ -3,7 +3,7 @@ package command_test import ( "testing" - "git.gensokyo.uk/security/fortify/command" + "git.gensokyo.uk/security/hakurei/command" ) func TestBuild(t *testing.T) { diff --git a/command/parse_test.go b/command/parse_test.go index 579edd9..b9150a3 100644 --- a/command/parse_test.go +++ b/command/parse_test.go @@ -10,7 +10,7 @@ import ( "strings" "testing" - "git.gensokyo.uk/security/fortify/command" + "git.gensokyo.uk/security/hakurei/command" ) func TestParse(t *testing.T) { diff --git a/dbus/address_test.go b/dbus/address_test.go index a5d9ed9..8b66d14 100644 --- a/dbus/address_test.go +++ b/dbus/address_test.go @@ -5,7 +5,7 @@ import ( "reflect" "testing" - "git.gensokyo.uk/security/fortify/dbus" + "git.gensokyo.uk/security/hakurei/dbus" ) func TestParse(t *testing.T) { diff --git a/dbus/config_test.go b/dbus/config_test.go index 0952019..2d5b24e 100644 --- a/dbus/config_test.go +++ b/dbus/config_test.go @@ -9,7 +9,7 @@ import ( "strings" "testing" - "git.gensokyo.uk/security/fortify/dbus" + "git.gensokyo.uk/security/hakurei/dbus" ) func TestConfig_Args(t *testing.T) { diff --git a/dbus/dbus_test.go b/dbus/dbus_test.go index d1a9775..7f57cea 100644 --- a/dbus/dbus_test.go +++ b/dbus/dbus_test.go @@ -13,11 +13,11 @@ import ( "testing" "time" - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/helper" - "git.gensokyo.uk/security/fortify/internal" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/helper" + "git.gensokyo.uk/security/hakurei/internal" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/sandbox" ) func TestFinalise(t *testing.T) { @@ -208,6 +208,6 @@ func TestHelperInit(t *testing.T) { if len(os.Args) != 5 || os.Args[4] != "init" { return } - sandbox.SetOutput(fmsg.Output{}) - sandbox.Init(fmsg.Prepare, internal.InstallFmsg) + sandbox.SetOutput(hlog.Output{}) + sandbox.Init(hlog.Prepare, internal.InstallFmsg) } diff --git a/dbus/proc.go b/dbus/proc.go index d6fe0b0..1b1a51c 100644 --- a/dbus/proc.go +++ b/dbus/proc.go @@ -11,10 +11,10 @@ import ( "strconv" "syscall" - "git.gensokyo.uk/security/fortify/helper" - "git.gensokyo.uk/security/fortify/ldd" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/helper" + "git.gensokyo.uk/security/hakurei/ldd" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" ) // Start starts and configures a D-Bus proxy process. @@ -67,7 +67,7 @@ func (p *Proxy) Start() error { p.final, true, argF, func(container *sandbox.Container) { container.Seccomp |= seccomp.FilterMultiarch - container.Hostname = "fortify-dbus" + container.Hostname = "hakurei-dbus" container.CommandContext = p.CommandContext if p.output != nil { container.Stdout, container.Stderr = p.output, p.output diff --git a/dbus/proxy.go b/dbus/proxy.go index c44971e..cc0af1e 100644 --- a/dbus/proxy.go +++ b/dbus/proxy.go @@ -8,7 +8,7 @@ import ( "sync" "syscall" - "git.gensokyo.uk/security/fortify/helper" + "git.gensokyo.uk/security/hakurei/helper" ) // ProxyName is the file name or path to the proxy program. diff --git a/dbus/samples_test.go b/dbus/samples_test.go index 31c163d..b2284c5 100644 --- a/dbus/samples_test.go +++ b/dbus/samples_test.go @@ -3,7 +3,7 @@ package dbus_test import ( "sync" - "git.gensokyo.uk/security/fortify/dbus" + "git.gensokyo.uk/security/hakurei/dbus" ) const ( diff --git a/dbus/stub_test.go b/dbus/stub_test.go index 13a7d1d..b05efd6 100644 --- a/dbus/stub_test.go +++ b/dbus/stub_test.go @@ -3,7 +3,7 @@ package dbus_test import ( "testing" - "git.gensokyo.uk/security/fortify/helper" + "git.gensokyo.uk/security/hakurei/helper" ) func TestHelperStub(t *testing.T) { helper.InternalHelperStub() } diff --git a/dist/comp/_fortify b/dist/comp/_hakurei similarity index 63% rename from dist/comp/_fortify rename to dist/comp/_hakurei index 2eeaf84..a855426 100644 --- a/dist/comp/_fortify +++ b/dist/comp/_hakurei @@ -1,11 +1,11 @@ -#compdef fortify +#compdef hakurei -_fortify_app() { - __fortify_files +_hakurei_app() { + __hakurei_files return $? } -_fortify_run() { +_hakurei_run() { _arguments \ '--id[Reverse-DNS style Application identifier, leave empty to inherit instance identifier]:id' \ '-a[Application identity]: :_numbers' \ @@ -22,26 +22,26 @@ _fortify_run() { '--dbus-log[Force buffered logging in the D-Bus proxy]' } -_fortify_ps() { +_hakurei_ps() { _arguments \ '--short[List instances only]' } -_fortify_show() { +_hakurei_show() { _alternative \ - 'instances:domains:__fortify_instances' \ - 'files:files:__fortify_files' + 'instances:domains:__hakurei_instances' \ + 'files:files:__hakurei_files' } -__fortify_files() { - _files -g "*.(json|ftfy)" +__hakurei_files() { + _files -g "*.(json|hakurei)" return $? } -__fortify_instances() { +__hakurei_instances() { local -a out shift -p - out=( ${(f)"$(_call_program commands fortify ps --short 2>&1)"} ) + out=( ${(f)"$(_call_program commands hakurei ps --short 2>&1)"} ) if (( $#out == 0 )); then _message "No active instances" else @@ -50,26 +50,26 @@ __fortify_instances() { return $? } -(( $+functions[_fortify_commands] )) || _fortify_commands() +(( $+functions[_hakurei_commands] )) || _hakurei_commands() { - local -a _fortify_cmds - _fortify_cmds=( - "app:Launch app defined by the specified config file" + local -a _hakurei_cmds + _hakurei_cmds=( + "app:Load app from configuration file" "run:Configure and start a permissive default sandbox" - "show:Show the contents of an app configuration" - "ps:List active apps and their state" - "version:Show fortify version" + "show:Show live or local app configuration" + "ps:List active instances" + "version:Display version information" "license:Show full license text" "template:Produce a config template" "help:Show help message" ) if (( CURRENT == 1 )); then - _describe -t commands 'action' _fortify_cmds || compadd "$@" + _describe -t commands 'action' _hakurei_cmds || compadd "$@" else local curcontext="$curcontext" - cmd="${${_fortify_cmds[(r)$words[1]:*]%%:*}}" - if (( $+functions[_fortify_$cmd] )); then - _fortify_$cmd + cmd="${${_hakurei_cmds[(r)$words[1]:*]%%:*}}" + if (( $+functions[_hakurei_$cmd] )); then + _hakurei_$cmd else _message "no more options" fi @@ -77,6 +77,6 @@ __fortify_instances() { } _arguments -C \ - '-v[Verbose output]' \ + '-v[Increase log verbosity]' \ '--json[Serialise output in JSON when applicable]' \ - '*::fortify command:_fortify_commands' \ No newline at end of file + '*::hakurei command:_hakurei_commands' \ No newline at end of file diff --git a/dist/fsurc.default b/dist/hsurc.default similarity index 100% rename from dist/fsurc.default rename to dist/hsurc.default diff --git a/dist/install.sh b/dist/install.sh index bd1e8a2..37f5508 100755 --- a/dist/install.sh +++ b/dist/install.sh @@ -1,12 +1,12 @@ #!/bin/sh cd "$(dirname -- "$0")" || exit 1 -install -vDm0755 "bin/fortify" "${FORTIFY_INSTALL_PREFIX}/usr/bin/fortify" -install -vDm0755 "bin/fpkg" "${FORTIFY_INSTALL_PREFIX}/usr/bin/fpkg" +install -vDm0755 "bin/hakurei" "${HAKUREI_INSTALL_PREFIX}/usr/bin/hakurei" +install -vDm0755 "bin/fpkg" "${HAKUREI_INSTALL_PREFIX}/usr/bin/fpkg" -install -vDm6511 "bin/fsu" "${FORTIFY_INSTALL_PREFIX}/usr/bin/fsu" -if [ ! -f "${FORTIFY_INSTALL_PREFIX}/etc/fsurc" ]; then - install -vDm0400 "fsurc.default" "${FORTIFY_INSTALL_PREFIX}/etc/fsurc" +install -vDm6511 "bin/hsu" "${HAKUREI_INSTALL_PREFIX}/usr/bin/hsu" +if [ ! -f "${HAKUREI_INSTALL_PREFIX}/etc/hsurc" ]; then + install -vDm0400 "hsurc.default" "${HAKUREI_INSTALL_PREFIX}/etc/hsurc" fi -install -vDm0644 "comp/_fortify" "${FORTIFY_INSTALL_PREFIX}/usr/share/zsh/site-functions/_fortify" \ No newline at end of file +install -vDm0644 "comp/_hakurei" "${HAKUREI_INSTALL_PREFIX}/usr/share/zsh/site-functions/_hakurei" \ No newline at end of file diff --git a/dist/release.sh b/dist/release.sh index a50c661..90f44c0 100755 --- a/dist/release.sh +++ b/dist/release.sh @@ -1,18 +1,18 @@ #!/bin/sh -e cd "$(dirname -- "$0")/.." -VERSION="${FORTIFY_VERSION:-untagged}" -pname="fortify-${VERSION}" +VERSION="${HAKUREI_VERSION:-untagged}" +pname="hakurei-${VERSION}" out="dist/${pname}" mkdir -p "${out}" -cp -v "README.md" "dist/fsurc.default" "dist/install.sh" "${out}" +cp -v "README.md" "dist/hsurc.default" "dist/install.sh" "${out}" cp -rv "dist/comp" "${out}" go generate ./... go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -buildid= -extldflags '-static' - -X git.gensokyo.uk/security/fortify/internal.version=${VERSION} - -X git.gensokyo.uk/security/fortify/internal.fsu=/usr/bin/fsu - -X main.fmain=/usr/bin/fortify + -X git.gensokyo.uk/security/hakurei/internal.version=${VERSION} + -X git.gensokyo.uk/security/hakurei/internal.hsu=/usr/bin/hsu + -X main.hmain=/usr/bin/hakurei -X main.fpkg=/usr/bin/fpkg" ./... rm -f "./${out}.tar.gz" && tar -C dist -czf "${out}.tar.gz" "${pname}" diff --git a/flake.nix b/flake.nix index 7aee0e1..683f6b3 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "fortify sandbox tool and nixos module"; + description = "hakurei container tool and nixos module"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; @@ -27,7 +27,7 @@ nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); in { - nixosModules.fortify = import ./nixos.nix self.packages; + nixosModules.hakurei = import ./nixos.nix self.packages; buildPackage = forAllSystems ( system: @@ -57,7 +57,7 @@ ; in { - fortify = callPackage ./test { inherit system self; }; + hakurei = callPackage ./test { inherit system self; }; race = callPackage ./test { inherit system self; withRace = true; @@ -105,12 +105,12 @@ packages = forAllSystems ( system: let - inherit (self.packages.${system}) fortify fsu; + inherit (self.packages.${system}) hakurei hsu; pkgs = nixpkgsFor.${system}; in { - default = fortify; - fortify = pkgs.pkgsStatic.callPackage ./package.nix { + default = hakurei; + hakurei = pkgs.pkgsStatic.callPackage ./package.nix { inherit (pkgs) # passthru.buildInputs go @@ -131,20 +131,20 @@ coreutils ; }; - fsu = pkgs.callPackage ./cmd/fsu/package.nix { inherit (self.packages.${system}) fortify; }; + hsu = pkgs.callPackage ./cmd/hsu/package.nix { inherit (self.packages.${system}) hakurei; }; - dist = pkgs.runCommand "${fortify.name}-dist" { buildInputs = fortify.targetPkgs ++ [ pkgs.pkgsStatic.musl ]; } '' + dist = pkgs.runCommand "${hakurei.name}-dist" { buildInputs = hakurei.targetPkgs ++ [ pkgs.pkgsStatic.musl ]; } '' # go requires XDG_CACHE_HOME for the build cache export XDG_CACHE_HOME="$(mktemp -d)" # get a different workdir as go does not like /build cd $(mktemp -d) \ - && cp -r ${fortify.src}/. . \ - && chmod +w cmd && cp -r ${fsu.src}/. cmd/fsu/ \ + && cp -r ${hakurei.src}/. . \ + && chmod +w cmd && cp -r ${hsu.src}/. cmd/hsu/ \ && chmod -R +w . - export FORTIFY_VERSION="v${fortify.version}" - ./dist/release.sh && mkdir $out && cp -v "dist/fortify-$FORTIFY_VERSION.tar.gz"* $out + export HAKUREI_VERSION="v${hakurei.version}" + ./dist/release.sh && mkdir $out && cp -v "dist/hakurei-$HAKUREI_VERSION.tar.gz"* $out ''; } ); @@ -152,12 +152,12 @@ devShells = forAllSystems ( system: let - inherit (self.packages.${system}) fortify; + inherit (self.packages.${system}) hakurei; pkgs = nixpkgsFor.${system}; in { - default = pkgs.mkShell { buildInputs = fortify.targetPkgs; }; - withPackage = pkgs.mkShell { buildInputs = [ fortify ] ++ fortify.targetPkgs; }; + default = pkgs.mkShell { buildInputs = hakurei.targetPkgs; }; + withPackage = pkgs.mkShell { buildInputs = [ hakurei ] ++ hakurei.targetPkgs; }; generateDoc = let @@ -174,7 +174,7 @@ cleanEval = lib.filterAttrsRecursive (n: _: n != "_module") eval; in pkgs.nixosOptionsDoc { inherit (cleanEval) options; }; - docText = pkgs.runCommand "fortify-module-docs.md" { } '' + docText = pkgs.runCommand "hakurei-module-docs.md" { } '' cat ${doc.optionsCommonMark} > $out sed -i '/*Declared by:*/,+1 d' $out ''; diff --git a/go.mod b/go.mod index 368c58c..79b18f0 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,3 @@ -module git.gensokyo.uk/security/fortify +module git.gensokyo.uk/security/hakurei -go 1.23 +go 1.24 diff --git a/helper/args_test.go b/helper/args_test.go index 7eca66b..8547f4c 100644 --- a/helper/args_test.go +++ b/helper/args_test.go @@ -7,7 +7,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/fortify/helper" + "git.gensokyo.uk/security/hakurei/helper" ) func TestArgsString(t *testing.T) { diff --git a/helper/cmd.go b/helper/cmd.go index bfdd348..55fd52e 100644 --- a/helper/cmd.go +++ b/helper/cmd.go @@ -10,7 +10,7 @@ import ( "sync" "syscall" - "git.gensokyo.uk/security/fortify/helper/proc" + "git.gensokyo.uk/security/hakurei/helper/proc" ) // NewDirect initialises a new direct Helper instance with wt as the null-terminated argument writer. @@ -67,17 +67,17 @@ func (h *helperCmd) Start() error { h.Env = slices.Grow(h.Env, 2) if h.useArgsFd { - h.Env = append(h.Env, FortifyHelper+"=1") + h.Env = append(h.Env, HakureiHelper+"=1") } else { - h.Env = append(h.Env, FortifyHelper+"=0") + h.Env = append(h.Env, HakureiHelper+"=0") } if h.useStatFd { - h.Env = append(h.Env, FortifyStatus+"=1") + h.Env = append(h.Env, HakureiStatus+"=1") // stat is populated on fulfill h.Cancel = func() error { return h.stat.Close() } } else { - h.Env = append(h.Env, FortifyStatus+"=0") + h.Env = append(h.Env, HakureiStatus+"=0") } return proc.Fulfill(h.helperFiles.ctx, &h.ExtraFiles, h.Cmd.Start, h.files, h.extraFiles) diff --git a/helper/cmd_test.go b/helper/cmd_test.go index baad031..555e246 100644 --- a/helper/cmd_test.go +++ b/helper/cmd_test.go @@ -8,7 +8,7 @@ import ( "os/exec" "testing" - "git.gensokyo.uk/security/fortify/helper" + "git.gensokyo.uk/security/hakurei/helper" ) func TestCmd(t *testing.T) { @@ -22,9 +22,9 @@ func TestCmd(t *testing.T) { }) t.Run("valid new helper nil check", func(t *testing.T) { - if got := helper.NewDirect(t.Context(), "fortify", argsWt, false, argF, nil, nil); got == nil { + if got := helper.NewDirect(t.Context(), "hakurei", argsWt, false, argF, nil, nil); got == nil { t.Errorf("NewDirect(%q, %q) got nil", - argsWt, "fortify") + argsWt, "hakurei") return } }) diff --git a/helper/container.go b/helper/container.go index 6872f55..e0c6fc8 100644 --- a/helper/container.go +++ b/helper/container.go @@ -9,8 +9,8 @@ import ( "slices" "sync" - "git.gensokyo.uk/security/fortify/helper/proc" - "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/hakurei/helper/proc" + "git.gensokyo.uk/security/hakurei/sandbox" ) // New initialises a Helper instance with wt as the null-terminated argument writer. @@ -54,17 +54,17 @@ func (h *helperContainer) Start() error { h.Env = slices.Grow(h.Env, 2) if h.useArgsFd { - h.Env = append(h.Env, FortifyHelper+"=1") + h.Env = append(h.Env, HakureiHelper+"=1") } else { - h.Env = append(h.Env, FortifyHelper+"=0") + h.Env = append(h.Env, HakureiHelper+"=0") } if h.useStatFd { - h.Env = append(h.Env, FortifyStatus+"=1") + h.Env = append(h.Env, HakureiStatus+"=1") // stat is populated on fulfill h.Cancel = func(*exec.Cmd) error { return h.stat.Close() } } else { - h.Env = append(h.Env, FortifyStatus+"=0") + h.Env = append(h.Env, HakureiStatus+"=0") } return proc.Fulfill(h.helperFiles.ctx, &h.ExtraFiles, func() error { diff --git a/helper/container_test.go b/helper/container_test.go index 088237c..c6341c6 100644 --- a/helper/container_test.go +++ b/helper/container_test.go @@ -7,10 +7,10 @@ import ( "os/exec" "testing" - "git.gensokyo.uk/security/fortify/helper" - "git.gensokyo.uk/security/fortify/internal" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/hakurei/helper" + "git.gensokyo.uk/security/hakurei/internal" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/sandbox" ) func TestContainer(t *testing.T) { @@ -25,9 +25,9 @@ func TestContainer(t *testing.T) { }) t.Run("valid new helper nil check", func(t *testing.T) { - if got := helper.New(t.Context(), "fortify", argsWt, false, argF, nil, nil); got == nil { + if got := helper.New(t.Context(), "hakurei", argsWt, false, argF, nil, nil); got == nil { t.Errorf("New(%q, %q) got nil", - argsWt, "fortify") + argsWt, "hakurei") return } }) @@ -52,6 +52,6 @@ func TestHelperInit(t *testing.T) { if len(os.Args) != 5 || os.Args[4] != "init" { return } - sandbox.SetOutput(fmsg.Output{}) - sandbox.Init(fmsg.Prepare, func(bool) { internal.InstallFmsg(false) }) + sandbox.SetOutput(hlog.Output{}) + sandbox.Init(hlog.Prepare, func(bool) { internal.InstallFmsg(false) }) } diff --git a/helper/helper.go b/helper/helper.go index 8a25fee..fe0b164 100644 --- a/helper/helper.go +++ b/helper/helper.go @@ -8,16 +8,16 @@ import ( "os" "time" - "git.gensokyo.uk/security/fortify/helper/proc" + "git.gensokyo.uk/security/hakurei/helper/proc" ) var WaitDelay = 2 * time.Second const ( - // FortifyHelper is set to 1 when args fd is enabled and 0 otherwise. - FortifyHelper = "FORTIFY_HELPER" - // FortifyStatus is set to 1 when stat fd is enabled and 0 otherwise. - FortifyStatus = "FORTIFY_STATUS" + // HakureiHelper is set to 1 when args fd is enabled and 0 otherwise. + HakureiHelper = "HAKUREI_HELPER" + // HakureiStatus is set to 1 when stat fd is enabled and 0 otherwise. + HakureiStatus = "HAKUREI_STATUS" ) type Helper interface { diff --git a/helper/helper_test.go b/helper/helper_test.go index be85304..f2ae5c2 100644 --- a/helper/helper_test.go +++ b/helper/helper_test.go @@ -11,13 +11,13 @@ import ( "testing" "time" - "git.gensokyo.uk/security/fortify/helper" + "git.gensokyo.uk/security/hakurei/helper" ) var ( wantArgs = []string{ "unix:path=/run/dbus/system_bus_socket", - "/tmp/fortify.1971/12622d846cc3fe7b4c10359d01f0eb47/system_bus_socket", + "/tmp/hakurei.1971/12622d846cc3fe7b4c10359d01f0eb47/system_bus_socket", "--filter", "--talk=org.bluez", "--talk=org.freedesktop.Avahi", diff --git a/helper/stub.go b/helper/stub.go index ae839d7..bd0e1b5 100644 --- a/helper/stub.go +++ b/helper/stub.go @@ -14,13 +14,13 @@ import ( func InternalHelperStub() { // this test mocks the helper process var ap, sp string - if v, ok := os.LookupEnv(FortifyHelper); !ok { + if v, ok := os.LookupEnv(HakureiHelper); !ok { return } else { ap = v } - if v, ok := os.LookupEnv(FortifyStatus); !ok { - panic(FortifyStatus) + if v, ok := os.LookupEnv(HakureiStatus); !ok { + panic(HakureiStatus) } else { sp = v } diff --git a/helper/stub_test.go b/helper/stub_test.go index 1de830e..52973f6 100644 --- a/helper/stub_test.go +++ b/helper/stub_test.go @@ -3,7 +3,7 @@ package helper_test import ( "testing" - "git.gensokyo.uk/security/fortify/helper" + "git.gensokyo.uk/security/hakurei/helper" ) func TestHelperStub(t *testing.T) { helper.InternalHelperStub() } diff --git a/fst/config.go b/hst/config.go similarity index 93% rename from fst/config.go rename to hst/config.go index 62c8570..1c3390b 100644 --- a/fst/config.go +++ b/hst/config.go @@ -1,12 +1,12 @@ -// Package fst exports shared fortify types. -package fst +// Package hst exports shared types for invoking hakurei. +package hst import ( - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/system" ) -const Tmp = "/.fortify" +const Tmp = "/.hakurei" // Config is used to seal an app implementation. type Config struct { diff --git a/fst/container.go b/hst/container.go similarity index 96% rename from fst/container.go rename to hst/container.go index 1190caa..796b82e 100644 --- a/fst/container.go +++ b/hst/container.go @@ -1,7 +1,7 @@ -package fst +package hst import ( - "git.gensokyo.uk/security/fortify/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" ) type ( diff --git a/fst/info.go b/hst/info.go similarity index 79% rename from fst/info.go rename to hst/info.go index 8f7fbdb..d887cf2 100644 --- a/fst/info.go +++ b/hst/info.go @@ -1,4 +1,4 @@ -package fst +package hst type Info struct { User int `json:"user"` diff --git a/fst/template.go b/hst/template.go similarity index 86% rename from fst/template.go rename to hst/template.go index 0ca928a..4d054a4 100644 --- a/fst/template.go +++ b/hst/template.go @@ -1,9 +1,9 @@ -package fst +package hst import ( - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/system" ) // Template returns a fully populated instance of Config. @@ -46,11 +46,11 @@ func Template() *Config { Username: "chronos", Shell: "/run/current-system/sw/bin/zsh", - Data: "/var/lib/fortify/u0/org.chromium.Chromium", + Data: "/var/lib/hakurei/u0/org.chromium.Chromium", Dir: "/data/data/org.chromium.Chromium", ExtraPerms: []*ExtraPermConfig{ - {Path: "/var/lib/fortify/u0", Ensure: true, Execute: true}, - {Path: "/var/lib/fortify/u0/org.chromium.Chromium", Read: true, Write: true, Execute: true}, + {Path: "/var/lib/hakurei/u0", Ensure: true, Execute: true}, + {Path: "/var/lib/hakurei/u0/org.chromium.Chromium", Read: true, Write: true, Execute: true}, }, Identity: 9, @@ -78,7 +78,7 @@ func Template() *Config { {Src: "/run/current-system"}, {Src: "/run/opengl-driver"}, {Src: "/var/db/nix-channels"}, - {Src: "/var/lib/fortify/u0/org.chromium.Chromium", + {Src: "/var/lib/hakurei/u0/org.chromium.Chromium", Dst: "/data/data/org.chromium.Chromium", Write: true, Must: true}, {Src: "/dev/dri", Device: true}, }, diff --git a/fst/template_test.go b/hst/template_test.go similarity index 88% rename from fst/template_test.go rename to hst/template_test.go index c7fd780..74d258d 100644 --- a/fst/template_test.go +++ b/hst/template_test.go @@ -1,10 +1,10 @@ -package fst_test +package hst_test import ( "encoding/json" "testing" - "git.gensokyo.uk/security/fortify/fst" + "git.gensokyo.uk/security/hakurei/hst" ) func TestTemplate(t *testing.T) { @@ -57,16 +57,16 @@ func TestTemplate(t *testing.T) { }, "username": "chronos", "shell": "/run/current-system/sw/bin/zsh", - "data": "/var/lib/fortify/u0/org.chromium.Chromium", + "data": "/var/lib/hakurei/u0/org.chromium.Chromium", "dir": "/data/data/org.chromium.Chromium", "extra_perms": [ { "ensure": true, - "path": "/var/lib/fortify/u0", + "path": "/var/lib/hakurei/u0", "x": true }, { - "path": "/var/lib/fortify/u0/org.chromium.Chromium", + "path": "/var/lib/hakurei/u0/org.chromium.Chromium", "r": true, "w": true, "x": true @@ -108,7 +108,7 @@ func TestTemplate(t *testing.T) { }, { "dst": "/data/data/org.chromium.Chromium", - "src": "/var/lib/fortify/u0/org.chromium.Chromium", + "src": "/var/lib/hakurei/u0/org.chromium.Chromium", "write": true, "require": true }, @@ -131,7 +131,7 @@ func TestTemplate(t *testing.T) { } }` - if p, err := json.MarshalIndent(fst.Template(), "", "\t"); err != nil { + if p, err := json.MarshalIndent(hst.Template(), "", "\t"); err != nil { t.Fatalf("cannot marshal: %v", err) } else if s := string(p); s != want { t.Fatalf("Template:\n%s\nwant:\n%s", diff --git a/internal/app/app.go b/internal/app/app.go index 325d9f8..902df10 100644 --- a/internal/app/app.go +++ b/internal/app/app.go @@ -5,7 +5,7 @@ import ( "syscall" "time" - "git.gensokyo.uk/security/fortify/fst" + "git.gensokyo.uk/security/hakurei/hst" ) type App interface { @@ -14,7 +14,7 @@ type App interface { // Seal determines the outcome of config as a [SealedApp]. // The value of config might be overwritten and must not be used again. - Seal(config *fst.Config) (SealedApp, error) + Seal(config *hst.Config) (SealedApp, error) String() string } @@ -48,12 +48,12 @@ func (rs *RunState) SetStart() { rs.Time = &now } -// Paths contains environment-dependent paths used by fortify. +// Paths contains environment-dependent paths used by hakurei. type Paths struct { - // path to shared directory (usually `/tmp/fortify.%d`) + // path to shared directory (usually `/tmp/hakurei.%d`) SharePath string `json:"share_path"` // XDG_RUNTIME_DIR value (usually `/run/user/%d`) RuntimePath string `json:"runtime_path"` - // application runtime directory (usually `/run/user/%d/fortify`) + // application runtime directory (usually `/run/user/%d/hakurei`) RunDirPath string `json:"run_dir_path"` } diff --git a/internal/app/id_test.go b/internal/app/id_test.go index f928a48..f8acdab 100644 --- a/internal/app/id_test.go +++ b/internal/app/id_test.go @@ -4,7 +4,7 @@ import ( "errors" "testing" - . "git.gensokyo.uk/security/fortify/internal/app" + . "git.gensokyo.uk/security/hakurei/internal/app" ) func TestParseAppID(t *testing.T) { diff --git a/internal/app/instance/common/container.go b/internal/app/instance/common/container.go index cb3eb59..567a8aa 100644 --- a/internal/app/instance/common/container.go +++ b/internal/app/instance/common/container.go @@ -8,20 +8,20 @@ import ( "path" "syscall" - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/sys" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/sys" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" ) // in practice there should be less than 30 entries added by the runtime; // allocating slightly more as a margin for future expansion const preallocateOpsCount = 1 << 5 -// NewContainer initialises [sandbox.Params] via [fst.ContainerConfig]. +// NewContainer initialises [sandbox.Params] via [hst.ContainerConfig]. // Note that remaining container setup must be queued by the caller. -func NewContainer(s *fst.ContainerConfig, os sys.State, uid, gid *int) (*sandbox.Params, map[string]string, error) { +func NewContainer(s *hst.ContainerConfig, os sys.State, uid, gid *int) (*sandbox.Params, map[string]string, error) { if s == nil { return nil, nil, syscall.EBADE } @@ -67,7 +67,7 @@ func NewContainer(s *fst.ContainerConfig, os sys.State, uid, gid *int) (*sandbox container. Proc("/proc"). - Tmpfs(fst.Tmp, 1<<12, 0755) + Tmpfs(hst.Tmp, 1<<12, 0755) if !s.Device { container.Dev("/dev").Mqueue("/dev/mqueue") diff --git a/internal/app/instance/errors.go b/internal/app/instance/errors.go index b3331e3..51d9cdb 100644 --- a/internal/app/instance/errors.go +++ b/internal/app/instance/errors.go @@ -3,8 +3,8 @@ package instance import ( "syscall" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/app/internal/setuid" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" ) func PrintRunStateErr(whence int, rs *app.RunState, runErr error) (code int) { diff --git a/internal/app/instance/new.go b/internal/app/instance/new.go index cb5e8b2..d1a6230 100644 --- a/internal/app/instance/new.go +++ b/internal/app/instance/new.go @@ -6,9 +6,9 @@ import ( "log" "syscall" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/app/internal/setuid" - "git.gensokyo.uk/security/fortify/internal/sys" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" + "git.gensokyo.uk/security/hakurei/internal/sys" ) const ( diff --git a/internal/app/instance/shim.go b/internal/app/instance/shim.go index bc497ad..8147b7c 100644 --- a/internal/app/instance/shim.go +++ b/internal/app/instance/shim.go @@ -1,6 +1,6 @@ package instance -import "git.gensokyo.uk/security/fortify/internal/app/internal/setuid" +import "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" // ShimMain is the main function of the shim process and runs as the unconstrained target user. func ShimMain() { setuid.ShimMain() } diff --git a/internal/app/internal/setuid/app.go b/internal/app/internal/setuid/app.go index 6af224c..92c90fb 100644 --- a/internal/app/internal/setuid/app.go +++ b/internal/app/internal/setuid/app.go @@ -5,10 +5,10 @@ import ( "fmt" "sync" - "git.gensokyo.uk/security/fortify/fst" - . "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sys" + "git.gensokyo.uk/security/hakurei/hst" + . "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/internal/sys" ) func New(ctx context.Context, os sys.State) (App, error) { @@ -52,7 +52,7 @@ func (a *app) String() string { return fmt.Sprintf("(unsealed app %s)", a.id) } -func (a *app) Seal(config *fst.Config) (SealedApp, error) { +func (a *app) Seal(config *hst.Config) (SealedApp, error) { a.mu.Lock() defer a.mu.Unlock() @@ -60,7 +60,7 @@ func (a *app) Seal(config *fst.Config) (SealedApp, error) { panic("app sealed twice") } if config == nil { - return nil, fmsg.WrapError(ErrConfig, + return nil, hlog.WrapErr(ErrConfig, "attempted to seal app with nil config") } diff --git a/internal/app/internal/setuid/app_nixos_test.go b/internal/app/internal/setuid/app_nixos_test.go index 08f7fe7..975d889 100644 --- a/internal/app/internal/setuid/app_nixos_test.go +++ b/internal/app/internal/setuid/app_nixos_test.go @@ -1,25 +1,25 @@ package setuid_test import ( - "git.gensokyo.uk/security/fortify/acl" - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/system" ) var testCasesNixos = []sealTestCase{ { "nixos chromium direct wayland", new(stubNixOS), - &fst.Config{ + &hst.Config{ ID: "org.chromium.Chromium", Path: "/nix/store/yqivzpzzn7z5x0lq9hmbzygh45d8rhqd-chromium-start", Enablements: system.EWayland | system.EDBus | system.EPulse, - Container: &fst.ContainerConfig{ + Container: &hst.ContainerConfig{ Userns: true, Net: true, MapRealUID: true, Env: nil, AutoEtc: true, - Filesystem: []*fst.FilesystemConfig{ + Filesystem: []*hst.FilesystemConfig{ {Src: "/bin", Must: true}, {Src: "/usr/bin", Must: true}, {Src: "/nix/store", Must: true}, {Src: "/run/current-system", Must: true}, {Src: "/sys/block"}, {Src: "/sys/bus"}, {Src: "/sys/class"}, {Src: "/sys/dev"}, {Src: "/sys/devices"}, @@ -48,7 +48,7 @@ var testCasesNixos = []sealTestCase{ DirectWayland: true, Username: "u0_a1", - Data: "/var/lib/persist/module/fortify/0/1", + Data: "/var/lib/persist/module/hakurei/0/1", Identity: 1, Groups: []string{}, }, app.ID{ @@ -58,19 +58,19 @@ var testCasesNixos = []sealTestCase{ 0xb4, 0x6e, 0xb5, 0xc1, }, system.New(1000001). - Ensure("/tmp/fortify.1971", 0711). - Ensure("/tmp/fortify.1971/runtime", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/runtime", acl.Execute). - Ensure("/tmp/fortify.1971/runtime/1", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/runtime/1", acl.Read, acl.Write, acl.Execute). - Ensure("/tmp/fortify.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir", acl.Execute). - Ensure("/tmp/fortify.1971/tmpdir/1", 01700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir/1", acl.Read, acl.Write, acl.Execute). - Ensure("/run/user/1971/fortify", 0700).UpdatePermType(system.User, "/run/user/1971/fortify", acl.Execute). + Ensure("/tmp/hakurei.1971", 0711). + Ensure("/tmp/hakurei.1971/runtime", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime", acl.Execute). + Ensure("/tmp/hakurei.1971/runtime/1", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime/1", acl.Read, acl.Write, acl.Execute). + Ensure("/tmp/hakurei.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir", acl.Execute). + Ensure("/tmp/hakurei.1971/tmpdir/1", 01700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir/1", acl.Read, acl.Write, acl.Execute). + Ensure("/run/user/1971/hakurei", 0700).UpdatePermType(system.User, "/run/user/1971/hakurei", acl.Execute). Ensure("/run/user/1971", 0700).UpdatePermType(system.User, "/run/user/1971", acl.Execute). // this is ordered as is because the previous Ensure only calls mkdir if XDG_RUNTIME_DIR is unset UpdatePermType(system.EWayland, "/run/user/1971/wayland-0", acl.Read, acl.Write, acl.Execute). - Ephemeral(system.Process, "/run/user/1971/fortify/8e2c76b066dabe574cf073bdb46eb5c1", 0700).UpdatePermType(system.Process, "/run/user/1971/fortify/8e2c76b066dabe574cf073bdb46eb5c1", acl.Execute). - Link("/run/user/1971/pulse/native", "/run/user/1971/fortify/8e2c76b066dabe574cf073bdb46eb5c1/pulse"). + Ephemeral(system.Process, "/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1", 0700).UpdatePermType(system.Process, "/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1", acl.Execute). + Link("/run/user/1971/pulse/native", "/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1/pulse"). CopyFile(nil, "/home/ophestra/xdg/config/pulse/cookie", 256, 256). - Ephemeral(system.Process, "/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1", 0711). - MustProxyDBus("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", &dbus.Config{ + Ephemeral(system.Process, "/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1", 0711). + MustProxyDBus("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", &dbus.Config{ Talk: []string{ "org.freedesktop.FileManager1", "org.freedesktop.Notifications", "org.freedesktop.ScreenSaver", "org.freedesktop.secrets", @@ -83,7 +83,7 @@ var testCasesNixos = []sealTestCase{ }, Call: map[string]string{}, Broadcast: map[string]string{}, Filter: true, - }, "/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", &dbus.Config{ + }, "/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", &dbus.Config{ Talk: []string{ "org.bluez", "org.freedesktop.Avahi", @@ -91,20 +91,20 @@ var testCasesNixos = []sealTestCase{ }, Filter: true, }). - UpdatePerm("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", acl.Read, acl.Write). - UpdatePerm("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", acl.Read, acl.Write), + UpdatePerm("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", acl.Read, acl.Write). + UpdatePerm("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", acl.Read, acl.Write), &sandbox.Params{ Uid: 1971, Gid: 100, Flags: sandbox.FAllowNet | sandbox.FAllowUserns, - Dir: "/var/lib/persist/module/fortify/0/1", + Dir: "/var/lib/persist/module/hakurei/0/1", Path: "/nix/store/yqivzpzzn7z5x0lq9hmbzygh45d8rhqd-chromium-start", Args: []string{"/nix/store/yqivzpzzn7z5x0lq9hmbzygh45d8rhqd-chromium-start"}, Env: []string{ "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1971/bus", "DBUS_SYSTEM_BUS_ADDRESS=unix:path=/run/dbus/system_bus_socket", - "HOME=/var/lib/persist/module/fortify/0/1", - "PULSE_COOKIE=" + fst.Tmp + "/pulse-cookie", + "HOME=/var/lib/persist/module/hakurei/0/1", + "PULSE_COOKIE=" + hst.Tmp + "/pulse-cookie", "PULSE_SERVER=unix:/run/user/1971/pulse/native", "SHELL=/run/current-system/sw/bin/zsh", "TERM=xterm-256color", @@ -116,7 +116,7 @@ var testCasesNixos = []sealTestCase{ }, Ops: new(sandbox.Ops). Proc("/proc"). - Tmpfs(fst.Tmp, 4096, 0755). + Tmpfs(hst.Tmp, 4096, 0755). Dev("/dev").Mqueue("/dev/mqueue"). Bind("/bin", "/bin", 0). Bind("/usr/bin", "/usr/bin", 0). @@ -131,16 +131,16 @@ var testCasesNixos = []sealTestCase{ Bind("/dev/dri", "/dev/dri", sandbox.BindDevice|sandbox.BindWritable|sandbox.BindOptional). Etc("/etc", "8e2c76b066dabe574cf073bdb46eb5c1"). Tmpfs("/run/user", 4096, 0755). - Bind("/tmp/fortify.1971/runtime/1", "/run/user/1971", sandbox.BindWritable). - Bind("/tmp/fortify.1971/tmpdir/1", "/tmp", sandbox.BindWritable). - Bind("/var/lib/persist/module/fortify/0/1", "/var/lib/persist/module/fortify/0/1", sandbox.BindWritable). - Place("/etc/passwd", []byte("u0_a1:x:1971:100:Fortify:/var/lib/persist/module/fortify/0/1:/run/current-system/sw/bin/zsh\n")). - Place("/etc/group", []byte("fortify:x:100:\n")). + Bind("/tmp/hakurei.1971/runtime/1", "/run/user/1971", sandbox.BindWritable). + Bind("/tmp/hakurei.1971/tmpdir/1", "/tmp", sandbox.BindWritable). + Bind("/var/lib/persist/module/hakurei/0/1", "/var/lib/persist/module/hakurei/0/1", sandbox.BindWritable). + Place("/etc/passwd", []byte("u0_a1:x:1971:100:Hakurei:/var/lib/persist/module/hakurei/0/1:/run/current-system/sw/bin/zsh\n")). + Place("/etc/group", []byte("hakurei:x:100:\n")). Bind("/run/user/1971/wayland-0", "/run/user/1971/wayland-0", 0). - Bind("/run/user/1971/fortify/8e2c76b066dabe574cf073bdb46eb5c1/pulse", "/run/user/1971/pulse/native", 0). - Place(fst.Tmp+"/pulse-cookie", nil). - Bind("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", "/run/user/1971/bus", 0). - Bind("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", "/run/dbus/system_bus_socket", 0). + Bind("/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1/pulse", "/run/user/1971/pulse/native", 0). + Place(hst.Tmp+"/pulse-cookie", nil). + Bind("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", "/run/user/1971/bus", 0). + Bind("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", "/run/dbus/system_bus_socket", 0). Tmpfs("/var/run/nscd", 8192, 0755), }, }, diff --git a/internal/app/internal/setuid/app_pd_test.go b/internal/app/internal/setuid/app_pd_test.go index 6ee026f..73dbd7e 100644 --- a/internal/app/internal/setuid/app_pd_test.go +++ b/internal/app/internal/setuid/app_pd_test.go @@ -3,18 +3,18 @@ package setuid_test import ( "os" - "git.gensokyo.uk/security/fortify/acl" - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/system" ) var testCasesPd = []sealTestCase{ { "nixos permissive defaults no enablements", new(stubNixOS), - &fst.Config{Username: "chronos", Data: "/home/chronos"}, + &hst.Config{Username: "chronos", Data: "/home/chronos"}, app.ID{ 0x4a, 0x45, 0x0b, 0x65, 0x96, 0xd7, 0xbc, 0x15, @@ -22,11 +22,11 @@ var testCasesPd = []sealTestCase{ 0xb9, 0xa6, 0x07, 0xac, }, system.New(1000000). - Ensure("/tmp/fortify.1971", 0711). - Ensure("/tmp/fortify.1971/runtime", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/runtime", acl.Execute). - Ensure("/tmp/fortify.1971/runtime/0", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/runtime/0", acl.Read, acl.Write, acl.Execute). - Ensure("/tmp/fortify.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir", acl.Execute). - Ensure("/tmp/fortify.1971/tmpdir/0", 01700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir/0", acl.Read, acl.Write, acl.Execute), + Ensure("/tmp/hakurei.1971", 0711). + Ensure("/tmp/hakurei.1971/runtime", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime", acl.Execute). + Ensure("/tmp/hakurei.1971/runtime/0", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime/0", acl.Read, acl.Write, acl.Execute). + Ensure("/tmp/hakurei.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir", acl.Execute). + Ensure("/tmp/hakurei.1971/tmpdir/0", 01700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir/0", acl.Read, acl.Write, acl.Execute), &sandbox.Params{ Flags: sandbox.FAllowNet | sandbox.FAllowUserns | sandbox.FAllowTTY, Dir: "/home/chronos", @@ -43,7 +43,7 @@ var testCasesPd = []sealTestCase{ }, Ops: new(sandbox.Ops). Proc("/proc"). - Tmpfs(fst.Tmp, 4096, 0755). + Tmpfs(hst.Tmp, 4096, 0755). Dev("/dev").Mqueue("/dev/mqueue"). Bind("/bin", "/bin", sandbox.BindWritable). Bind("/boot", "/boot", sandbox.BindWritable). @@ -62,17 +62,17 @@ var testCasesPd = []sealTestCase{ Tmpfs("/run/dbus", 8192, 0755). Etc("/etc", "4a450b6596d7bc15bd01780eb9a607ac"). Tmpfs("/run/user", 4096, 0755). - Bind("/tmp/fortify.1971/runtime/0", "/run/user/65534", sandbox.BindWritable). - Bind("/tmp/fortify.1971/tmpdir/0", "/tmp", sandbox.BindWritable). + Bind("/tmp/hakurei.1971/runtime/0", "/run/user/65534", sandbox.BindWritable). + Bind("/tmp/hakurei.1971/tmpdir/0", "/tmp", sandbox.BindWritable). Bind("/home/chronos", "/home/chronos", sandbox.BindWritable). - Place("/etc/passwd", []byte("chronos:x:65534:65534:Fortify:/home/chronos:/run/current-system/sw/bin/zsh\n")). - Place("/etc/group", []byte("fortify:x:65534:\n")). + Place("/etc/passwd", []byte("chronos:x:65534:65534:Hakurei:/home/chronos:/run/current-system/sw/bin/zsh\n")). + Place("/etc/group", []byte("hakurei:x:65534:\n")). Tmpfs("/var/run/nscd", 8192, 0755), }, }, { "nixos permissive defaults chromium", new(stubNixOS), - &fst.Config{ + &hst.Config{ ID: "org.chromium.Chromium", Args: []string{"zsh", "-c", "exec chromium "}, Identity: 9, @@ -119,19 +119,19 @@ var testCasesPd = []sealTestCase{ 0x9b, 0x64, 0xce, 0x7c, }, system.New(1000009). - Ensure("/tmp/fortify.1971", 0711). - Ensure("/tmp/fortify.1971/runtime", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/runtime", acl.Execute). - Ensure("/tmp/fortify.1971/runtime/9", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/runtime/9", acl.Read, acl.Write, acl.Execute). - Ensure("/tmp/fortify.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir", acl.Execute). - Ensure("/tmp/fortify.1971/tmpdir/9", 01700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir/9", acl.Read, acl.Write, acl.Execute). - Ephemeral(system.Process, "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c", 0711). - Wayland(new(*os.File), "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/wayland", "/run/user/1971/wayland-0", "org.chromium.Chromium", "ebf083d1b175911782d413369b64ce7c"). - Ensure("/run/user/1971/fortify", 0700).UpdatePermType(system.User, "/run/user/1971/fortify", acl.Execute). + Ensure("/tmp/hakurei.1971", 0711). + Ensure("/tmp/hakurei.1971/runtime", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime", acl.Execute). + Ensure("/tmp/hakurei.1971/runtime/9", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime/9", acl.Read, acl.Write, acl.Execute). + Ensure("/tmp/hakurei.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir", acl.Execute). + Ensure("/tmp/hakurei.1971/tmpdir/9", 01700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir/9", acl.Read, acl.Write, acl.Execute). + Ephemeral(system.Process, "/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c", 0711). + Wayland(new(*os.File), "/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/wayland", "/run/user/1971/wayland-0", "org.chromium.Chromium", "ebf083d1b175911782d413369b64ce7c"). + Ensure("/run/user/1971/hakurei", 0700).UpdatePermType(system.User, "/run/user/1971/hakurei", acl.Execute). Ensure("/run/user/1971", 0700).UpdatePermType(system.User, "/run/user/1971", acl.Execute). // this is ordered as is because the previous Ensure only calls mkdir if XDG_RUNTIME_DIR is unset - Ephemeral(system.Process, "/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c", 0700).UpdatePermType(system.Process, "/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c", acl.Execute). - Link("/run/user/1971/pulse/native", "/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c/pulse"). + Ephemeral(system.Process, "/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c", 0700).UpdatePermType(system.Process, "/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c", acl.Execute). + Link("/run/user/1971/pulse/native", "/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c/pulse"). CopyFile(new([]byte), "/home/ophestra/xdg/config/pulse/cookie", 256, 256). - MustProxyDBus("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/bus", &dbus.Config{ + MustProxyDBus("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/bus", &dbus.Config{ Talk: []string{ "org.freedesktop.Notifications", "org.freedesktop.FileManager1", @@ -153,7 +153,7 @@ var testCasesPd = []sealTestCase{ "org.freedesktop.portal.*": "@/org/freedesktop/portal/*", }, Filter: true, - }, "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", &dbus.Config{ + }, "/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", &dbus.Config{ Talk: []string{ "org.bluez", "org.freedesktop.Avahi", @@ -161,8 +161,8 @@ var testCasesPd = []sealTestCase{ }, Filter: true, }). - UpdatePerm("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/bus", acl.Read, acl.Write). - UpdatePerm("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", acl.Read, acl.Write), + UpdatePerm("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/bus", acl.Read, acl.Write). + UpdatePerm("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", acl.Read, acl.Write), &sandbox.Params{ Flags: sandbox.FAllowNet | sandbox.FAllowUserns | sandbox.FAllowTTY, Dir: "/home/chronos", @@ -172,7 +172,7 @@ var testCasesPd = []sealTestCase{ "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/65534/bus", "DBUS_SYSTEM_BUS_ADDRESS=unix:path=/run/dbus/system_bus_socket", "HOME=/home/chronos", - "PULSE_COOKIE=" + fst.Tmp + "/pulse-cookie", + "PULSE_COOKIE=" + hst.Tmp + "/pulse-cookie", "PULSE_SERVER=unix:/run/user/65534/pulse/native", "SHELL=/run/current-system/sw/bin/zsh", "TERM=xterm-256color", @@ -184,7 +184,7 @@ var testCasesPd = []sealTestCase{ }, Ops: new(sandbox.Ops). Proc("/proc"). - Tmpfs(fst.Tmp, 4096, 0755). + Tmpfs(hst.Tmp, 4096, 0755). Dev("/dev").Mqueue("/dev/mqueue"). Bind("/bin", "/bin", sandbox.BindWritable). Bind("/boot", "/boot", sandbox.BindWritable). @@ -204,16 +204,16 @@ var testCasesPd = []sealTestCase{ Tmpfs("/run/dbus", 8192, 0755). Etc("/etc", "ebf083d1b175911782d413369b64ce7c"). Tmpfs("/run/user", 4096, 0755). - Bind("/tmp/fortify.1971/runtime/9", "/run/user/65534", sandbox.BindWritable). - Bind("/tmp/fortify.1971/tmpdir/9", "/tmp", sandbox.BindWritable). + Bind("/tmp/hakurei.1971/runtime/9", "/run/user/65534", sandbox.BindWritable). + Bind("/tmp/hakurei.1971/tmpdir/9", "/tmp", sandbox.BindWritable). Bind("/home/chronos", "/home/chronos", sandbox.BindWritable). - Place("/etc/passwd", []byte("chronos:x:65534:65534:Fortify:/home/chronos:/run/current-system/sw/bin/zsh\n")). - Place("/etc/group", []byte("fortify:x:65534:\n")). - Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/wayland", "/run/user/65534/wayland-0", 0). - Bind("/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c/pulse", "/run/user/65534/pulse/native", 0). - Place(fst.Tmp+"/pulse-cookie", nil). - Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/bus", "/run/user/65534/bus", 0). - Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", "/run/dbus/system_bus_socket", 0). + Place("/etc/passwd", []byte("chronos:x:65534:65534:Hakurei:/home/chronos:/run/current-system/sw/bin/zsh\n")). + Place("/etc/group", []byte("hakurei:x:65534:\n")). + Bind("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/wayland", "/run/user/65534/wayland-0", 0). + Bind("/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c/pulse", "/run/user/65534/pulse/native", 0). + Place(hst.Tmp+"/pulse-cookie", nil). + Bind("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/bus", "/run/user/65534/bus", 0). + Bind("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", "/run/dbus/system_bus_socket", 0). Tmpfs("/var/run/nscd", 8192, 0755), }, }, diff --git a/internal/app/internal/setuid/app_stub_test.go b/internal/app/internal/setuid/app_stub_test.go index c3d0a67..690948f 100644 --- a/internal/app/internal/setuid/app_stub_test.go +++ b/internal/app/internal/setuid/app_stub_test.go @@ -7,7 +7,7 @@ import ( "os/user" "strconv" - "git.gensokyo.uk/security/fortify/internal/app" + "git.gensokyo.uk/security/hakurei/internal/app" ) // fs methods are not implemented using a real FS @@ -20,7 +20,7 @@ type stubNixOS struct { func (s *stubNixOS) Getuid() int { return 1971 } func (s *stubNixOS) Getgid() int { return 100 } func (s *stubNixOS) TempDir() string { return "/tmp" } -func (s *stubNixOS) MustExecutable() string { return "/run/wrappers/bin/fortify" } +func (s *stubNixOS) MustExecutable() string { return "/run/wrappers/bin/hakurei" } func (s *stubNixOS) Exit(code int) { panic("called exit on stub with code " + strconv.Itoa(code)) } func (s *stubNixOS) EvalSymlinks(path string) (string, error) { return path, nil } func (s *stubNixOS) Uid(aid int) (int, error) { return 1000000 + 0*10000 + aid, nil } @@ -127,8 +127,8 @@ func (s *stubNixOS) Open(name string) (fs.File, error) { func (s *stubNixOS) Paths() app.Paths { return app.Paths{ - SharePath: "/tmp/fortify.1971", + SharePath: "/tmp/hakurei.1971", RuntimePath: "/run/user/1971", - RunDirPath: "/run/user/1971/fortify", + RunDirPath: "/run/user/1971/hakurei", } } diff --git a/internal/app/internal/setuid/app_test.go b/internal/app/internal/setuid/app_test.go index 9e08c07..82df7c3 100644 --- a/internal/app/internal/setuid/app_test.go +++ b/internal/app/internal/setuid/app_test.go @@ -7,18 +7,18 @@ import ( "testing" "time" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/app/internal/setuid" - "git.gensokyo.uk/security/fortify/internal/sys" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" + "git.gensokyo.uk/security/hakurei/internal/sys" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/system" ) type sealTestCase struct { name string os sys.State - config *fst.Config + config *hst.Config id app.ID wantSys *system.I wantContainer *sandbox.Params @@ -80,70 +80,25 @@ func stubDirEntries(names ...string) (e []fs.DirEntry, err error) { type stubDirEntryPath string -func (p stubDirEntryPath) Name() string { - return string(p) -} - -func (p stubDirEntryPath) IsDir() bool { - panic("attempted to call IsDir") -} - -func (p stubDirEntryPath) Type() fs.FileMode { - panic("attempted to call Type") -} - -func (p stubDirEntryPath) Info() (fs.FileInfo, error) { - panic("attempted to call Info") -} +func (p stubDirEntryPath) Name() string { return string(p) } +func (p stubDirEntryPath) IsDir() bool { panic("attempted to call IsDir") } +func (p stubDirEntryPath) Type() fs.FileMode { panic("attempted to call Type") } +func (p stubDirEntryPath) Info() (fs.FileInfo, error) { panic("attempted to call Info") } type stubFileInfoMode fs.FileMode -func (s stubFileInfoMode) Name() string { - panic("attempted to call Name") -} - -func (s stubFileInfoMode) Size() int64 { - panic("attempted to call Size") -} - -func (s stubFileInfoMode) Mode() fs.FileMode { - return fs.FileMode(s) -} - -func (s stubFileInfoMode) ModTime() time.Time { - panic("attempted to call ModTime") -} - -func (s stubFileInfoMode) IsDir() bool { - panic("attempted to call IsDir") -} - -func (s stubFileInfoMode) Sys() any { - panic("attempted to call Sys") -} +func (s stubFileInfoMode) Name() string { panic("attempted to call Name") } +func (s stubFileInfoMode) Size() int64 { panic("attempted to call Size") } +func (s stubFileInfoMode) Mode() fs.FileMode { return fs.FileMode(s) } +func (s stubFileInfoMode) ModTime() time.Time { panic("attempted to call ModTime") } +func (s stubFileInfoMode) IsDir() bool { panic("attempted to call IsDir") } +func (s stubFileInfoMode) Sys() any { panic("attempted to call Sys") } type stubFileInfoIsDir bool -func (s stubFileInfoIsDir) Name() string { - panic("attempted to call Name") -} - -func (s stubFileInfoIsDir) Size() int64 { - panic("attempted to call Size") -} - -func (s stubFileInfoIsDir) Mode() fs.FileMode { - panic("attempted to call Mode") -} - -func (s stubFileInfoIsDir) ModTime() time.Time { - panic("attempted to call ModTime") -} - -func (s stubFileInfoIsDir) IsDir() bool { - return bool(s) -} - -func (s stubFileInfoIsDir) Sys() any { - panic("attempted to call Sys") -} +func (s stubFileInfoIsDir) Name() string { panic("attempted to call Name") } +func (s stubFileInfoIsDir) Size() int64 { panic("attempted to call Size") } +func (s stubFileInfoIsDir) Mode() fs.FileMode { panic("attempted to call Mode") } +func (s stubFileInfoIsDir) ModTime() time.Time { panic("attempted to call ModTime") } +func (s stubFileInfoIsDir) IsDir() bool { return bool(s) } +func (s stubFileInfoIsDir) Sys() any { panic("attempted to call Sys") } diff --git a/internal/app/internal/setuid/errors.go b/internal/app/internal/setuid/errors.go index fd5acc5..cce96c4 100644 --- a/internal/app/internal/setuid/errors.go +++ b/internal/app/internal/setuid/errors.go @@ -4,8 +4,8 @@ import ( "errors" "log" - . "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/fmsg" + . "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/hlog" ) func PrintRunStateErr(rs *RunState, runErr error) (code int) { @@ -13,10 +13,10 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { if runErr != nil { if rs.Time == nil { - fmsg.PrintBaseError(runErr, "cannot start app:") + hlog.PrintBaseError(runErr, "cannot start app:") } else { - var e *fmsg.BaseError - if !fmsg.AsBaseError(runErr, &e) { + var e *hlog.BaseError + if !hlog.AsBaseError(runErr, &e) { log.Println("wait failed:", runErr) } else { // Wait only returns either *app.ProcessError or *app.StateStoreError wrapped in a *app.BaseError @@ -37,7 +37,7 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { // every error here is wrapped in *app.BaseError for _, ei := range errs { - var eb *fmsg.BaseError + var eb *hlog.BaseError if !errors.As(ei, &eb) { // unreachable log.Println("invalid error type returned by revert:", ei) @@ -59,7 +59,7 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { if rs.RevertErr != nil { var stateStoreError *StateStoreError if !errors.As(rs.RevertErr, &stateStoreError) || stateStoreError == nil { - fmsg.PrintBaseError(rs.RevertErr, "generic fault during cleanup:") + hlog.PrintBaseError(rs.RevertErr, "generic fault during cleanup:") goto out } @@ -67,11 +67,11 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { if len(stateStoreError.Err) == 2 { if stateStoreError.Err[0] != nil { if joinedErrs, ok := stateStoreError.Err[0].(interface{ Unwrap() []error }); !ok { - fmsg.PrintBaseError(stateStoreError.Err[0], "generic fault during revert:") + hlog.PrintBaseError(stateStoreError.Err[0], "generic fault during revert:") } else { for _, err := range joinedErrs.Unwrap() { if err != nil { - fmsg.PrintBaseError(err, "fault during revert:") + hlog.PrintBaseError(err, "fault during revert:") } } } @@ -91,11 +91,11 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { } if stateStoreError.DoErr != nil { - fmsg.PrintBaseError(stateStoreError.DoErr, "state store operation unsuccessful:") + hlog.PrintBaseError(stateStoreError.DoErr, "state store operation unsuccessful:") } if stateStoreError.Inner && stateStoreError.InnerErr != nil { - fmsg.PrintBaseError(stateStoreError.InnerErr, "cannot destroy state entry:") + hlog.PrintBaseError(stateStoreError.InnerErr, "cannot destroy state entry:") } out: @@ -104,7 +104,7 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { } } if rs.WaitErr != nil { - fmsg.Verbosef("wait: %v", rs.WaitErr) + hlog.Verbosef("wait: %v", rs.WaitErr) } return } @@ -135,7 +135,7 @@ func (e *StateStoreError) equiv(a ...any) error { if e.Inner && e.InnerErr == nil && e.DoErr == nil && e.OpErr == nil && errors.Join(e.Err...) == nil { return nil } else { - return fmsg.WrapErrorSuffix(e, a...) + return hlog.WrapErrSuffix(e, a...) } } diff --git a/internal/app/internal/setuid/export_test.go b/internal/app/internal/setuid/export_test.go index d7e2f16..1a7f970 100644 --- a/internal/app/internal/setuid/export_test.go +++ b/internal/app/internal/setuid/export_test.go @@ -1,10 +1,10 @@ package setuid import ( - . "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/sys" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/system" + . "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/sys" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/system" ) func NewWithID(id ID, os sys.State) App { diff --git a/internal/app/internal/setuid/process.go b/internal/app/internal/setuid/process.go index d3114c7..8779d65 100644 --- a/internal/app/internal/setuid/process.go +++ b/internal/app/internal/setuid/process.go @@ -12,12 +12,12 @@ import ( "syscall" "time" - "git.gensokyo.uk/security/fortify/internal" - . "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/state" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/internal" + . "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/internal/state" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/system" ) const shimWaitTimeout = 5 * time.Second @@ -35,7 +35,7 @@ func (seal *outcome) Run(rs *RunState) error { } // read comp value early to allow for early failure - fsuPath := internal.MustFsuPath() + hsuPath := internal.MustHsuPath() if err := seal.sys.Commit(seal.ctx); err != nil { return err @@ -59,7 +59,7 @@ func (seal *outcome) Run(rs *RunState) error { if l := len(states); l == 0 { ec |= system.User } else { - fmsg.Verbosef("found %d instances, cleaning up without user-scoped operations", l) + hlog.Verbosef("found %d instances, cleaning up without user-scoped operations", l) } // accumulate enablements of remaining launchers @@ -72,9 +72,9 @@ func (seal *outcome) Run(rs *RunState) error { } } ec |= rt ^ (system.EWayland | system.EX11 | system.EDBus | system.EPulse) - if fmsg.Load() { + if hlog.Load() { if ec > 0 { - fmsg.Verbose("reverting operations scope", system.TypeString(ec)) + hlog.Verbose("reverting operations scope", system.TypeString(ec)) } } @@ -87,7 +87,7 @@ func (seal *outcome) Run(rs *RunState) error { ctx, cancel := context.WithCancel(seal.ctx) defer cancel() - cmd := exec.CommandContext(ctx, fsuPath) + cmd := exec.CommandContext(ctx, hsuPath) cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr cmd.Dir = "/" // container init enters final working directory // shim runs in the same session as monitor; see shim.go for behaviour @@ -95,28 +95,28 @@ func (seal *outcome) Run(rs *RunState) error { var e *gob.Encoder if fd, encoder, err := sandbox.Setup(&cmd.ExtraFiles); err != nil { - return fmsg.WrapErrorSuffix(err, + return hlog.WrapErrSuffix(err, "cannot create shim setup pipe:") } else { e = encoder cmd.Env = []string{ - // passed through to shim by fsu + // passed through to shim by hsu shimEnv + "=" + strconv.Itoa(fd), - // interpreted by fsu - "FORTIFY_APP_ID=" + seal.user.aid.String(), + // interpreted by hsu + "HAKUREI_APP_ID=" + seal.user.aid.String(), } } if len(seal.user.supp) > 0 { - fmsg.Verbosef("attaching supplementary group ids %s", seal.user.supp) - // interpreted by fsu - cmd.Env = append(cmd.Env, "FORTIFY_GROUPS="+strings.Join(seal.user.supp, " ")) + hlog.Verbosef("attaching supplementary group ids %s", seal.user.supp) + // interpreted by hsu + cmd.Env = append(cmd.Env, "HAKUREI_GROUPS="+strings.Join(seal.user.supp, " ")) } - fmsg.Verbosef("setuid helper at %s", fsuPath) - fmsg.Suspend() + hlog.Verbosef("setuid helper at %s", hsuPath) + hlog.Suspend() if err := cmd.Start(); err != nil { - return fmsg.WrapErrorSuffix(err, + return hlog.WrapErrSuffix(err, "cannot start setuid wrapper:") } rs.SetStart() @@ -124,19 +124,19 @@ func (seal *outcome) Run(rs *RunState) error { // this prevents blocking forever on an early failure waitErr, setupErr := make(chan error, 1), make(chan error, 1) go func() { waitErr <- cmd.Wait(); cancel() }() - go func() { setupErr <- e.Encode(&shimParams{os.Getpid(), seal.container, seal.user.data, fmsg.Load()}) }() + go func() { setupErr <- e.Encode(&shimParams{os.Getpid(), seal.container, seal.user.data, hlog.Load()}) }() select { case err := <-setupErr: if err != nil { - fmsg.Resume() - return fmsg.WrapErrorSuffix(err, + hlog.Resume() + return hlog.WrapErrSuffix(err, "cannot transmit shim config:") } case <-ctx.Done(): - fmsg.Resume() - return fmsg.WrapError(syscall.ECANCELED, + hlog.Resume() + return hlog.WrapErr(syscall.ECANCELED, "shim setup canceled") } @@ -163,25 +163,25 @@ func (seal *outcome) Run(rs *RunState) error { select { case rs.WaitErr = <-waitErr: rs.WaitStatus = cmd.ProcessState.Sys().(syscall.WaitStatus) - if fmsg.Load() { + if hlog.Load() { switch { case rs.Exited(): - fmsg.Verbosef("process %d exited with code %d", cmd.Process.Pid, rs.ExitStatus()) + hlog.Verbosef("process %d exited with code %d", cmd.Process.Pid, rs.ExitStatus()) case rs.CoreDump(): - fmsg.Verbosef("process %d dumped core", cmd.Process.Pid) + hlog.Verbosef("process %d dumped core", cmd.Process.Pid) case rs.Signaled(): - fmsg.Verbosef("process %d got %s", cmd.Process.Pid, rs.Signal()) + hlog.Verbosef("process %d got %s", cmd.Process.Pid, rs.Signal()) default: - fmsg.Verbosef("process %d exited with status %#x", cmd.Process.Pid, rs.WaitStatus) + hlog.Verbosef("process %d exited with status %#x", cmd.Process.Pid, rs.WaitStatus) } } case <-waitTimeout: rs.WaitErr = syscall.ETIMEDOUT - fmsg.Resume() + hlog.Resume() log.Printf("process %d did not terminate", cmd.Process.Pid) } - fmsg.Resume() + hlog.Resume() if seal.sync != nil { if err := seal.sync.Close(); err != nil { log.Printf("cannot close wayland security context: %v", err) diff --git a/internal/app/internal/setuid/seal.go b/internal/app/internal/setuid/seal.go index 13d9ad8..51ff16a 100644 --- a/internal/app/internal/setuid/seal.go +++ b/internal/app/internal/setuid/seal.go @@ -16,17 +16,17 @@ import ( "sync/atomic" "syscall" - "git.gensokyo.uk/security/fortify/acl" - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal" - . "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/app/instance/common" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/sys" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/sandbox/wl" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal" + . "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/app/instance/common" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/internal/sys" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/sandbox/wl" + "git.gensokyo.uk/security/hakurei/system" ) const ( @@ -63,20 +63,20 @@ var ( var posixUsername = regexp.MustCompilePOSIX("^[a-z_]([A-Za-z0-9_-]{0,31}|[A-Za-z0-9_-]{0,30}\\$)$") -// outcome stores copies of various parts of [fst.Config] +// outcome stores copies of various parts of [hst.Config] type outcome struct { // copied from initialising [app] id *stringPair[ID] // copied from [sys.State] response runDirPath string - // initial [fst.Config] gob stream for state data; + // initial [hst.Config] gob stream for state data; // this is prepared ahead of time as config is clobbered during seal creation ct io.WriterTo // dump dbus proxy message buffer dbusMsg func() - user fsuUser + user hsuUser sys *system.I ctx context.Context @@ -89,7 +89,7 @@ type outcome struct { // shareHost holds optional share directory state that must not be accessed directly type shareHost struct { - // whether XDG_RUNTIME_DIR is used post fsu + // whether XDG_RUNTIME_DIR is used post hsu useRuntimeDir bool // process-specific directory in tmpdir, empty if unused sharePath string @@ -134,8 +134,8 @@ func (share *shareHost) runtime() string { return share.runtimeSharePath } -// fsuUser stores post-fsu credentials and metadata -type fsuUser struct { +// hsuUser stores post-hsu credentials and metadata +type hsuUser struct { // application id aid *stringPair[int] // target uid resolved by fid:aid @@ -152,7 +152,7 @@ type fsuUser struct { username string } -func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Config) error { +func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Config) error { if seal.ctx != nil { panic("finalise called twice") } @@ -162,19 +162,19 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co // encode initial configuration for state tracking ct := new(bytes.Buffer) if err := gob.NewEncoder(ct).Encode(config); err != nil { - return fmsg.WrapErrorSuffix(err, + return hlog.WrapErrSuffix(err, "cannot encode initial config:") } seal.ct = ct } - // allowed aid range 0 to 9999, this is checked again in fsu + // allowed aid range 0 to 9999, this is checked again in hsu if config.Identity < 0 || config.Identity > 9999 { - return fmsg.WrapError(ErrUser, + return hlog.WrapErr(ErrUser, fmt.Sprintf("identity %d out of range", config.Identity)) } - seal.user = fsuUser{ + seal.user = hsuUser{ aid: newInt(config.Identity), data: config.Data, home: config.Dir, @@ -184,11 +184,11 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co seal.user.username = "chronos" } else if !posixUsername.MatchString(seal.user.username) || len(seal.user.username) >= internal.Sysconf_SC_LOGIN_NAME_MAX() { - return fmsg.WrapError(ErrName, + return hlog.WrapErr(ErrName, fmt.Sprintf("invalid user name %q", seal.user.username)) } if seal.user.data == "" || !path.IsAbs(seal.user.data) { - return fmsg.WrapError(ErrHome, + return hlog.WrapErr(ErrHome, fmt.Sprintf("invalid home directory %q", seal.user.data)) } if seal.user.home == "" { @@ -202,7 +202,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co seal.user.supp = make([]string, len(config.Groups)) for i, name := range config.Groups { if g, err := sys.LookupGroup(name); err != nil { - return fmsg.WrapError(err, + return hlog.WrapErr(err, fmt.Sprintf("unknown group %q", name)) } else { seal.user.supp[i] = g.Gid @@ -220,13 +220,13 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co // permissive defaults if config.Container == nil { - fmsg.Verbose("container configuration not supplied, PROCEED WITH CAUTION") + hlog.Verbose("container configuration not supplied, PROCEED WITH CAUTION") - // fsu clears the environment so resolve paths early + // hsu clears the environment so resolve paths early if !path.IsAbs(config.Path) { if len(config.Args) > 0 { if p, err := sys.LookPath(config.Args[0]); err != nil { - return fmsg.WrapError(err, err.Error()) + return hlog.WrapErr(err, err.Error()) } else { config.Path = p } @@ -235,7 +235,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co } } - conf := &fst.ContainerConfig{ + conf := &hst.ContainerConfig{ Userns: true, Net: true, Tty: true, @@ -245,7 +245,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co if d, err := sys.ReadDir("/"); err != nil { return err } else { - b := make([]*fst.FilesystemConfig, 0, len(d)) + b := make([]*hst.FilesystemConfig, 0, len(d)) for _, ent := range d { p := "/" + ent.Name() switch p { @@ -256,7 +256,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co case "/etc": default: - b = append(b, &fst.FilesystemConfig{Src: p, Write: true, Must: true}) + b = append(b, &hst.FilesystemConfig{Src: p, Write: true, Must: true}) } } conf.Filesystem = append(conf.Filesystem, b...) @@ -269,10 +269,10 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co } // bind GPU stuff if config.Enablements&(system.EX11|system.EWayland) != 0 { - conf.Filesystem = append(conf.Filesystem, &fst.FilesystemConfig{Src: "/dev/dri", Device: true}) + conf.Filesystem = append(conf.Filesystem, &hst.FilesystemConfig{Src: "/dev/dri", Device: true}) } // opportunistically bind kvm - conf.Filesystem = append(conf.Filesystem, &fst.FilesystemConfig{Src: "/dev/kvm", Device: true}) + conf.Filesystem = append(conf.Filesystem, &hst.FilesystemConfig{Src: "/dev/kvm", Device: true}) config.Container = conf } @@ -283,11 +283,11 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co var err error seal.container, seal.env, err = common.NewContainer(config.Container, sys, &uid, &gid) if err != nil { - return fmsg.WrapErrorSuffix(err, + return hlog.WrapErrSuffix(err, "cannot initialise container configuration:") } if !path.IsAbs(config.Path) { - return fmsg.WrapError(syscall.EINVAL, + return hlog.WrapErr(syscall.EINVAL, "invalid program path") } if len(config.Args) == 0 { @@ -364,9 +364,9 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co seal.env[shell] = config.Shell seal.container.Place("/etc/passwd", - []byte(username+":x:"+mapuid.String()+":"+mapgid.String()+":Fortify:"+homeDir+":"+config.Shell+"\n")) + []byte(username+":x:"+mapuid.String()+":"+mapgid.String()+":Hakurei:"+homeDir+":"+config.Shell+"\n")) seal.container.Place("/etc/group", - []byte("fortify:x:"+mapgid.String()+":\n")) + []byte("hakurei:x:"+mapgid.String()+":\n")) } // pass TERM for proper terminal I/O in initial process @@ -378,7 +378,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co // outer wayland socket (usually `/run/user/%d/wayland-%d`) var socketPath string if name, ok := sys.LookupEnv(wl.WaylandDisplay); !ok { - fmsg.Verbose(wl.WaylandDisplay + " is not set, assuming " + wl.FallbackName) + hlog.Verbose(wl.WaylandDisplay + " is not set, assuming " + wl.FallbackName) socketPath = path.Join(share.sc.RuntimePath, wl.FallbackName) } else if !path.IsAbs(name) { socketPath = path.Join(share.sc.RuntimePath, name) @@ -393,14 +393,14 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co appID := config.ID if appID == "" { // use instance ID in case app id is not set - appID = "uk.gensokyo.fortify." + seal.id.String() + appID = "uk.gensokyo.hakurei." + seal.id.String() } // downstream socket paths outerPath := path.Join(share.instance(), "wayland") seal.sys.Wayland(&seal.sync, outerPath, socketPath, appID, seal.id.String()) seal.container.Bind(outerPath, innerPath, 0) } else { // bind mount wayland socket (insecure) - fmsg.Verbose("direct wayland access, PROCEED WITH CAUTION") + hlog.Verbose("direct wayland access, PROCEED WITH CAUTION") share.ensureRuntimeDir() seal.container.Bind(socketPath, innerPath, 0) seal.sys.UpdatePermType(system.EWayland, socketPath, acl.Read, acl.Write, acl.Execute) @@ -409,7 +409,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co if config.Enablements&system.EX11 != 0 { if d, ok := sys.LookupEnv(display); !ok { - return fmsg.WrapError(ErrXDisplay, + return hlog.WrapErr(ErrXDisplay, "DISPLAY is not set") } else { seal.sys.ChangeHosts("#" + seal.user.uid.String()) @@ -426,23 +426,23 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co if _, err := sys.Stat(pulseRuntimeDir); err != nil { if !errors.Is(err, fs.ErrNotExist) { - return fmsg.WrapErrorSuffix(err, + return hlog.WrapErrSuffix(err, fmt.Sprintf("cannot access PulseAudio directory %q:", pulseRuntimeDir)) } - return fmsg.WrapError(ErrPulseSocket, + return hlog.WrapErr(ErrPulseSocket, fmt.Sprintf("PulseAudio directory %q not found", pulseRuntimeDir)) } if s, err := sys.Stat(pulseSocket); err != nil { if !errors.Is(err, fs.ErrNotExist) { - return fmsg.WrapErrorSuffix(err, + return hlog.WrapErrSuffix(err, fmt.Sprintf("cannot access PulseAudio socket %q:", pulseSocket)) } - return fmsg.WrapError(ErrPulseSocket, + return hlog.WrapErr(ErrPulseSocket, fmt.Sprintf("PulseAudio directory %q found but socket does not exist", pulseRuntimeDir)) } else { if m := s.Mode(); m&0o006 != 0o006 { - return fmsg.WrapError(ErrPulseMode, + return hlog.WrapErr(ErrPulseMode, fmt.Sprintf("unexpected permissions on %q:", pulseSocket), m) } } @@ -457,9 +457,9 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co // publish current user's pulse cookie for target user if src, err := discoverPulseCookie(sys); err != nil { // not fatal - fmsg.Verbose(strings.TrimSpace(err.(*fmsg.BaseError).Message())) + hlog.Verbose(strings.TrimSpace(err.(*hlog.BaseError).Message())) } else { - innerDst := fst.Tmp + "/pulse-cookie" + innerDst := hst.Tmp + "/pulse-cookie" seal.env[pulseCookie] = innerDst var payload *[]byte seal.container.PlaceP(innerDst, &payload) @@ -531,15 +531,15 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Co seal.container.Env = make([]string, 0, len(seal.env)) for k, v := range seal.env { if strings.IndexByte(k, '=') != -1 { - return fmsg.WrapError(syscall.EINVAL, + return hlog.WrapErr(syscall.EINVAL, fmt.Sprintf("invalid environment variable %s", k)) } seal.container.Env = append(seal.container.Env, k+"="+v) } slices.Sort(seal.container.Env) - if fmsg.Load() { - fmsg.Verbosef("created application seal for uid %s (%s) groups: %v, argv: %s, ops: %d", + if hlog.Load() { + hlog.Verbosef("created application seal for uid %s (%s) groups: %v, argv: %s, ops: %d", seal.user.uid, seal.user.username, config.Groups, seal.container.Args, len(*seal.container.Ops)) } @@ -557,7 +557,7 @@ func discoverPulseCookie(sys sys.State) (string, error) { p = path.Join(p, ".pulse-cookie") if s, err := sys.Stat(p); err != nil { if !errors.Is(err, fs.ErrNotExist) { - return p, fmsg.WrapErrorSuffix(err, + return p, hlog.WrapErrSuffix(err, fmt.Sprintf("cannot access PulseAudio cookie %q:", p)) } // not found, try next method @@ -571,7 +571,7 @@ func discoverPulseCookie(sys sys.State) (string, error) { p = path.Join(p, "pulse", "cookie") if s, err := sys.Stat(p); err != nil { if !errors.Is(err, fs.ErrNotExist) { - return p, fmsg.WrapErrorSuffix(err, + return p, hlog.WrapErrSuffix(err, fmt.Sprintf("cannot access PulseAudio cookie %q:", p)) } // not found, try next method @@ -580,7 +580,7 @@ func discoverPulseCookie(sys sys.State) (string, error) { } } - return "", fmsg.WrapError(ErrPulseCookie, + return "", hlog.WrapErr(ErrPulseCookie, fmt.Sprintf("cannot locate PulseAudio cookie (tried $%s, $%s/pulse/cookie, $%s/.pulse-cookie)", pulseCookie, xdgConfigHome, home)) } diff --git a/internal/app/internal/setuid/shim.go b/internal/app/internal/setuid/shim.go index 1717f81..15587cd 100644 --- a/internal/app/internal/setuid/shim.go +++ b/internal/app/internal/setuid/shim.go @@ -10,10 +10,10 @@ import ( "syscall" "time" - "git.gensokyo.uk/security/fortify/internal" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/internal" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" ) /* @@ -23,10 +23,10 @@ import ( #include #include -static pid_t f_shim_param_ppid = -1; +static pid_t hakurei_shim_param_ppid = -1; -// this cannot unblock fmsg since Go code is not async-signal-safe -static void f_shim_sigaction(int sig, siginfo_t *si, void *ucontext) { +// this cannot unblock hlog since Go code is not async-signal-safe +static void hakurei_shim_sigaction(int sig, siginfo_t *si, void *ucontext) { if (sig != SIGCONT || si == NULL) { // unreachable fprintf(stderr, "sigaction: sa_sigaction got invalid siginfo\n"); @@ -34,17 +34,17 @@ static void f_shim_sigaction(int sig, siginfo_t *si, void *ucontext) { } // monitor requests shim exit - if (si->si_pid == f_shim_param_ppid) + if (si->si_pid == hakurei_shim_param_ppid) exit(254); fprintf(stderr, "sigaction: got SIGCONT from process %d\n", si->si_pid); // shim orphaned before monitor delivers a signal - if (getppid() != f_shim_param_ppid) + if (getppid() != hakurei_shim_param_ppid) exit(3); } -void f_shim_setup_cont_signal(pid_t ppid) { +void hakurei_shim_setup_cont_signal(pid_t ppid) { struct sigaction new_action = {0}, old_action = {0}; if (sigaction(SIGCONT, NULL, &old_action) != 0) return; @@ -53,7 +53,7 @@ void f_shim_setup_cont_signal(pid_t ppid) { return; } - new_action.sa_sigaction = f_shim_sigaction; + new_action.sa_sigaction = hakurei_shim_sigaction; if (sigemptyset(&new_action.sa_mask) != 0) return; new_action.sa_flags = SA_ONSTACK | SA_SIGINFO; @@ -62,12 +62,12 @@ void f_shim_setup_cont_signal(pid_t ppid) { return; errno = 0; - f_shim_param_ppid = ppid; + hakurei_shim_param_ppid = ppid; } */ import "C" -const shimEnv = "FORTIFY_SHIM" +const shimEnv = "HAKUREI_SHIM" type shimParams struct { // monitor pid, checked against ppid in signal handler @@ -84,7 +84,7 @@ type shimParams struct { // ShimMain is the main function of the shim process and runs as the unconstrained target user. func ShimMain() { - fmsg.Prepare("shim") + hlog.Prepare("shim") if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil { log.Fatalf("cannot set SUID_DUMP_DISABLE: %s", err) @@ -99,7 +99,7 @@ func ShimMain() { log.Fatal("invalid config descriptor") } if errors.Is(err, sandbox.ErrNotSet) { - log.Fatal("FORTIFY_SHIM not set") + log.Fatal("HAKUREI_SHIM not set") } log.Fatalf("cannot receive shim setup params: %v", err) @@ -108,7 +108,7 @@ func ShimMain() { closeSetup = f // the Go runtime does not expose siginfo_t so SIGCONT is handled in C to check si_pid - if _, err = C.f_shim_setup_cont_signal(C.pid_t(params.Monitor)); err != nil { + if _, err = C.hakurei_shim_setup_cont_signal(C.pid_t(params.Monitor)); err != nil { log.Fatalf("cannot install SIGCONT handler: %v", err) } @@ -156,11 +156,11 @@ func ShimMain() { container.WaitDelay = 2 * time.Second if err := container.Start(); err != nil { - fmsg.PrintBaseError(err, "cannot start container:") + hlog.PrintBaseError(err, "cannot start container:") os.Exit(1) } if err := container.Serve(); err != nil { - fmsg.PrintBaseError(err, "cannot configure container:") + hlog.PrintBaseError(err, "cannot configure container:") } if err := seccomp.Load(seccomp.PresetCommon); err != nil { diff --git a/internal/app/internal/setuid/strings.go b/internal/app/internal/setuid/strings.go index 6489d6c..7e9df5f 100644 --- a/internal/app/internal/setuid/strings.go +++ b/internal/app/internal/setuid/strings.go @@ -3,7 +3,7 @@ package setuid import ( "strconv" - . "git.gensokyo.uk/security/fortify/internal/app" + . "git.gensokyo.uk/security/hakurei/internal/app" ) func newInt(v int) *stringPair[int] { return &stringPair[int]{v, strconv.Itoa(v)} } diff --git a/internal/exit.go b/internal/exit.go index 6781943..0e8242e 100644 --- a/internal/exit.go +++ b/internal/exit.go @@ -3,7 +3,7 @@ package internal import ( "os" - "git.gensokyo.uk/security/fortify/internal/fmsg" + "git.gensokyo.uk/security/hakurei/internal/hlog" ) -func Exit(code int) { fmsg.BeforeExit(); os.Exit(code) } +func Exit(code int) { hlog.BeforeExit(); os.Exit(code) } diff --git a/internal/fmsg/errors.go b/internal/hlog/errors.go similarity index 56% rename from internal/fmsg/errors.go rename to internal/hlog/errors.go index bf9884f..d731f57 100644 --- a/internal/fmsg/errors.go +++ b/internal/hlog/errors.go @@ -1,4 +1,4 @@ -package fmsg +package hlog import ( "fmt" @@ -12,13 +12,8 @@ type baseError struct { Err error } -func (e *baseError) Error() string { - return e.Err.Error() -} - -func (e *baseError) Unwrap() error { - return e.Err -} +func (e *baseError) Error() string { return e.Err.Error() } +func (e *baseError) Unwrap() error { return e.Err } // BaseError implements an error container with a user-facing message type BaseError struct { @@ -27,35 +22,33 @@ type BaseError struct { } // Message returns a user-facing error message -func (e *BaseError) Message() string { - return e.message -} +func (e *BaseError) Message() string { return e.message } -// WrapError wraps an error with a corresponding message. -func WrapError(err error, a ...any) error { +// WrapErr wraps an error with a corresponding message. +func WrapErr(err error, a ...any) error { if err == nil { return nil } - return wrapError(err, fmt.Sprintln(a...)) + return wrapErr(err, fmt.Sprintln(a...)) } -// WrapErrorSuffix wraps an error with a corresponding message with err at the end of the message. -func WrapErrorSuffix(err error, a ...any) error { +// WrapErrSuffix wraps an error with a corresponding message with err at the end of the message. +func WrapErrSuffix(err error, a ...any) error { if err == nil { return nil } - return wrapError(err, fmt.Sprintln(append(a, err)...)) + return wrapErr(err, fmt.Sprintln(append(a, err)...)) } -// WrapErrorFunc wraps an error with a corresponding message returned by f. -func WrapErrorFunc(err error, f func(err error) string) error { +// WrapErrFunc wraps an error with a corresponding message returned by f. +func WrapErrFunc(err error, f func(err error) string) error { if err == nil { return nil } - return wrapError(err, f(err)) + return wrapErr(err, f(err)) } -func wrapError(err error, message string) *BaseError { +func wrapErr(err error, message string) *BaseError { return &BaseError{message, baseError{err}} } diff --git a/internal/fmsg/fmsg.go b/internal/hlog/hlog.go similarity index 95% rename from internal/fmsg/fmsg.go rename to internal/hlog/hlog.go index 4853838..415d16b 100644 --- a/internal/fmsg/fmsg.go +++ b/internal/hlog/hlog.go @@ -1,5 +1,5 @@ -// Package fmsg provides various functions for output messages. -package fmsg +// Package hlog provides various functions for output messages. +package hlog import ( "bytes" diff --git a/internal/fmsg/msg.go b/internal/hlog/msg.go similarity index 94% rename from internal/fmsg/msg.go rename to internal/hlog/msg.go index 7ff42b7..dd37fdb 100644 --- a/internal/fmsg/msg.go +++ b/internal/hlog/msg.go @@ -1,11 +1,11 @@ -package fmsg +package hlog type Output struct{} func (Output) IsVerbose() bool { return Load() } func (Output) Verbose(v ...any) { Verbose(v...) } func (Output) Verbosef(format string, v ...any) { Verbosef(format, v...) } -func (Output) WrapErr(err error, a ...any) error { return WrapError(err, a...) } +func (Output) WrapErr(err error, a ...any) error { return WrapErr(err, a...) } func (Output) PrintBaseErr(err error, fallback string) { PrintBaseError(err, fallback) } func (Output) Suspend() { Suspend() } func (Output) Resume() bool { return Resume() } diff --git a/internal/fmsg/verbose.go b/internal/hlog/verbose.go similarity index 96% rename from internal/fmsg/verbose.go rename to internal/hlog/verbose.go index a8e4c81..d6fcd94 100644 --- a/internal/fmsg/verbose.go +++ b/internal/hlog/verbose.go @@ -1,4 +1,4 @@ -package fmsg +package hlog import ( "log" diff --git a/internal/output.go b/internal/output.go index 7b1de30..9d6133a 100644 --- a/internal/output.go +++ b/internal/output.go @@ -1,17 +1,17 @@ package internal import ( - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/system" ) func InstallFmsg(verbose bool) { - fmsg.Store(verbose) - sandbox.SetOutput(fmsg.Output{}) - system.SetOutput(fmsg.Output{}) + hlog.Store(verbose) + sandbox.SetOutput(hlog.Output{}) + system.SetOutput(hlog.Output{}) if verbose { - seccomp.SetOutput(fmsg.Verbose) + seccomp.SetOutput(hlog.Verbose) } } diff --git a/internal/path.go b/internal/path.go index 8211478..9a59ac5 100644 --- a/internal/path.go +++ b/internal/path.go @@ -4,19 +4,19 @@ import ( "log" "path" - "git.gensokyo.uk/security/fortify/internal/fmsg" + "git.gensokyo.uk/security/hakurei/internal/hlog" ) var ( - fsu = compPoison + hsu = compPoison ) -func MustFsuPath() string { - if name, ok := checkPath(fsu); ok { +func MustHsuPath() string { + if name, ok := checkPath(hsu); ok { return name } - fmsg.BeforeExit() - log.Fatal("invalid fsu path, this program is compiled incorrectly") + hlog.BeforeExit() + log.Fatal("invalid hsu path, this program is compiled incorrectly") return compPoison } diff --git a/internal/state/multi.go b/internal/state/multi.go index f443611..fac5b38 100644 --- a/internal/state/multi.go +++ b/internal/state/multi.go @@ -13,9 +13,9 @@ import ( "sync" "syscall" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/fmsg" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/hlog" ) // fine-grained locking and access @@ -86,17 +86,17 @@ func (s *multiStore) List() ([]int, error) { for _, e := range entries { // skip non-directories if !e.IsDir() { - fmsg.Verbosef("skipped non-directory entry %q", e.Name()) + hlog.Verbosef("skipped non-directory entry %q", e.Name()) continue } // skip non-numerical names if v, err := strconv.Atoi(e.Name()); err != nil { - fmsg.Verbosef("skipped non-aid entry %q", e.Name()) + hlog.Verbosef("skipped non-aid entry %q", e.Name()) continue } else { if v < 0 || v > 9999 { - fmsg.Verbosef("skipped out of bounds entry %q", e.Name()) + hlog.Verbosef("skipped out of bounds entry %q", e.Name()) continue } @@ -232,7 +232,7 @@ func (b *multiBackend) load(decode bool) (Entries, error) { } // state file consists of an eight byte header, followed by concatenated gobs -// of [fst.Config] and [State], if [State.Config] is not nil or offset < 0, +// of [hst.Config] and [State], if [State.Config] is not nil or offset < 0, // the first gob is skipped func (b *multiBackend) decodeState(r io.ReadSeeker, state *State) error { offset := make([]byte, 8) @@ -269,7 +269,7 @@ func (b *multiBackend) decodeState(r io.ReadSeeker, state *State) error { return ErrNoConfig } - state.Config = new(fst.Config) + state.Config = new(hst.Config) if _, err := r.Seek(8, io.SeekStart); err != nil { return err } diff --git a/internal/state/multi_test.go b/internal/state/multi_test.go index e0407c4..2549034 100644 --- a/internal/state/multi_test.go +++ b/internal/state/multi_test.go @@ -3,7 +3,7 @@ package state_test import ( "testing" - "git.gensokyo.uk/security/fortify/internal/state" + "git.gensokyo.uk/security/hakurei/internal/state" ) func TestMulti(t *testing.T) { diff --git a/internal/state/state.go b/internal/state/state.go index 609b4e9..0c07b37 100644 --- a/internal/state/state.go +++ b/internal/state/state.go @@ -5,8 +5,8 @@ import ( "io" "time" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/app" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/app" ) var ErrNoConfig = errors.New("state does not contain config") @@ -35,14 +35,14 @@ type Cursor interface { Len() (int, error) } -// State is a fortify process's state +// State is an instance state type State struct { - // fortify instance id + // hakurei instance id ID app.ID `json:"instance"` // child process PID value PID int `json:"pid"` // sealed app configuration - Config *fst.Config `json:"config"` + Config *hst.Config `json:"config"` // process start time Time time.Time `json:"time"` diff --git a/internal/state/state_test.go b/internal/state/state_test.go index fe7a6cc..caf5c43 100644 --- a/internal/state/state_test.go +++ b/internal/state/state_test.go @@ -10,9 +10,9 @@ import ( "testing" "time" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/state" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/state" ) func testStore(t *testing.T, s state.Store) { @@ -63,7 +63,7 @@ func testStore(t *testing.T, s state.Store) { &tc[i].state.ID) } else { got.Time = tc[i].state.Time - tc[i].state.Config = fst.Template() + tc[i].state.Config = hst.Template() if !reflect.DeepEqual(got, &tc[i].state) { t.Fatalf("Load: entry %s got %#v, want %#v", &tc[i].state.ID, got, &tc[i].state) @@ -137,7 +137,7 @@ func makeState(t *testing.T, s *state.State, ct io.Writer) { if err := app.NewAppID(&s.ID); err != nil { t.Fatalf("cannot create dummy state: %v", err) } - if err := gob.NewEncoder(ct).Encode(fst.Template()); err != nil { + if err := gob.NewEncoder(ct).Encode(hst.Template()); err != nil { t.Fatalf("cannot encode dummy config: %v", err) } s.PID = rand.Int() diff --git a/internal/sys/interface.go b/internal/sys/interface.go index ba8e0bf..57c5a7e 100644 --- a/internal/sys/interface.go +++ b/internal/sys/interface.go @@ -6,8 +6,8 @@ import ( "path" "strconv" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/fmsg" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/hlog" ) // State provides safe interaction with operating system state. @@ -42,25 +42,25 @@ type State interface { // Paths returns a populated [Paths] struct. Paths() app.Paths - // Uid invokes fsu and returns target uid. + // Uid invokes hsu and returns target uid. // Any errors returned by Uid is already wrapped [fmsg.BaseError]. Uid(aid int) (int, error) } -// CopyPaths is a generic implementation of [fst.Paths]. +// CopyPaths is a generic implementation of [hst.Paths]. func CopyPaths(os State, v *app.Paths) { - v.SharePath = path.Join(os.TempDir(), "fortify."+strconv.Itoa(os.Getuid())) + v.SharePath = path.Join(os.TempDir(), "hakurei."+strconv.Itoa(os.Getuid())) - fmsg.Verbosef("process share directory at %q", v.SharePath) + hlog.Verbosef("process share directory at %q", v.SharePath) if r, ok := os.LookupEnv(xdgRuntimeDir); !ok || r == "" || !path.IsAbs(r) { - // fall back to path in share since fortify has no hard XDG dependency + // fall back to path in share since hakurei has no hard XDG dependency v.RunDirPath = path.Join(v.SharePath, "run") v.RuntimePath = path.Join(v.RunDirPath, "compat") } else { v.RuntimePath = r - v.RunDirPath = path.Join(v.RuntimePath, "fortify") + v.RunDirPath = path.Join(v.RuntimePath, "hakurei") } - fmsg.Verbosef("runtime directory at %q", v.RunDirPath) + hlog.Verbosef("runtime directory at %q", v.RunDirPath) } diff --git a/internal/sys/std.go b/internal/sys/std.go index 1b23579..6db4bae 100644 --- a/internal/sys/std.go +++ b/internal/sys/std.go @@ -12,10 +12,10 @@ import ( "sync" "syscall" - "git.gensokyo.uk/security/fortify/internal" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/hakurei/internal" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/sandbox" ) // Std implements System using the standard library. @@ -43,8 +43,8 @@ func (s *Std) Stat(name string) (fs.FileInfo, error) { return os.Stat(nam func (s *Std) Open(name string) (fs.File, error) { return os.Open(name) } func (s *Std) EvalSymlinks(path string) (string, error) { return filepath.EvalSymlinks(path) } func (s *Std) Exit(code int) { internal.Exit(code) } -func (s *Std) Println(v ...any) { fmsg.Verbose(v...) } -func (s *Std) Printf(format string, v ...any) { fmsg.Verbosef(format, v...) } +func (s *Std) Println(v ...any) { hlog.Verbose(v...) } +func (s *Std) Printf(format string, v ...any) { hlog.Verbosef(format, v...) } const xdgRuntimeDir = "XDG_RUNTIME_DIR" @@ -80,12 +80,12 @@ func (s *Std) Uid(aid int) (int, error) { defer func() { s.uidCopy[aid] = u }() u.uid = -1 - fsuPath := internal.MustFsuPath() + hsuPath := internal.MustHsuPath() - cmd := exec.Command(fsuPath) - cmd.Path = fsuPath + cmd := exec.Command(hsuPath) + cmd.Path = hsuPath cmd.Stderr = os.Stderr // pass through fatal messages - cmd.Env = []string{"FORTIFY_APP_ID=" + strconv.Itoa(aid)} + cmd.Env = []string{"HAKUREI_APP_ID=" + strconv.Itoa(aid)} cmd.Dir = "/" var ( p []byte @@ -95,12 +95,12 @@ func (s *Std) Uid(aid int) (int, error) { if p, u.err = cmd.Output(); u.err == nil { u.uid, u.err = strconv.Atoi(string(p)) if u.err != nil { - u.err = fmsg.WrapErrorSuffix(u.err, "cannot parse uid from fsu:") + u.err = hlog.WrapErrSuffix(u.err, "cannot parse uid from hsu:") } } else if errors.As(u.err, &exitError) && exitError != nil && exitError.ExitCode() == 1 { - u.err = fmsg.WrapError(syscall.EACCES, "") // fsu prints to stderr in this case + u.err = hlog.WrapErr(syscall.EACCES, "") // hsu prints to stderr in this case } else if os.IsNotExist(u.err) { - u.err = fmsg.WrapError(os.ErrNotExist, fmt.Sprintf("the setuid helper is missing: %s", fsuPath)) + u.err = hlog.WrapErr(os.ErrNotExist, fmt.Sprintf("the setuid helper is missing: %s", hsuPath)) } return u.uid, u.err } diff --git a/ldd/exec.go b/ldd/exec.go index cb1ecec..f6f940e 100644 --- a/ldd/exec.go +++ b/ldd/exec.go @@ -8,7 +8,7 @@ import ( "os/exec" "time" - "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/hakurei/sandbox" ) const lddTimeout = 2 * time.Second @@ -28,7 +28,7 @@ func ExecFilter(ctx context.Context, defer cancel() container := sandbox.New(c, "ldd", p) container.CommandContext = commandContext - container.Hostname = "fortify-ldd" + container.Hostname = "hakurei-ldd" stdout, stderr := new(bytes.Buffer), new(bytes.Buffer) container.Stdout = stdout container.Stderr = stderr diff --git a/ldd/ldd_test.go b/ldd/ldd_test.go index 9c348c3..35615fa 100644 --- a/ldd/ldd_test.go +++ b/ldd/ldd_test.go @@ -5,7 +5,7 @@ import ( "reflect" "testing" - "git.gensokyo.uk/security/fortify/ldd" + "git.gensokyo.uk/security/hakurei/ldd" ) func TestParseError(t *testing.T) { diff --git a/main.go b/main.go index 70f80a5..e5f54ee 100644 --- a/main.go +++ b/main.go @@ -15,17 +15,17 @@ import ( "syscall" "time" - "git.gensokyo.uk/security/fortify/command" - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/app/instance" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/state" - "git.gensokyo.uk/security/fortify/internal/sys" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/command" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/app/instance" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/internal/state" + "git.gensokyo.uk/security/hakurei/internal/sys" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/system" ) var ( @@ -35,13 +35,13 @@ var ( license string ) -func init() { fmsg.Prepare("fortify") } +func init() { hlog.Prepare("hakurei") } var std sys.State = new(sys.Std) func main() { // early init path, skips root check and duplicate PR_SET_DUMPABLE - sandbox.TryArgv0(fmsg.Output{}, fmsg.Prepare, internal.InstallFmsg) + sandbox.TryArgv0(hlog.Output{}, hlog.Prepare, internal.InstallFmsg) if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil { log.Printf("cannot set SUID_DUMP_DISABLE: %s", err) @@ -53,9 +53,9 @@ func main() { } buildCommand(os.Stderr).MustParse(os.Args[1:], func(err error) { - fmsg.Verbosef("command returned %v", err) + hlog.Verbosef("command returned %v", err) if errors.Is(err, errSuccess) { - fmsg.BeforeExit() + hlog.BeforeExit() os.Exit(0) } }) @@ -67,16 +67,13 @@ func buildCommand(out io.Writer) command.Command { flagVerbose bool flagJSON bool ) - c := command.New(out, log.Printf, "fortify", func([]string) error { - internal.InstallFmsg(flagVerbose) - return nil - }). - Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console"). + c := command.New(out, log.Printf, "hakurei", func([]string) error { internal.InstallFmsg(flagVerbose); return nil }). + Flag(&flagVerbose, "v", command.BoolFlag(false), "Increase log verbosity"). Flag(&flagJSON, "json", command.BoolFlag(false), "Serialise output in JSON when applicable") c.Command("shim", command.UsageInternal, func([]string) error { instance.ShimMain(); return errSuccess }) - c.Command("app", "Launch app defined by the specified config file", func(args []string) error { + c.Command("app", "Load app from configuration file", func(args []string) error { if len(args) < 1 { log.Fatal("app requires at least 1 argument") } @@ -107,7 +104,7 @@ func buildCommand(out io.Writer) command.Command { c.NewCommand("run", "Configure and start a permissive default sandbox", func(args []string) error { // initialise config from flags - config := &fst.Config{ + config := &hst.Config{ ID: fid, Args: args, } @@ -123,19 +120,19 @@ func buildCommand(out io.Writer) command.Command { passwdFunc = func() { var us string if uid, err := std.Uid(aid); err != nil { - fmsg.PrintBaseError(err, "cannot obtain uid from fsu:") + hlog.PrintBaseError(err, "cannot obtain uid from setuid wrapper:") os.Exit(1) } else { us = strconv.Itoa(uid) } if u, err := user.LookupId(us); err != nil { - fmsg.Verbosef("cannot look up uid %s", us) + hlog.Verbosef("cannot look up uid %s", us) passwd = &user.User{ Uid: us, Gid: us, Username: "chronos", - Name: "Fortify", + Name: "Hakurei Permissive Default", HomeDir: "/var/empty", } } else { @@ -233,7 +230,7 @@ func buildCommand(out io.Writer) command.Command { } var showFlagShort bool - c.NewCommand("show", "Show the contents of an app configuration", func(args []string) error { + c.NewCommand("show", "Show live or local app configuration", func(args []string) error { switch len(args) { case 0: // system printShowSystem(os.Stdout, showFlagShort, flagJSON) @@ -253,12 +250,12 @@ func buildCommand(out io.Writer) command.Command { }).Flag(&showFlagShort, "short", command.BoolFlag(false), "Omit filesystem information") var psFlagShort bool - c.NewCommand("ps", "List active apps and their state", func(args []string) error { + c.NewCommand("ps", "List active instances", func(args []string) error { printPs(os.Stdout, time.Now().UTC(), state.NewMulti(std.Paths().RunDirPath), psFlagShort, flagJSON) return errSuccess }).Flag(&psFlagShort, "short", command.BoolFlag(false), "Print instance id") - c.Command("version", "Show fortify version", func(args []string) error { + c.Command("version", "Display version information", func(args []string) error { fmt.Println(internal.Version()) return errSuccess }) @@ -269,7 +266,7 @@ func buildCommand(out io.Writer) command.Command { }) c.Command("template", "Produce a config template", func(args []string) error { - printJSON(os.Stdout, false, fst.Template()) + printJSON(os.Stdout, false, hst.Template()) return errSuccess }) @@ -281,7 +278,7 @@ func buildCommand(out io.Writer) command.Command { return c } -func runApp(config *fst.Config) { +func runApp(config *hst.Config) { ctx, stop := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM) defer stop() // unreachable @@ -289,7 +286,7 @@ func runApp(config *fst.Config) { rs := new(app.RunState) if sa, err := a.Seal(config); err != nil { - fmsg.PrintBaseError(err, "cannot seal app:") + hlog.PrintBaseError(err, "cannot seal app:") internal.Exit(1) } else { internal.Exit(instance.PrintRunStateErr(instance.ISetuid, rs, sa.Run(rs))) diff --git a/main_test.go b/main_test.go index 39c88cc..7e2b792 100644 --- a/main_test.go +++ b/main_test.go @@ -6,7 +6,7 @@ import ( "flag" "testing" - "git.gensokyo.uk/security/fortify/command" + "git.gensokyo.uk/security/hakurei/command" ) func TestHelp(t *testing.T) { @@ -17,14 +17,14 @@ func TestHelp(t *testing.T) { }{ { "main", []string{}, ` -Usage: fortify [-h | --help] [-v] [--json] COMMAND [OPTIONS] +Usage: hakurei [-h | --help] [-v] [--json] COMMAND [OPTIONS] Commands: - app Launch app defined by the specified config file + app Load app from configuration file run Configure and start a permissive default sandbox - show Show the contents of an app configuration - ps List active apps and their state - version Show fortify version + show Show live or local app configuration + ps List active instances + version Display version information license Show full license text template Produce a config template help Show this help message @@ -33,7 +33,7 @@ Commands: }, { "run", []string{"run", "-h"}, ` -Usage: fortify run [-h | --help] [--dbus-config ] [--dbus-system ] [--mpris] [--dbus-log] [--id ] [-a ] [-g ] [-d ] [-u ] [--wayland] [-X] [--dbus] [--pulse] COMMAND [OPTIONS] +Usage: hakurei run [-h | --help] [--dbus-config ] [--dbus-system ] [--mpris] [--dbus-log] [--id ] [-a ] [-g ] [-d ] [-u ] [--wayland] [-X] [--dbus] [--pulse] COMMAND [OPTIONS] Flags: -X Enable direct connection to X11 diff --git a/nixos.nix b/nixos.nix index 25eb777..bae7d72 100644 --- a/nixos.nix +++ b/nixos.nix @@ -18,7 +18,7 @@ let optionals ; - cfg = config.environment.fortify; + cfg = config.environment.hakurei; getsubuid = fid: aid: 1000000 + fid * 10000 + aid; getsubname = fid: aid: "u${toString fid}_a${toString aid}"; @@ -45,20 +45,21 @@ in in { assertion = (lists.length conflictingApps) == 0; - message = "the following fortify apps have conflicting identities: " + (builtins.concatStringsSep ", " conflictingApps); + message = "the following hakurei apps have conflicting identities: " + (builtins.concatStringsSep ", " conflictingApps); } ) ]; - security.wrappers.fsu = { - source = "${cfg.fsuPackage}/bin/fsu"; + security.wrappers.hsu = { + + source = "${cfg.hsuPackage}/bin/hsu"; setuid = true; owner = "root"; setgid = true; group = "root"; }; - environment.etc.fsurc = { + environment.etc.hsurc = { mode = "0400"; text = foldlAttrs ( acc: username: fid: @@ -200,7 +201,7 @@ in }; in pkgs.writeShellScriptBin app.name '' - exec fortify${if app.verbose then " -v" else ""} app ${pkgs.writeText "fortify-${app.name}.json" (builtins.toJSON conf)} $@ + exec hakurei${if app.verbose then " -v" else ""} app ${pkgs.writeText "hakurei-app-${app.name}.json" (builtins.toJSON conf)} $@ '' ) ] @@ -281,7 +282,7 @@ in getuser = fid: aid: { isSystemUser = true; createHome = true; - description = "Fortify subordinate user ${toString aid} (u${toString fid})"; + description = "Hakurei subordinate user ${toString aid} (u${toString fid})"; group = getsubname fid aid; home = getsubhome fid aid; uid = getsubuid fid aid; diff --git a/options.md b/options.md index cc2cf3f..ef51c5d 100644 --- a/options.md +++ b/options.md @@ -1,8 +1,8 @@ -## environment\.fortify\.enable +## environment\.hakurei\.enable -Whether to enable fortify\. +Whether to enable hakurei\. @@ -21,11 +21,11 @@ boolean -## environment\.fortify\.package +## environment\.hakurei\.package -The fortify package to use\. +The hakurei package to use\. @@ -35,13 +35,13 @@ package *Default:* -` ` +` ` -## environment\.fortify\.apps +## environment\.hakurei\.apps -Declaratively configured fortify apps\. +Declaratively configured hakurei apps\. @@ -55,7 +55,7 @@ attribute set of (submodule) -## environment\.fortify\.apps\.\\.packages +## environment\.hakurei\.apps\.\\.packages @@ -73,7 +73,7 @@ list of package -## environment\.fortify\.apps\.\\.args +## environment\.hakurei\.apps\.\\.args @@ -92,7 +92,7 @@ null or (list of string) -## environment\.fortify\.apps\.\\.capability\.dbus +## environment\.hakurei\.apps\.\\.capability\.dbus @@ -110,7 +110,7 @@ boolean -## environment\.fortify\.apps\.\\.capability\.pulse +## environment\.hakurei\.apps\.\\.capability\.pulse @@ -128,7 +128,7 @@ boolean -## environment\.fortify\.apps\.\\.capability\.wayland +## environment\.hakurei\.apps\.\\.capability\.wayland @@ -146,7 +146,7 @@ boolean -## environment\.fortify\.apps\.\\.capability\.x11 +## environment\.hakurei\.apps\.\\.capability\.x11 @@ -164,7 +164,7 @@ boolean -## environment\.fortify\.apps\.\\.command +## environment\.hakurei\.apps\.\\.command @@ -184,7 +184,7 @@ null or string -## environment\.fortify\.apps\.\\.dbus\.session +## environment\.hakurei\.apps\.\\.dbus\.session @@ -203,7 +203,7 @@ null or (function that evaluates to a(n) anything) -## environment\.fortify\.apps\.\\.dbus\.system +## environment\.hakurei\.apps\.\\.dbus\.system @@ -222,7 +222,7 @@ null or anything -## environment\.fortify\.apps\.\\.devel +## environment\.hakurei\.apps\.\\.devel @@ -245,7 +245,7 @@ boolean -## environment\.fortify\.apps\.\\.device +## environment\.hakurei\.apps\.\\.device @@ -268,7 +268,7 @@ boolean -## environment\.fortify\.apps\.\\.env +## environment\.hakurei\.apps\.\\.env @@ -286,7 +286,7 @@ null or (attribute set of string) -## environment\.fortify\.apps\.\\.extraConfig +## environment\.hakurei\.apps\.\\.extraConfig @@ -304,7 +304,7 @@ anything -## environment\.fortify\.apps\.\\.extraPaths +## environment\.hakurei\.apps\.\\.extraPaths @@ -322,7 +322,7 @@ list of (submodule) -## environment\.fortify\.apps\.\\.extraPaths\.\*\.dev +## environment\.hakurei\.apps\.\\.extraPaths\.\*\.dev @@ -345,7 +345,7 @@ boolean -## environment\.fortify\.apps\.\\.extraPaths\.\*\.dst +## environment\.hakurei\.apps\.\\.extraPaths\.\*\.dst @@ -363,7 +363,7 @@ null or string -## environment\.fortify\.apps\.\\.extraPaths\.\*\.require +## environment\.hakurei\.apps\.\\.extraPaths\.\*\.require @@ -386,7 +386,7 @@ boolean -## environment\.fortify\.apps\.\\.extraPaths\.\*\.src +## environment\.hakurei\.apps\.\\.extraPaths\.\*\.src @@ -399,7 +399,7 @@ string -## environment\.fortify\.apps\.\\.extraPaths\.\*\.write +## environment\.hakurei\.apps\.\\.extraPaths\.\*\.write @@ -422,7 +422,7 @@ boolean -## environment\.fortify\.apps\.\\.gpu +## environment\.hakurei\.apps\.\\.gpu @@ -441,7 +441,7 @@ null or boolean -## environment\.fortify\.apps\.\\.groups +## environment\.hakurei\.apps\.\\.groups @@ -459,7 +459,7 @@ list of string -## environment\.fortify\.apps\.\\.identity +## environment\.hakurei\.apps\.\\.identity @@ -472,7 +472,7 @@ integer between 1 and 9999 (both inclusive) -## environment\.fortify\.apps\.\\.insecureWayland +## environment\.hakurei\.apps\.\\.insecureWayland @@ -495,7 +495,7 @@ boolean -## environment\.fortify\.apps\.\\.mapRealUid +## environment\.hakurei\.apps\.\\.mapRealUid @@ -518,7 +518,7 @@ boolean -## environment\.fortify\.apps\.\\.multiarch +## environment\.hakurei\.apps\.\\.multiarch @@ -541,7 +541,7 @@ boolean -## environment\.fortify\.apps\.\\.name +## environment\.hakurei\.apps\.\\.name @@ -554,7 +554,7 @@ string -## environment\.fortify\.apps\.\\.net +## environment\.hakurei\.apps\.\\.net @@ -577,7 +577,7 @@ boolean -## environment\.fortify\.apps\.\\.nix +## environment\.hakurei\.apps\.\\.nix @@ -600,7 +600,7 @@ boolean -## environment\.fortify\.apps\.\\.path +## environment\.hakurei\.apps\.\\.path @@ -619,7 +619,7 @@ null or string -## environment\.fortify\.apps\.\\.script +## environment\.hakurei\.apps\.\\.script @@ -637,7 +637,7 @@ null or string -## environment\.fortify\.apps\.\\.share +## environment\.hakurei\.apps\.\\.share @@ -656,7 +656,7 @@ null or package -## environment\.fortify\.apps\.\\.shareUid +## environment\.hakurei\.apps\.\\.shareUid @@ -679,7 +679,7 @@ boolean -## environment\.fortify\.apps\.\\.tty +## environment\.hakurei\.apps\.\\.tty @@ -702,7 +702,7 @@ boolean -## environment\.fortify\.apps\.\\.useCommonPaths +## environment\.hakurei\.apps\.\\.useCommonPaths @@ -725,7 +725,7 @@ boolean -## environment\.fortify\.apps\.\\.userns +## environment\.hakurei\.apps\.\\.userns @@ -748,7 +748,7 @@ boolean -## environment\.fortify\.apps\.\\.verbose +## environment\.hakurei\.apps\.\\.verbose @@ -771,7 +771,7 @@ boolean -## environment\.fortify\.commonPaths +## environment\.hakurei\.commonPaths @@ -789,7 +789,7 @@ list of (submodule) -## environment\.fortify\.commonPaths\.\*\.dev +## environment\.hakurei\.commonPaths\.\*\.dev @@ -812,7 +812,7 @@ boolean -## environment\.fortify\.commonPaths\.\*\.dst +## environment\.hakurei\.commonPaths\.\*\.dst @@ -830,7 +830,7 @@ null or string -## environment\.fortify\.commonPaths\.\*\.require +## environment\.hakurei\.commonPaths\.\*\.require @@ -853,7 +853,7 @@ boolean -## environment\.fortify\.commonPaths\.\*\.src +## environment\.hakurei\.commonPaths\.\*\.src @@ -866,7 +866,7 @@ string -## environment\.fortify\.commonPaths\.\*\.write +## environment\.hakurei\.commonPaths\.\*\.write @@ -889,7 +889,7 @@ boolean -## environment\.fortify\.extraHomeConfig +## environment\.hakurei\.extraHomeConfig @@ -902,11 +902,11 @@ anything -## environment\.fortify\.fsuPackage +## environment\.hakurei\.hsuPackage -The fsu package to use\. +The hsu package to use\. @@ -916,11 +916,11 @@ package *Default:* -` ` +` ` -## environment\.fortify\.stateDir +## environment\.hakurei\.stateDir @@ -933,11 +933,11 @@ string -## environment\.fortify\.users +## environment\.hakurei\.users -Users allowed to spawn fortify apps and their corresponding fortify fid\. +Users allowed to spawn hakurei apps and their corresponding hakurei identity\. diff --git a/options.nix b/options.nix index 29c9a4f..684485e 100644 --- a/options.nix +++ b/options.nix @@ -39,19 +39,19 @@ in { options = { - environment.fortify = { - enable = mkEnableOption "fortify"; + environment.hakurei = { + enable = mkEnableOption "hakurei"; package = mkOption { type = types.package; - default = packages.${pkgs.system}.fortify; - description = "The fortify package to use."; + default = packages.${pkgs.system}.hakurei; + description = "The hakurei package to use."; }; - fsuPackage = mkOption { + hsuPackage = mkOption { type = types.package; - default = packages.${pkgs.system}.fsu; - description = "The fsu package to use."; + default = packages.${pkgs.system}.hsu; + description = "The hsu package to use."; }; users = mkOption { @@ -61,7 +61,7 @@ in in attrsOf (ints.between 0 99); description = '' - Users allowed to spawn fortify apps and their corresponding fortify fid. + Users allowed to spawn hakurei apps and their corresponding hakurei identity. ''; }; @@ -276,7 +276,7 @@ in }); default = { }; description = '' - Declaratively configured fortify apps. + Declaratively configured hakurei apps. ''; }; diff --git a/package.nix b/package.nix index 128b18c..aa73ada 100644 --- a/package.nix +++ b/package.nix @@ -30,13 +30,13 @@ }: buildGoModule rec { - pname = "fortify"; + pname = "hakurei"; version = "0.4.1"; srcFiltered = builtins.path { name = "${pname}-src"; path = lib.cleanSource ./.; - filter = path: type: !(type == "regular" && (lib.hasSuffix ".nix" path || lib.hasSuffix ".py" path)) && !(type == "directory" && lib.hasSuffix "/test" path) && !(type == "directory" && lib.hasSuffix "/cmd/fsu" path); + filter = path: type: !(type == "regular" && (lib.hasSuffix ".nix" path || lib.hasSuffix ".py" path)) && !(type == "directory" && lib.hasSuffix "/test" path) && !(type == "directory" && lib.hasSuffix "/cmd/hsu" path); }; vendorHash = null; @@ -65,7 +65,7 @@ buildGoModule rec { lib.attrsets.foldlAttrs ( ldflags: name: value: - ldflags ++ [ "-X git.gensokyo.uk/security/fortify/internal.${name}=${value}" ] + ldflags ++ [ "-X git.gensokyo.uk/security/hakurei/internal.${name}=${value}" ] ) ( [ "-s -w" ] @@ -76,7 +76,7 @@ buildGoModule rec { ) { version = "v${version}"; - fsu = "/run/wrappers/bin/fsu"; + hsu = "/run/wrappers/bin/hsu"; }; # nix build environment does not allow acls @@ -113,7 +113,7 @@ buildGoModule rec { mkdir "$out/libexec" mv "$out"/bin/* "$out/libexec/" - makeBinaryWrapper "$out/libexec/fortify" "$out/bin/fortify" \ + makeBinaryWrapper "$out/libexec/hakurei" "$out/bin/hakurei" \ --inherit-argv0 --prefix PATH : ${lib.makeBinPath appPackages} makeBinaryWrapper "$out/libexec/fpkg" "$out/bin/fpkg" \ diff --git a/parse.go b/parse.go index 3efb044..2e7f507 100644 --- a/parse.go +++ b/parse.go @@ -10,19 +10,19 @@ import ( "strings" "syscall" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/state" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/internal/state" ) -func tryPath(name string) (config *fst.Config) { +func tryPath(name string) (config *hst.Config) { var r io.Reader - config = new(fst.Config) + config = new(hst.Config) if name != "-" { r = tryFd(name) if r == nil { - fmsg.Verbose("load configuration from file") + hlog.Verbose("load configuration from file") if f, err := os.Open(name); err != nil { log.Fatalf("cannot access configuration file %q: %s", name, err) @@ -51,11 +51,11 @@ func tryPath(name string) (config *fst.Config) { func tryFd(name string) io.ReadCloser { if v, err := strconv.Atoi(name); err != nil { if !errors.Is(err, strconv.ErrSyntax) { - fmsg.Verbosef("name cannot be interpreted as int64: %v", err) + hlog.Verbosef("name cannot be interpreted as int64: %v", err) } return nil } else { - fmsg.Verbosef("trying config stream from %d", v) + hlog.Verbosef("trying config stream from %d", v) fd := uintptr(v) if _, _, errno := syscall.Syscall(syscall.SYS_FCNTL, fd, syscall.F_GETFD, 0); errno != 0 { if errors.Is(errno, syscall.EBADF) { @@ -67,7 +67,7 @@ func tryFd(name string) io.ReadCloser { } } -func tryShort(name string) (config *fst.Config, entry *state.State) { +func tryShort(name string) (config *hst.Config, entry *state.State) { likePrefix := false if len(name) <= 32 { likePrefix = true @@ -85,7 +85,7 @@ func tryShort(name string) (config *fst.Config, entry *state.State) { // try to match from state store if likePrefix && len(name) >= 8 { - fmsg.Verbose("argument looks like prefix") + hlog.Verbose("argument looks like prefix") s := state.NewMulti(std.Paths().RunDirPath) if entries, err := state.Join(s); err != nil { @@ -101,7 +101,7 @@ func tryShort(name string) (config *fst.Config, entry *state.State) { break } - fmsg.Verbosef("instance %s skipped", v) + hlog.Verbosef("instance %s skipped", v) } } } diff --git a/print.go b/print.go index 2f679eb..a8ede63 100644 --- a/print.go +++ b/print.go @@ -12,21 +12,21 @@ import ( "text/tabwriter" "time" - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/internal/state" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/internal/state" ) func printShowSystem(output io.Writer, short, flagJSON bool) { t := newPrinter(output) defer t.MustFlush() - info := new(fst.Info) + info := new(hst.Info) // get fid by querying uid of aid 0 if uid, err := std.Uid(0); err != nil { - fmsg.PrintBaseError(err, "cannot obtain uid from fsu:") + hlog.PrintBaseError(err, "cannot obtain uid from setuid wrapper:") os.Exit(1) } else { info.User = (uid / 10000) - 100 @@ -42,7 +42,7 @@ func printShowSystem(output io.Writer, short, flagJSON bool) { func printShowInstance( output io.Writer, now time.Time, - instance *state.State, config *fst.Config, + instance *state.State, config *hst.Config, short, flagJSON bool) { if flagJSON { if instance != nil { @@ -69,9 +69,9 @@ func printShowInstance( t.Printf("App\n") if config.ID != "" { - t.Printf(" ID:\t%d (%s)\n", config.Identity, config.ID) + t.Printf(" Identity:\t%d (%s)\n", config.Identity, config.ID) } else { - t.Printf(" ID:\t%d\n", config.Identity) + t.Printf(" Identity:\t%d\n", config.Identity) } t.Printf(" Enablements:\t%s\n", config.Enablements.String()) if len(config.Groups) > 0 { @@ -264,7 +264,7 @@ func printPs(output io.Writer, now time.Time, s state.Store, short, flagJSON boo as = strconv.Itoa(e.Config.Identity) id := e.Config.ID if id == "" { - id = "uk.gensokyo.fortify." + e.s[:8] + id = "uk.gensokyo.hakurei." + e.s[:8] } as += " (" + id + ")" } diff --git a/print_test.go b/print_test.go index 4e50dfd..0c10804 100644 --- a/print_test.go +++ b/print_test.go @@ -5,10 +5,10 @@ import ( "testing" "time" - "git.gensokyo.uk/security/fortify/dbus" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal/app" - "git.gensokyo.uk/security/fortify/internal/state" + "git.gensokyo.uk/security/hakurei/dbus" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal/app" + "git.gensokyo.uk/security/hakurei/internal/state" ) var ( @@ -21,7 +21,7 @@ var ( testState = &state.State{ ID: testID, PID: 0xDEADBEEF, - Config: fst.Template(), + Config: hst.Template(), Time: testAppTime, } testTime = time.Unix(3752, 1).UTC() @@ -32,15 +32,15 @@ func Test_printShowInstance(t *testing.T) { testCases := []struct { name string instance *state.State - config *fst.Config + config *hst.Config short, json bool want string }{ - {"config", nil, fst.Template(), false, false, `App - ID: 9 (org.chromium.Chromium) + {"config", nil, hst.Template(), false, false, `App + Identity: 9 (org.chromium.Chromium) Enablements: wayland, dbus, pulseaudio Groups: video, dialout, plugdev - Data: /var/lib/fortify/u0/org.chromium.Chromium + Data: /var/lib/hakurei/u0/org.chromium.Chromium Hostname: localhost Flags: userns devel net device tty mapuid autoetc Etc: /etc @@ -53,12 +53,12 @@ Filesystem +/run/current-system +/run/opengl-driver +/var/db/nix-channels - w*/var/lib/fortify/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium + w*/var/lib/hakurei/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium d+/dev/dri Extra ACL - --x+:/var/lib/fortify/u0 - rwx:/var/lib/fortify/u0/org.chromium.Chromium + --x+:/var/lib/hakurei/u0 + rwx:/var/lib/hakurei/u0/org.chromium.Chromium Session bus Filter: true @@ -72,23 +72,23 @@ System bus Talk: ["org.bluez" "org.freedesktop.Avahi" "org.freedesktop.UPower"] `}, - {"config pd", nil, new(fst.Config), false, false, `Warning: this configuration uses permissive defaults! + {"config pd", nil, new(hst.Config), false, false, `Warning: this configuration uses permissive defaults! App - ID: 0 + Identity: 0 Enablements: (no enablements) `}, - {"config flag none", nil, &fst.Config{Container: new(fst.ContainerConfig)}, false, false, `App - ID: 0 + {"config flag none", nil, &hst.Config{Container: new(hst.ContainerConfig)}, false, false, `App + Identity: 0 Enablements: (no enablements) Flags: none Etc: /etc Path: `}, - {"config nil entries", nil, &fst.Config{Container: &fst.ContainerConfig{Filesystem: make([]*fst.FilesystemConfig, 1)}, ExtraPerms: make([]*fst.ExtraPermConfig, 1)}, false, false, `App - ID: 0 + {"config nil entries", nil, &hst.Config{Container: &hst.ContainerConfig{Filesystem: make([]*hst.FilesystemConfig, 1)}, ExtraPerms: make([]*hst.ExtraPermConfig, 1)}, false, false, `App + Identity: 0 Enablements: (no enablements) Flags: none Etc: /etc @@ -99,10 +99,10 @@ Filesystem Extra ACL `}, - {"config pd dbus see", nil, &fst.Config{SessionBus: &dbus.Config{See: []string{"org.example.test"}}}, false, false, `Warning: this configuration uses permissive defaults! + {"config pd dbus see", nil, &hst.Config{SessionBus: &dbus.Config{See: []string{"org.example.test"}}}, false, false, `Warning: this configuration uses permissive defaults! App - ID: 0 + Identity: 0 Enablements: (no enablements) Session bus @@ -111,15 +111,15 @@ Session bus `}, - {"instance", testState, fst.Template(), false, false, `State + {"instance", testState, hst.Template(), false, false, `State Instance: 8e2c76b066dabe574cf073bdb46eb5c1 (3735928559) Uptime: 1h2m32s App - ID: 9 (org.chromium.Chromium) + Identity: 9 (org.chromium.Chromium) Enablements: wayland, dbus, pulseaudio Groups: video, dialout, plugdev - Data: /var/lib/fortify/u0/org.chromium.Chromium + Data: /var/lib/hakurei/u0/org.chromium.Chromium Hostname: localhost Flags: userns devel net device tty mapuid autoetc Etc: /etc @@ -132,12 +132,12 @@ Filesystem +/run/current-system +/run/opengl-driver +/var/db/nix-channels - w*/var/lib/fortify/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium + w*/var/lib/hakurei/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium d+/dev/dri Extra ACL - --x+:/var/lib/fortify/u0 - rwx:/var/lib/fortify/u0/org.chromium.Chromium + --x+:/var/lib/hakurei/u0 + rwx:/var/lib/hakurei/u0/org.chromium.Chromium Session bus Filter: true @@ -151,14 +151,14 @@ System bus Talk: ["org.bluez" "org.freedesktop.Avahi" "org.freedesktop.UPower"] `}, - {"instance pd", testState, new(fst.Config), false, false, `Warning: this configuration uses permissive defaults! + {"instance pd", testState, new(hst.Config), false, false, `Warning: this configuration uses permissive defaults! State Instance: 8e2c76b066dabe574cf073bdb46eb5c1 (3735928559) Uptime: 1h2m32s App - ID: 0 + Identity: 0 Enablements: (no enablements) `}, @@ -234,16 +234,16 @@ App }, "username": "chronos", "shell": "/run/current-system/sw/bin/zsh", - "data": "/var/lib/fortify/u0/org.chromium.Chromium", + "data": "/var/lib/hakurei/u0/org.chromium.Chromium", "dir": "/data/data/org.chromium.Chromium", "extra_perms": [ { "ensure": true, - "path": "/var/lib/fortify/u0", + "path": "/var/lib/hakurei/u0", "x": true }, { - "path": "/var/lib/fortify/u0/org.chromium.Chromium", + "path": "/var/lib/hakurei/u0/org.chromium.Chromium", "r": true, "w": true, "x": true @@ -285,7 +285,7 @@ App }, { "dst": "/data/data/org.chromium.Chromium", - "src": "/var/lib/fortify/u0/org.chromium.Chromium", + "src": "/var/lib/hakurei/u0/org.chromium.Chromium", "write": true, "require": true }, @@ -310,7 +310,7 @@ App "time": "1970-01-01T00:00:00.000000009Z" } `}, - {"json config", nil, fst.Template(), false, true, `{ + {"json config", nil, hst.Template(), false, true, `{ "id": "org.chromium.Chromium", "path": "/run/current-system/sw/bin/chromium", "args": [ @@ -359,16 +359,16 @@ App }, "username": "chronos", "shell": "/run/current-system/sw/bin/zsh", - "data": "/var/lib/fortify/u0/org.chromium.Chromium", + "data": "/var/lib/hakurei/u0/org.chromium.Chromium", "dir": "/data/data/org.chromium.Chromium", "extra_perms": [ { "ensure": true, - "path": "/var/lib/fortify/u0", + "path": "/var/lib/hakurei/u0", "x": true }, { - "path": "/var/lib/fortify/u0/org.chromium.Chromium", + "path": "/var/lib/hakurei/u0/org.chromium.Chromium", "r": true, "w": true, "x": true @@ -410,7 +410,7 @@ App }, { "dst": "/data/data/org.chromium.Chromium", - "src": "/var/lib/fortify/u0/org.chromium.Chromium", + "src": "/var/lib/hakurei/u0/org.chromium.Chromium", "write": true, "require": true }, @@ -460,8 +460,8 @@ func Test_printPs(t *testing.T) { {"nil instance", state.Entries{testID: nil}, false, false, " Instance PID Application Uptime\n"}, {"state corruption", state.Entries{app.ID{}: testState}, false, false, " Instance PID Application Uptime\n"}, - {"valid pd", state.Entries{testID: &state.State{ID: testID, PID: 1 << 8, Config: new(fst.Config), Time: testAppTime}}, false, false, ` Instance PID Application Uptime - 8e2c76b0 256 0 (uk.gensokyo.fortify.8e2c76b0) 1h2m32s + {"valid pd", state.Entries{testID: &state.State{ID: testID, PID: 1 << 8, Config: new(hst.Config), Time: testAppTime}}, false, false, ` Instance PID Application Uptime + 8e2c76b0 256 0 (uk.gensokyo.hakurei.8e2c76b0) 1h2m32s `}, {"valid", state.Entries{testID: testState}, false, false, ` Instance PID Application Uptime @@ -538,16 +538,16 @@ func Test_printPs(t *testing.T) { }, "username": "chronos", "shell": "/run/current-system/sw/bin/zsh", - "data": "/var/lib/fortify/u0/org.chromium.Chromium", + "data": "/var/lib/hakurei/u0/org.chromium.Chromium", "dir": "/data/data/org.chromium.Chromium", "extra_perms": [ { "ensure": true, - "path": "/var/lib/fortify/u0", + "path": "/var/lib/hakurei/u0", "x": true }, { - "path": "/var/lib/fortify/u0/org.chromium.Chromium", + "path": "/var/lib/hakurei/u0/org.chromium.Chromium", "r": true, "w": true, "x": true @@ -589,7 +589,7 @@ func Test_printPs(t *testing.T) { }, { "dst": "/data/data/org.chromium.Chromium", - "src": "/var/lib/fortify/u0/org.chromium.Chromium", + "src": "/var/lib/hakurei/u0/org.chromium.Chromium", "write": true, "require": true }, diff --git a/sandbox/container.go b/sandbox/container.go index eb8b734..475f614 100644 --- a/sandbox/container.go +++ b/sandbox/container.go @@ -14,7 +14,7 @@ import ( "syscall" "time" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" ) type HardeningFlags uintptr diff --git a/sandbox/container_test.go b/sandbox/container_test.go index 545ffa8..7f64e12 100644 --- a/sandbox/container_test.go +++ b/sandbox/container_test.go @@ -12,13 +12,13 @@ import ( "testing" "time" - "git.gensokyo.uk/security/fortify/fst" - "git.gensokyo.uk/security/fortify/internal" - "git.gensokyo.uk/security/fortify/internal/fmsg" - "git.gensokyo.uk/security/fortify/ldd" - "git.gensokyo.uk/security/fortify/sandbox" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" - "git.gensokyo.uk/security/fortify/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/hst" + "git.gensokyo.uk/security/hakurei/internal" + "git.gensokyo.uk/security/hakurei/internal/hlog" + "git.gensokyo.uk/security/hakurei/ldd" + "git.gensokyo.uk/security/hakurei/sandbox" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/sandbox/vfs" ) const ( @@ -28,10 +28,10 @@ const ( func TestContainer(t *testing.T) { { - oldVerbose := fmsg.Load() + oldVerbose := hlog.Load() oldOutput := sandbox.GetOutput() internal.InstallFmsg(true) - t.Cleanup(func() { fmsg.Store(oldVerbose) }) + t.Cleanup(func() { hlog.Store(oldVerbose) }) t.Cleanup(func() { sandbox.SetOutput(oldOutput) }) } @@ -47,9 +47,9 @@ func TestContainer(t *testing.T) { new(sandbox.Ops), nil, "test-minimal"}, {"tmpfs", 0, new(sandbox.Ops). - Tmpfs(fst.Tmp, 0, 0755), + Tmpfs(hst.Tmp, 0, 0755), []*vfs.MountInfoEntry{ - e("/", fst.Tmp, "rw,nosuid,nodev,relatime", "tmpfs", "tmpfs", ignore), + e("/", hst.Tmp, "rw,nosuid,nodev,relatime", "tmpfs", "tmpfs", ignore), }, "test-tmpfs"}, {"dev", sandbox.FAllowTTY, // go test output is not a tty new(sandbox.Ops). @@ -132,14 +132,14 @@ func TestContainer(t *testing.T) { container.Stdin = want if err := container.Start(); err != nil { - fmsg.PrintBaseError(err, "start:") + hlog.PrintBaseError(err, "start:") t.Fatalf("cannot start container: %v", err) } else if err = container.Serve(); err != nil { - fmsg.PrintBaseError(err, "serve:") + hlog.PrintBaseError(err, "serve:") t.Errorf("cannot serve setup params: %v", err) } if err := container.Wait(); err != nil { - fmsg.PrintBaseError(err, "wait:") + hlog.PrintBaseError(err, "wait:") t.Fatalf("wait: %v", err) } }) @@ -175,8 +175,8 @@ func TestHelperInit(t *testing.T) { if len(os.Args) != 5 || os.Args[4] != "init" { return } - sandbox.SetOutput(fmsg.Output{}) - sandbox.Init(fmsg.Prepare, internal.InstallFmsg) + sandbox.SetOutput(hlog.Output{}) + sandbox.Init(hlog.Prepare, internal.InstallFmsg) } func TestHelperCheckContainer(t *testing.T) { diff --git a/sandbox/executable_test.go b/sandbox/executable_test.go index 3f8e028..8a11864 100644 --- a/sandbox/executable_test.go +++ b/sandbox/executable_test.go @@ -4,7 +4,7 @@ import ( "os" "testing" - "git.gensokyo.uk/security/fortify/sandbox" + "git.gensokyo.uk/security/hakurei/sandbox" ) func TestExecutable(t *testing.T) { diff --git a/sandbox/init.go b/sandbox/init.go index 65bc3bc..466d925 100644 --- a/sandbox/init.go +++ b/sandbox/init.go @@ -13,7 +13,7 @@ import ( "syscall" "time" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" ) const ( @@ -24,7 +24,7 @@ const ( basePath = "/tmp" // setup params file descriptor - setupEnv = "FORTIFY_SETUP" + setupEnv = "HAKUREI_SETUP" ) type initParams struct { @@ -56,7 +56,7 @@ func Init(prepare func(prefix string), setVerbose func(verbose bool)) { log.Fatal("invalid setup descriptor") } if errors.Is(err, ErrNotSet) { - log.Fatal("FORTIFY_SETUP not set") + log.Fatal("HAKUREI_SETUP not set") } log.Fatalf("cannot decode init setup payload: %v", err) diff --git a/sandbox/mount.go b/sandbox/mount.go index e22fad7..73dd14a 100644 --- a/sandbox/mount.go +++ b/sandbox/mount.go @@ -7,7 +7,7 @@ import ( "path/filepath" "syscall" - "git.gensokyo.uk/security/fortify/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/sandbox/vfs" ) func (p *procPaths) bindMount(source, target string, flags uintptr, eq bool) error { diff --git a/sandbox/path.go b/sandbox/path.go index 2517bfb..84dfbc3 100644 --- a/sandbox/path.go +++ b/sandbox/path.go @@ -10,7 +10,7 @@ import ( "strings" "syscall" - "git.gensokyo.uk/security/fortify/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/sandbox/vfs" ) const ( diff --git a/sandbox/seccomp/api.go b/sandbox/seccomp/api.go index f084a14..81fb68c 100644 --- a/sandbox/seccomp/api.go +++ b/sandbox/seccomp/api.go @@ -5,7 +5,7 @@ import ( "errors" "syscall" - "git.gensokyo.uk/security/fortify/helper/proc" + "git.gensokyo.uk/security/hakurei/helper/proc" ) const ( diff --git a/sandbox/seccomp/export_test.go b/sandbox/seccomp/export_test.go index dbe4d74..482d6e5 100644 --- a/sandbox/seccomp/export_test.go +++ b/sandbox/seccomp/export_test.go @@ -8,7 +8,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" ) func TestExport(t *testing.T) { @@ -72,7 +72,7 @@ func TestExport(t *testing.T) { 0x80, 0x8b, 0x1a, 0x6f, 0x84, 0xf3, 0x2b, 0xbd, 0xe1, 0xaa, 0x02, 0xae, 0x30, 0xee, 0xdc, 0xfa, }, false}, - {"fortify default", seccomp.FilterExt | seccomp.FilterDenyDevel, []byte{ + {"hakurei default", seccomp.FilterExt | seccomp.FilterDenyDevel, []byte{ 0xc6, 0x98, 0xb0, 0x81, 0xff, 0x95, 0x7a, 0xfe, 0x17, 0xa6, 0xd9, 0x43, 0x74, 0x53, 0x7d, 0x37, 0xf2, 0xa6, 0x3f, 0x6f, 0x9d, 0xd7, 0x5d, 0xa7, diff --git a/sandbox/seccomp/output.go b/sandbox/seccomp/output.go index db81feb..27d5098 100644 --- a/sandbox/seccomp/output.go +++ b/sandbox/seccomp/output.go @@ -22,8 +22,8 @@ func GetOutput() func(v ...any) { } } -//export f_println -func f_println(v *C.char) { +//export hakurei_println +func hakurei_println(v *C.char) { if fp := printlnP.Load(); fp != nil { (*fp)(C.GoString(v)) } diff --git a/sandbox/seccomp/seccomp-build.c b/sandbox/seccomp/seccomp-build.c index a6dc40d..6eb3c53 100644 --- a/sandbox/seccomp/seccomp-build.c +++ b/sandbox/seccomp/seccomp-build.c @@ -18,7 +18,7 @@ #error This package requires libseccomp >= v2.5.1 #endif -struct f_syscall_act { +struct hakurei_syscall_act { int syscall; int m_errno; struct scmp_arg_cmp *arg; @@ -28,8 +28,8 @@ struct f_syscall_act { #define SECCOMP_RULESET_ADD(ruleset) \ do { \ - if (opts & F_VERBOSE) \ - f_println("adding seccomp ruleset \"" #ruleset "\""); \ + if (opts & HAKUREI_VERBOSE) \ + hakurei_println("adding seccomp ruleset \"" #ruleset "\""); \ for (int i = 0; i < LEN(ruleset); i++) { \ assert(ruleset[i].m_errno == EPERM || ruleset[i].m_errno == ENOSYS); \ \ @@ -50,18 +50,18 @@ struct f_syscall_act { } \ } while (0) -int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, - f_filter_opts opts) { +int32_t hakurei_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, + hakurei_filter_opts opts) { int32_t res = 0; /* refer to resPrefix for message */ - int allow_multiarch = opts & F_MULTIARCH; + int allow_multiarch = opts & HAKUREI_MULTIARCH; int allowed_personality = PER_LINUX; - if (opts & F_LINUX32) + if (opts & HAKUREI_LINUX32) allowed_personality = PER_LINUX32; /* flatpak commit 4c3bf179e2e4a2a298cd1db1d045adaf3f564532 */ - struct f_syscall_act deny_common[] = { + struct hakurei_syscall_act deny_common[] = { /* Block dmesg */ {SCMP_SYS(syslog), EPERM}, /* Useless old syscall */ @@ -84,8 +84,8 @@ int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, {SCMP_SYS(migrate_pages), EPERM}, }; - /* fortify: project-specific extensions */ - struct f_syscall_act deny_common_ext[] = { + /* hakurei: project-specific extensions */ + struct hakurei_syscall_act deny_common_ext[] = { /* system calls for changing the system clock */ {SCMP_SYS(adjtimex), EPERM}, {SCMP_SYS(clock_adjtime), EPERM}, @@ -109,7 +109,7 @@ int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, {SCMP_SYS(swapon), EPERM}, }; - struct f_syscall_act deny_ns[] = { + struct hakurei_syscall_act deny_ns[] = { /* Don't allow subnamespace setups: */ {SCMP_SYS(unshare), EPERM}, {SCMP_SYS(setns), EPERM}, @@ -149,8 +149,8 @@ int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, {SCMP_SYS(mount_setattr), ENOSYS}, }; - /* fortify: project-specific extensions */ - struct f_syscall_act deny_ns_ext[] = { + /* hakurei: project-specific extensions */ + struct hakurei_syscall_act deny_ns_ext[] = { /* changing file ownership */ {SCMP_SYS(chown), EPERM}, {SCMP_SYS(chown32), EPERM}, @@ -177,7 +177,7 @@ int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, {SCMP_SYS(setuid32), EPERM}, }; - struct f_syscall_act deny_tty[] = { + struct hakurei_syscall_act deny_tty[] = { /* Don't allow faking input to the controlling tty (CVE-2017-5226) */ {SCMP_SYS(ioctl), EPERM, &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)}, @@ -188,7 +188,7 @@ int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCLINUX)}, }; - struct f_syscall_act deny_devel[] = { + struct hakurei_syscall_act deny_devel[] = { /* Profiling operations; we expect these to be done by tools from outside * the sandbox. In particular perf has been the source of many CVEs. */ {SCMP_SYS(perf_event_open), EPERM}, @@ -198,7 +198,7 @@ int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, {SCMP_SYS(ptrace), EPERM}}; - struct f_syscall_act deny_emu[] = { + struct hakurei_syscall_act deny_emu[] = { /* modify_ldt is a historic source of interesting information leaks, * so it's disabled as a hardening measure. * However, it is required to run old 16-bit applications @@ -206,8 +206,8 @@ int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, {SCMP_SYS(modify_ldt), EPERM}, }; - /* fortify: project-specific extensions */ - struct f_syscall_act deny_emu_ext[] = { + /* hakurei: project-specific extensions */ + struct hakurei_syscall_act deny_emu_ext[] = { {SCMP_SYS(subpage_prot), ENOSYS}, {SCMP_SYS(switch_endian), ENOSYS}, {SCMP_SYS(vm86), ENOSYS}, @@ -217,7 +217,7 @@ int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, /* Blocklist all but unix, inet, inet6 and netlink */ struct { int family; - f_filter_opts flags_mask; + hakurei_filter_opts flags_mask; } socket_family_allowlist[] = { /* NOTE: Keep in numerical order */ {AF_UNSPEC, 0}, @@ -225,8 +225,8 @@ int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, {AF_INET, 0}, {AF_INET6, 0}, {AF_NETLINK, 0}, - {AF_CAN, F_CAN}, - {AF_BLUETOOTH, F_BLUETOOTH}, + {AF_CAN, HAKUREI_CAN}, + {AF_BLUETOOTH, HAKUREI_BLUETOOTH}, }; scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ALLOW); @@ -260,17 +260,17 @@ int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, } SECCOMP_RULESET_ADD(deny_common); - if (opts & F_DENY_NS) + if (opts & HAKUREI_DENY_NS) SECCOMP_RULESET_ADD(deny_ns); - if (opts & F_DENY_TTY) + if (opts & HAKUREI_DENY_TTY) SECCOMP_RULESET_ADD(deny_tty); - if (opts & F_DENY_DEVEL) + if (opts & HAKUREI_DENY_DEVEL) SECCOMP_RULESET_ADD(deny_devel); if (!allow_multiarch) SECCOMP_RULESET_ADD(deny_emu); - if (opts & F_EXT) { + if (opts & HAKUREI_EXT) { SECCOMP_RULESET_ADD(deny_common_ext); - if (opts & F_DENY_NS) + if (opts & HAKUREI_DENY_NS) SECCOMP_RULESET_ADD(deny_ns_ext); if (!allow_multiarch) SECCOMP_RULESET_ADD(deny_emu_ext); diff --git a/sandbox/seccomp/seccomp-build.h b/sandbox/seccomp/seccomp-build.h index 9a4e4d7..10f6eac 100644 --- a/sandbox/seccomp/seccomp-build.h +++ b/sandbox/seccomp/seccomp-build.h @@ -7,17 +7,17 @@ #endif typedef enum { - F_VERBOSE = 1 << 0, - F_EXT = 1 << 1, - F_DENY_NS = 1 << 2, - F_DENY_TTY = 1 << 3, - F_DENY_DEVEL = 1 << 4, - F_MULTIARCH = 1 << 5, - F_LINUX32 = 1 << 6, - F_CAN = 1 << 7, - F_BLUETOOTH = 1 << 8, -} f_filter_opts; + HAKUREI_VERBOSE = 1 << 0, + HAKUREI_EXT = 1 << 1, + HAKUREI_DENY_NS = 1 << 2, + HAKUREI_DENY_TTY = 1 << 3, + HAKUREI_DENY_DEVEL = 1 << 4, + HAKUREI_MULTIARCH = 1 << 5, + HAKUREI_LINUX32 = 1 << 6, + HAKUREI_CAN = 1 << 7, + HAKUREI_BLUETOOTH = 1 << 8, +} hakurei_filter_opts; -extern void f_println(char *v); -int32_t f_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, - f_filter_opts opts); \ No newline at end of file +extern void hakurei_println(char *v); +int32_t hakurei_build_filter(int *ret_p, int fd, uint32_t arch, uint32_t multiarch, + hakurei_filter_opts opts); \ No newline at end of file diff --git a/sandbox/seccomp/seccomp.go b/sandbox/seccomp/seccomp.go index 944d542..f897ee5 100644 --- a/sandbox/seccomp/seccomp.go +++ b/sandbox/seccomp/seccomp.go @@ -57,26 +57,26 @@ var resPrefix = [...]string{ 7: "seccomp_load failed", } -type FilterOpts = C.f_filter_opts +type FilterOpts = C.hakurei_filter_opts const ( - filterVerbose FilterOpts = C.F_VERBOSE + filterVerbose FilterOpts = C.HAKUREI_VERBOSE // FilterExt are project-specific extensions. - FilterExt FilterOpts = C.F_EXT + FilterExt FilterOpts = C.HAKUREI_EXT // FilterDenyNS denies namespace setup syscalls. - FilterDenyNS FilterOpts = C.F_DENY_NS + FilterDenyNS FilterOpts = C.HAKUREI_DENY_NS // FilterDenyTTY denies faking input. - FilterDenyTTY FilterOpts = C.F_DENY_TTY + FilterDenyTTY FilterOpts = C.HAKUREI_DENY_TTY // FilterDenyDevel denies development-related syscalls. - FilterDenyDevel FilterOpts = C.F_DENY_DEVEL + FilterDenyDevel FilterOpts = C.HAKUREI_DENY_DEVEL // FilterMultiarch allows multiarch/emulation. - FilterMultiarch FilterOpts = C.F_MULTIARCH + FilterMultiarch FilterOpts = C.HAKUREI_MULTIARCH // FilterLinux32 sets PER_LINUX32. - FilterLinux32 FilterOpts = C.F_LINUX32 + FilterLinux32 FilterOpts = C.HAKUREI_LINUX32 // FilterCan allows AF_CAN. - FilterCan FilterOpts = C.F_CAN + FilterCan FilterOpts = C.HAKUREI_CAN // FilterBluetooth allows AF_BLUETOOTH. - FilterBluetooth FilterOpts = C.F_BLUETOOTH + FilterBluetooth FilterOpts = C.HAKUREI_BLUETOOTH ) func buildFilter(fd int, opts FilterOpts) error { @@ -98,13 +98,13 @@ func buildFilter(fd int, opts FilterOpts) error { } // this removes repeated transitions between C and Go execution - // when producing log output via F_println and CPrintln is nil + // when producing log output via hakurei_println and CPrintln is nil if fp := printlnP.Load(); fp != nil { opts |= filterVerbose } var ret C.int - res, err := C.f_build_filter(&ret, C.int(fd), arch, multiarch, opts) + res, err := C.hakurei_build_filter(&ret, C.int(fd), arch, multiarch, opts) if prefix := resPrefix[res]; prefix != "" { return &LibraryError{ prefix, diff --git a/sandbox/seccomp/seccomp_test.go b/sandbox/seccomp/seccomp_test.go index 3c7f533..21198bf 100644 --- a/sandbox/seccomp/seccomp_test.go +++ b/sandbox/seccomp/seccomp_test.go @@ -6,7 +6,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/fortify/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/sandbox/seccomp" ) func TestLibraryError(t *testing.T) { diff --git a/sandbox/vfs/mangle_test.go b/sandbox/vfs/mangle_test.go index eccf51d..101d87e 100644 --- a/sandbox/vfs/mangle_test.go +++ b/sandbox/vfs/mangle_test.go @@ -3,7 +3,7 @@ package vfs_test import ( "testing" - "git.gensokyo.uk/security/fortify/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/sandbox/vfs" ) func TestUnmangle(t *testing.T) { diff --git a/sandbox/vfs/mountinfo_test.go b/sandbox/vfs/mountinfo_test.go index ee43883..4e1fa3c 100644 --- a/sandbox/vfs/mountinfo_test.go +++ b/sandbox/vfs/mountinfo_test.go @@ -12,7 +12,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/fortify/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/sandbox/vfs" ) func TestMountInfo(t *testing.T) { diff --git a/sandbox/vfs/unfold_test.go b/sandbox/vfs/unfold_test.go index 4a26256..e20fc00 100644 --- a/sandbox/vfs/unfold_test.go +++ b/sandbox/vfs/unfold_test.go @@ -8,7 +8,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/fortify/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/sandbox/vfs" ) func TestUnfold(t *testing.T) { diff --git a/sandbox/wl/wayland-bind.c b/sandbox/wl/wayland-bind.c index 5bbf206..432527f 100644 --- a/sandbox/wl/wayland-bind.c +++ b/sandbox/wl/wayland-bind.c @@ -28,7 +28,7 @@ static const struct wl_registry_listener registry_listener = { .global_remove = registry_handle_global_remove, }; -int32_t f_bind_wayland_fd(char *socket_path, int fd, const char *app_id, +int32_t hakurei_bind_wayland_fd(char *socket_path, int fd, const char *app_id, const char *instance_id, int sync_fd) { int32_t res = 0; /* refer to resErr for corresponding Go error */ @@ -74,7 +74,7 @@ int32_t f_bind_wayland_fd(char *socket_path, int fd, const char *app_id, security_context = wp_security_context_manager_v1_create_listener( security_context_manager, listen_fd, sync_fd); wp_security_context_v1_set_sandbox_engine(security_context, - "uk.gensokyo.fortify"); + "uk.gensokyo.hakurei"); wp_security_context_v1_set_app_id(security_context, app_id); wp_security_context_v1_set_instance_id(security_context, instance_id); diff --git a/sandbox/wl/wayland-bind.h b/sandbox/wl/wayland-bind.h index 283d529..2113697 100644 --- a/sandbox/wl/wayland-bind.h +++ b/sandbox/wl/wayland-bind.h @@ -1,4 +1,4 @@ #include -int32_t f_bind_wayland_fd(char *socket_path, int fd, const char *app_id, +int32_t hakurei_bind_wayland_fd(char *socket_path, int fd, const char *app_id, const char *instance_id, int sync_fd); \ No newline at end of file diff --git a/sandbox/wl/wl.go b/sandbox/wl/wl.go index f75f063..7bb6645 100644 --- a/sandbox/wl/wl.go +++ b/sandbox/wl/wl.go @@ -29,7 +29,7 @@ func bindWaylandFd(socketPath string, fd uintptr, appID, instanceID string, sync if hasNull(appID) || hasNull(instanceID) { return ErrContainsNull } - res := C.f_bind_wayland_fd(C.CString(socketPath), C.int(fd), C.CString(appID), C.CString(instanceID), C.int(syncFd)) + res := C.hakurei_bind_wayland_fd(C.CString(socketPath), C.int(fd), C.CString(appID), C.CString(instanceID), C.int(syncFd)) return resErr[int32(res)] } diff --git a/system/acl.go b/system/acl.go index 381d1eb..fe44ea5 100644 --- a/system/acl.go +++ b/system/acl.go @@ -6,7 +6,7 @@ import ( "os" "slices" - "git.gensokyo.uk/security/fortify/acl" + "git.gensokyo.uk/security/hakurei/acl" ) // UpdatePerm appends an ephemeral acl update Op. diff --git a/system/acl_test.go b/system/acl_test.go index 22a33c6..5dcccd1 100644 --- a/system/acl_test.go +++ b/system/acl_test.go @@ -3,7 +3,7 @@ package system import ( "testing" - "git.gensokyo.uk/security/fortify/acl" + "git.gensokyo.uk/security/hakurei/acl" ) func TestUpdatePerm(t *testing.T) { @@ -11,8 +11,8 @@ func TestUpdatePerm(t *testing.T) { path string perms []acl.Perm }{ - {"/run/user/1971/fortify", []acl.Perm{acl.Execute}}, - {"/tmp/fortify.1971/tmpdir/150", []acl.Perm{acl.Read, acl.Write, acl.Execute}}, + {"/run/user/1971/hakurei", []acl.Perm{acl.Execute}}, + {"/tmp/hakurei.1971/tmpdir/150", []acl.Perm{acl.Read, acl.Write, acl.Execute}}, } for _, tc := range testCases { @@ -29,11 +29,11 @@ func TestUpdatePermType(t *testing.T) { perms []acl.Perm tcOp }{ - {[]acl.Perm{acl.Execute}, tcOp{User, "/tmp/fortify.1971/tmpdir"}}, - {[]acl.Perm{acl.Read, acl.Write, acl.Execute}, tcOp{User, "/tmp/fortify.1971/tmpdir/150"}}, - {[]acl.Perm{acl.Execute}, tcOp{Process, "/run/user/1971/fortify/fcb8a12f7c482d183ade8288c3de78b5"}}, - {[]acl.Perm{acl.Read}, tcOp{Process, "/tmp/fortify.1971/fcb8a12f7c482d183ade8288c3de78b5/passwd"}}, - {[]acl.Perm{acl.Read}, tcOp{Process, "/tmp/fortify.1971/fcb8a12f7c482d183ade8288c3de78b5/group"}}, + {[]acl.Perm{acl.Execute}, tcOp{User, "/tmp/hakurei.1971/tmpdir"}}, + {[]acl.Perm{acl.Read, acl.Write, acl.Execute}, tcOp{User, "/tmp/hakurei.1971/tmpdir/150"}}, + {[]acl.Perm{acl.Execute}, tcOp{Process, "/run/user/1971/hakurei/fcb8a12f7c482d183ade8288c3de78b5"}}, + {[]acl.Perm{acl.Read}, tcOp{Process, "/tmp/hakurei.1971/fcb8a12f7c482d183ade8288c3de78b5/passwd"}}, + {[]acl.Perm{acl.Read}, tcOp{Process, "/tmp/hakurei.1971/fcb8a12f7c482d183ade8288c3de78b5/group"}}, {[]acl.Perm{acl.Read, acl.Write, acl.Execute}, tcOp{EWayland, "/run/user/1971/wayland-0"}}, } diff --git a/system/dbus.go b/system/dbus.go index b2639a8..f0532c4 100644 --- a/system/dbus.go +++ b/system/dbus.go @@ -9,7 +9,7 @@ import ( "sync" "syscall" - "git.gensokyo.uk/security/fortify/dbus" + "git.gensokyo.uk/security/hakurei/dbus" ) var ( diff --git a/system/enablement_test.go b/system/enablement_test.go index f4f362d..69d16f7 100644 --- a/system/enablement_test.go +++ b/system/enablement_test.go @@ -3,7 +3,7 @@ package system_test import ( "testing" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/system" ) func TestEnablementString(t *testing.T) { diff --git a/system/mkdir_test.go b/system/mkdir_test.go index 14a47b0..4b00bb3 100644 --- a/system/mkdir_test.go +++ b/system/mkdir_test.go @@ -10,10 +10,10 @@ func TestEnsure(t *testing.T) { name string perm os.FileMode }{ - {"/tmp/fortify.1971", 0701}, - {"/tmp/fortify.1971/tmpdir", 0700}, - {"/tmp/fortify.1971/tmpdir/150", 0700}, - {"/run/user/1971/fortify", 0700}, + {"/tmp/hakurei.1971", 0701}, + {"/tmp/hakurei.1971/tmpdir", 0700}, + {"/tmp/hakurei.1971/tmpdir/150", 0700}, + {"/run/user/1971/hakurei", 0700}, } for _, tc := range testCases { t.Run(tc.name+"_"+tc.perm.String(), func(t *testing.T) { @@ -29,8 +29,8 @@ func TestEphemeral(t *testing.T) { perm os.FileMode tcOp }{ - {0700, tcOp{Process, "/run/user/1971/fortify/ec07546a772a07cde87389afc84ffd13"}}, - {0701, tcOp{Process, "/tmp/fortify.1971/ec07546a772a07cde87389afc84ffd13"}}, + {0700, tcOp{Process, "/run/user/1971/hakurei/ec07546a772a07cde87389afc84ffd13"}}, + {0701, tcOp{Process, "/tmp/hakurei.1971/ec07546a772a07cde87389afc84ffd13"}}, } for _, tc := range testCases { t.Run(tc.path+"_"+tc.perm.String()+"_"+TypeString(tc.et), func(t *testing.T) { diff --git a/system/op_test.go b/system/op_test.go index 5fb1beb..b5baf14 100644 --- a/system/op_test.go +++ b/system/op_test.go @@ -4,7 +4,7 @@ import ( "strconv" "testing" - "git.gensokyo.uk/security/fortify/system" + "git.gensokyo.uk/security/hakurei/system" ) func TestNew(t *testing.T) { diff --git a/system/output.go b/system/output.go index 8dab60f..a1d677a 100644 --- a/system/output.go +++ b/system/output.go @@ -1,6 +1,6 @@ package system -import "git.gensokyo.uk/security/fortify/sandbox" +import "git.gensokyo.uk/security/hakurei/sandbox" var msg sandbox.Msg = new(sandbox.DefaultMsg) diff --git a/system/tmpfiles_test.go b/system/tmpfiles_test.go index c7402f5..27a21a0 100644 --- a/system/tmpfiles_test.go +++ b/system/tmpfiles_test.go @@ -28,8 +28,8 @@ func TestLink(t *testing.T) { testCases := []struct { dst, src string }{ - {"/tmp/fortify.1971/f587afe9fce3c8e1ad5b64deb6c41ad5/pulse-cookie", "/home/ophestra/xdg/config/pulse/cookie"}, - {"/tmp/fortify.1971/62154f708b5184ab01f9dcc2bbe7a33b/pulse-cookie", "/home/ophestra/xdg/config/pulse/cookie"}, + {"/tmp/hakurei.1971/f587afe9fce3c8e1ad5b64deb6c41ad5/pulse-cookie", "/home/ophestra/xdg/config/pulse/cookie"}, + {"/tmp/hakurei.1971/62154f708b5184ab01f9dcc2bbe7a33b/pulse-cookie", "/home/ophestra/xdg/config/pulse/cookie"}, } for _, tc := range testCases { t.Run("link file "+tc.dst+" from "+tc.src, func(t *testing.T) { @@ -47,8 +47,8 @@ func TestLinkFileType(t *testing.T) { tcOp dst string }{ - {tcOp{User, "/tmp/fortify.1971/f587afe9fce3c8e1ad5b64deb6c41ad5/pulse-cookie"}, "/home/ophestra/xdg/config/pulse/cookie"}, - {tcOp{Process, "/tmp/fortify.1971/62154f708b5184ab01f9dcc2bbe7a33b/pulse-cookie"}, "/home/ophestra/xdg/config/pulse/cookie"}, + {tcOp{User, "/tmp/hakurei.1971/f587afe9fce3c8e1ad5b64deb6c41ad5/pulse-cookie"}, "/home/ophestra/xdg/config/pulse/cookie"}, + {tcOp{Process, "/tmp/hakurei.1971/62154f708b5184ab01f9dcc2bbe7a33b/pulse-cookie"}, "/home/ophestra/xdg/config/pulse/cookie"}, } for _, tc := range testCases { t.Run("link file "+tc.dst+" from "+tc.path+" with type "+TypeString(tc.et), func(t *testing.T) { diff --git a/system/wayland.go b/system/wayland.go index 7a459dd..cb54740 100644 --- a/system/wayland.go +++ b/system/wayland.go @@ -5,8 +5,8 @@ import ( "fmt" "os" - "git.gensokyo.uk/security/fortify/acl" - "git.gensokyo.uk/security/fortify/sandbox/wl" + "git.gensokyo.uk/security/hakurei/acl" + "git.gensokyo.uk/security/hakurei/sandbox/wl" ) // Wayland sets up a wayland socket with a security context attached. diff --git a/system/xhost.go b/system/xhost.go index 480cacc..dcb2eff 100644 --- a/system/xhost.go +++ b/system/xhost.go @@ -3,7 +3,7 @@ package system import ( "fmt" - "git.gensokyo.uk/security/fortify/system/internal/xcb" + "git.gensokyo.uk/security/hakurei/system/internal/xcb" ) // ChangeHosts appends an X11 ChangeHosts command Op. diff --git a/test/configuration.nix b/test/configuration.nix index 4bd1ea5..18aaeda 100644 --- a/test/configuration.nix +++ b/test/configuration.nix @@ -19,7 +19,7 @@ uid = 1001; # For deny unmapped uid test: - packages = [ config.environment.fortify.package ]; + packages = [ config.environment.hakurei.package ]; }; }; @@ -90,20 +90,20 @@ "-smp 8" ]; - environment.fortify = { + environment.hakurei = { enable = true; - stateDir = "/var/lib/fortify"; + stateDir = "/var/lib/hakurei"; users.alice = 0; extraHomeConfig = { config, ... }: { # To test merge deduplication: - options._fortify.stateVersion = lib.mkOption { type = lib.types.str; }; + options._hakurei.stateVersion = lib.mkOption { type = lib.types.str; }; config = { - home = { inherit (config._fortify) stateVersion; }; - _fortify.stateVersion = "23.05"; + home = { inherit (config._hakurei) stateVersion; }; + _hakurei.stateVersion = "23.05"; }; }; diff --git a/test/default.nix b/test/default.nix index 385b343..44ec3d7 100644 --- a/test/default.nix +++ b/test/default.nix @@ -10,18 +10,18 @@ }: nixosTest { - name = "fortify" + (if withRace then "-race" else ""); + name = "hakurei" + (if withRace then "-race" else ""); nodes.machine = { options, pkgs, ... }: let fhs = let - fortify = options.environment.fortify.package.default; + hakurei = options.environment.hakurei.package.default; in buildFHSEnv { - pname = "fortify-fhs"; - inherit (fortify) version; - targetPkgs = _: fortify.targetPkgs; + pname = "hakurei-fhs"; + inherit (hakurei) version; + targetPkgs = _: hakurei.targetPkgs; extraOutputsToInstall = [ "dev" ]; profile = '' export PKG_CONFIG_PATH="/usr/share/pkgconfig:$PKG_CONFIG_PATH" @@ -31,29 +31,29 @@ nixosTest { { environment.systemPackages = [ # For go tests: - (writeShellScriptBin "fortify-test" '' - cd ${self.packages.${system}.fortify.src} - ${fhs}/bin/fortify-fhs -c \ + (writeShellScriptBin "hakurei-test" '' + cd ${self.packages.${system}.hakurei.src} + ${fhs}/bin/hakurei-fhs -c \ 'go test ${if withRace then "-race" else "-count 16"} ./...' \ - &> /tmp/fortify-test.log && \ - touch /tmp/fortify-test-ok - touch /tmp/fortify-test-done + &> /tmp/hakurei-test.log && \ + touch /tmp/hakurei-test-ok + touch /tmp/hakurei-test-done '') ]; # Run with Go race detector: - environment.fortify = lib.mkIf withRace rec { + environment.hakurei = lib.mkIf withRace rec { # race detector does not support static linking package = (pkgs.callPackage ../package.nix { }).overrideAttrs (previousAttrs: { GOFLAGS = previousAttrs.GOFLAGS ++ [ "-race" ]; }); - fsuPackage = options.environment.fortify.fsuPackage.default.override { fortify = package; }; + hsuPackage = options.environment.hakurei.hsuPackage.default.override { hakurei = package; }; }; imports = [ ./configuration.nix - self.nixosModules.fortify + self.nixosModules.hakurei self.inputs.home-manager.nixosModules.home-manager ]; }; diff --git a/test/sandbox/case/default.nix b/test/sandbox/case/default.nix index 21bdd4a..05a13de 100644 --- a/test/sandbox/case/default.nix +++ b/test/sandbox/case/default.nix @@ -46,14 +46,14 @@ let ; share = testProgram; packages = [ ]; - path = "${testProgram}/bin/fortify-test"; + path = "${testProgram}/bin/hakurei-test"; args = [ "test" - (toString (builtins.toFile "fortify-${tc.name}-want.json" (builtins.toJSON tc.want))) + (toString (builtins.toFile "hakurei-${tc.name}-want.json" (builtins.toJSON tc.want))) ]; }; - testCaseName = name: "cat.gensokyo.fortify.test." + name; + testCaseName = name: "cat.gensokyo.hakurei.test." + name; in { ${testCaseName "preset"} = callTestCase ./preset.nix 1; diff --git a/test/sandbox/case/device.nix b/test/sandbox/case/device.nix index ef3b549..9765fd5 100644 --- a/test/sandbox/case/device.nix +++ b/test/sandbox/case/device.nix @@ -13,7 +13,7 @@ want = { env = [ "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/65534/bus" - "HOME=/var/lib/fortify/u0/a4" + "HOME=/var/lib/hakurei/u0/a4" "PULSE_SERVER=unix:/run/user/65534/pulse/native" "SHELL=/run/current-system/sw/bin/bash" "TERM=linux" @@ -25,7 +25,7 @@ ]; fs = fs "dead" { - ".fortify" = fs "800001ed" { } null; + ".hakurei" = fs "800001ed" { } null; bin = fs "800001ed" { sh = fs "80001ff" null null; } null; dev = fs "800001ed" null null; etc = fs "800001ed" { @@ -43,9 +43,9 @@ "dhcpcd.exit-hook" = fs "80001ff" null null; "fonts" = fs "80001ff" null null; "fstab" = fs "80001ff" null null; - "fsurc" = fs "80001ff" null null; + "hsurc" = fs "80001ff" null null; "fuse.conf" = fs "80001ff" null null; - "group" = fs "180" null "fortify:x:65534:\n"; + "group" = fs "180" null "hakurei:x:65534:\n"; "host.conf" = fs "80001ff" null null; "hostname" = fs "80001ff" null null; "hosts" = fs "80001ff" null null; @@ -70,7 +70,7 @@ "os-release" = fs "80001ff" null null; "pam" = fs "80001ff" null null; "pam.d" = fs "80001ff" null null; - "passwd" = fs "180" null "u0_a4:x:65534:65534:Fortify:/var/lib/fortify/u0/a4:/run/current-system/sw/bin/bash\n"; + "passwd" = fs "180" null "u0_a4:x:65534:65534:Hakurei:/var/lib/hakurei/u0/a4:/run/current-system/sw/bin/bash\n"; "pipewire" = fs "80001ff" null null; "pki" = fs "80001ff" null null; "polkit-1" = fs "80001ff" null null; @@ -138,7 +138,7 @@ usr = fs "800001c0" { bin = fs "800001ed" { env = fs "80001ff" null null; } null; } null; var = fs "800001c0" { lib = fs "800001c0" { - fortify = fs "800001c0" { + hakurei = fs "800001c0" { u0 = fs "800001c0" { a4 = fs "800001c0" { ".cache" = fs "800001ed" { ".keep" = fs "80001ff" null ""; } null; @@ -186,7 +186,7 @@ mount = [ (ent "/sysroot" "/" "rw,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000004,gid=1000004") (ent "/" "/proc" "rw,nosuid,nodev,noexec,relatime" "proc" "proc" "rw") - (ent "/" "/.fortify" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000004,gid=1000004") + (ent "/" "/.hakurei" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000004,gid=1000004") (ent "/" "/dev" "rw,nosuid" "devtmpfs" "devtmpfs" ignore) (ent "/" "/dev/pts" "rw,nosuid,noexec,relatime" "devpts" "devpts" "rw,gid=3,mode=620,ptmxmode=666") (ent "/" "/dev/shm" "rw,nosuid,nodev" "tmpfs" "tmpfs" ignore) @@ -204,9 +204,9 @@ (ent "/var/cache" "/var/cache" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent "/etc" ignore "ro,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent "/" "/run/user" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000004,gid=1000004") - (ent "/tmp/fortify.1000/runtime/4" "/run/user/65534" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") - (ent "/tmp/fortify.1000/tmpdir/4" "/tmp" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") - (ent "/var/lib/fortify/u0/a4" "/var/lib/fortify/u0/a4" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/tmp/hakurei.1000/runtime/4" "/run/user/65534" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/tmp/hakurei.1000/tmpdir/4" "/tmp" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/var/lib/hakurei/u0/a4" "/var/lib/hakurei/u0/a4" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent ignore "/etc/passwd" "ro,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000004,gid=1000004") (ent ignore "/etc/group" "ro,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000004,gid=1000004") (ent ignore "/run/user/65534/wayland-0" "ro,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") diff --git a/test/sandbox/case/mapuid.nix b/test/sandbox/case/mapuid.nix index 1f78708..af70cb3 100644 --- a/test/sandbox/case/mapuid.nix +++ b/test/sandbox/case/mapuid.nix @@ -13,7 +13,7 @@ want = { env = [ "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus" - "HOME=/var/lib/fortify/u0/a3" + "HOME=/var/lib/hakurei/u0/a3" "PULSE_SERVER=unix:/run/user/1000/pulse/native" "SHELL=/run/current-system/sw/bin/bash" "TERM=linux" @@ -25,7 +25,7 @@ ]; fs = fs "dead" { - ".fortify" = fs "800001ed" { } null; + ".hakurei" = fs "800001ed" { } null; bin = fs "800001ed" { sh = fs "80001ff" null null; } null; dev = fs "800001ed" { core = fs "80001ff" null null; @@ -67,9 +67,9 @@ "dhcpcd.exit-hook" = fs "80001ff" null null; "fonts" = fs "80001ff" null null; "fstab" = fs "80001ff" null null; - "fsurc" = fs "80001ff" null null; + "hsurc" = fs "80001ff" null null; "fuse.conf" = fs "80001ff" null null; - "group" = fs "180" null "fortify:x:100:\n"; + "group" = fs "180" null "hakurei:x:100:\n"; "host.conf" = fs "80001ff" null null; "hostname" = fs "80001ff" null null; "hosts" = fs "80001ff" null null; @@ -94,7 +94,7 @@ "os-release" = fs "80001ff" null null; "pam" = fs "80001ff" null null; "pam.d" = fs "80001ff" null null; - "passwd" = fs "180" null "u0_a3:x:1000:100:Fortify:/var/lib/fortify/u0/a3:/run/current-system/sw/bin/bash\n"; + "passwd" = fs "180" null "u0_a3:x:1000:100:Hakurei:/var/lib/hakurei/u0/a3:/run/current-system/sw/bin/bash\n"; "pipewire" = fs "80001ff" null null; "pki" = fs "80001ff" null null; "polkit-1" = fs "80001ff" null null; @@ -162,7 +162,7 @@ usr = fs "800001c0" { bin = fs "800001ed" { env = fs "80001ff" null null; } null; } null; var = fs "800001c0" { lib = fs "800001c0" { - fortify = fs "800001c0" { + hakurei = fs "800001c0" { u0 = fs "800001c0" { a3 = fs "800001c0" { ".cache" = fs "800001ed" { ".keep" = fs "80001ff" null ""; } null; @@ -210,7 +210,7 @@ mount = [ (ent "/sysroot" "/" "rw,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000003,gid=1000003") (ent "/" "/proc" "rw,nosuid,nodev,noexec,relatime" "proc" "proc" "rw") - (ent "/" "/.fortify" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000003,gid=1000003") + (ent "/" "/.hakurei" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000003,gid=1000003") (ent "/" "/dev" "rw,nosuid,nodev,relatime" "tmpfs" "devtmpfs" "rw,mode=755,uid=1000003,gid=1000003") (ent "/null" "/dev/null" "rw,nosuid" "devtmpfs" "devtmpfs" ignore) (ent "/zero" "/dev/zero" "rw,nosuid" "devtmpfs" "devtmpfs" ignore) @@ -232,9 +232,9 @@ (ent "/var/cache" "/var/cache" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent "/etc" ignore "ro,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent "/" "/run/user" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000003,gid=1000003") - (ent "/tmp/fortify.1000/runtime/3" "/run/user/1000" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") - (ent "/tmp/fortify.1000/tmpdir/3" "/tmp" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") - (ent "/var/lib/fortify/u0/a3" "/var/lib/fortify/u0/a3" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/tmp/hakurei.1000/runtime/3" "/run/user/1000" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/tmp/hakurei.1000/tmpdir/3" "/tmp" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/var/lib/hakurei/u0/a3" "/var/lib/hakurei/u0/a3" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent ignore "/etc/passwd" "ro,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000003,gid=1000003") (ent ignore "/etc/group" "ro,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000003,gid=1000003") (ent ignore "/run/user/1000/wayland-0" "ro,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") diff --git a/test/sandbox/case/preset.nix b/test/sandbox/case/preset.nix index f1c996d..a2c2eb4 100644 --- a/test/sandbox/case/preset.nix +++ b/test/sandbox/case/preset.nix @@ -13,7 +13,7 @@ want = { env = [ "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/65534/bus" - "HOME=/var/lib/fortify/u0/a1" + "HOME=/var/lib/hakurei/u0/a1" "PULSE_SERVER=unix:/run/user/65534/pulse/native" "SHELL=/run/current-system/sw/bin/bash" "TERM=linux" @@ -25,7 +25,7 @@ ]; fs = fs "dead" { - ".fortify" = fs "800001ed" { } null; + ".hakurei" = fs "800001ed" { } null; bin = fs "800001ed" { sh = fs "80001ff" null null; } null; dev = fs "800001ed" { core = fs "80001ff" null null; @@ -67,9 +67,9 @@ "dhcpcd.exit-hook" = fs "80001ff" null null; "fonts" = fs "80001ff" null null; "fstab" = fs "80001ff" null null; - "fsurc" = fs "80001ff" null null; + "hsurc" = fs "80001ff" null null; "fuse.conf" = fs "80001ff" null null; - "group" = fs "180" null "fortify:x:65534:\n"; + "group" = fs "180" null "hakurei:x:65534:\n"; "host.conf" = fs "80001ff" null null; "hostname" = fs "80001ff" null null; "hosts" = fs "80001ff" null null; @@ -94,7 +94,7 @@ "os-release" = fs "80001ff" null null; "pam" = fs "80001ff" null null; "pam.d" = fs "80001ff" null null; - "passwd" = fs "180" null "u0_a1:x:65534:65534:Fortify:/var/lib/fortify/u0/a1:/run/current-system/sw/bin/bash\n"; + "passwd" = fs "180" null "u0_a1:x:65534:65534:Hakurei:/var/lib/hakurei/u0/a1:/run/current-system/sw/bin/bash\n"; "pipewire" = fs "80001ff" null null; "pki" = fs "80001ff" null null; "polkit-1" = fs "80001ff" null null; @@ -162,7 +162,7 @@ usr = fs "800001c0" { bin = fs "800001ed" { env = fs "80001ff" null null; } null; } null; var = fs "800001c0" { lib = fs "800001c0" { - fortify = fs "800001c0" { + hakurei = fs "800001c0" { u0 = fs "800001c0" { a1 = fs "800001c0" { ".cache" = fs "800001ed" { ".keep" = fs "80001ff" null ""; } null; @@ -209,7 +209,7 @@ mount = [ (ent "/sysroot" "/" "rw,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000001,gid=1000001") (ent "/" "/proc" "rw,nosuid,nodev,noexec,relatime" "proc" "proc" "rw") - (ent "/" "/.fortify" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000001,gid=1000001") + (ent "/" "/.hakurei" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000001,gid=1000001") (ent "/" "/dev" "rw,nosuid,nodev,relatime" "tmpfs" "devtmpfs" "rw,mode=755,uid=1000001,gid=1000001") (ent "/null" "/dev/null" "rw,nosuid" "devtmpfs" "devtmpfs" ignore) (ent "/zero" "/dev/zero" "rw,nosuid" "devtmpfs" "devtmpfs" ignore) @@ -230,9 +230,9 @@ (ent "/dri" "/dev/dri" "rw,nosuid" "devtmpfs" "devtmpfs" ignore) (ent "/etc" ignore "ro,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent "/" "/run/user" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000001,gid=1000001") - (ent "/tmp/fortify.1000/runtime/1" "/run/user/65534" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") - (ent "/tmp/fortify.1000/tmpdir/1" "/tmp" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") - (ent "/var/lib/fortify/u0/a1" "/var/lib/fortify/u0/a1" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/tmp/hakurei.1000/runtime/1" "/run/user/65534" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/tmp/hakurei.1000/tmpdir/1" "/tmp" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/var/lib/hakurei/u0/a1" "/var/lib/hakurei/u0/a1" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent ignore "/etc/passwd" "ro,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000001,gid=1000001") (ent ignore "/etc/group" "ro,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000001,gid=1000001") (ent ignore "/run/user/65534/wayland-0" "ro,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") diff --git a/test/sandbox/case/tty.nix b/test/sandbox/case/tty.nix index 8a54907..3132d25 100644 --- a/test/sandbox/case/tty.nix +++ b/test/sandbox/case/tty.nix @@ -13,7 +13,7 @@ want = { env = [ "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/65534/bus" - "HOME=/var/lib/fortify/u0/a2" + "HOME=/var/lib/hakurei/u0/a2" "PULSE_SERVER=unix:/run/user/65534/pulse/native" "SHELL=/run/current-system/sw/bin/bash" "TERM=linux" @@ -25,7 +25,7 @@ ]; fs = fs "dead" { - ".fortify" = fs "800001ed" { } null; + ".hakurei" = fs "800001ed" { } null; bin = fs "800001ed" { sh = fs "80001ff" null null; } null; dev = fs "800001ed" { console = fs "4200190" null null; @@ -68,9 +68,9 @@ "dhcpcd.exit-hook" = fs "80001ff" null null; "fonts" = fs "80001ff" null null; "fstab" = fs "80001ff" null null; - "fsurc" = fs "80001ff" null null; + "hsurc" = fs "80001ff" null null; "fuse.conf" = fs "80001ff" null null; - "group" = fs "180" null "fortify:x:65534:\n"; + "group" = fs "180" null "hakurei:x:65534:\n"; "host.conf" = fs "80001ff" null null; "hostname" = fs "80001ff" null null; "hosts" = fs "80001ff" null null; @@ -95,7 +95,7 @@ "os-release" = fs "80001ff" null null; "pam" = fs "80001ff" null null; "pam.d" = fs "80001ff" null null; - "passwd" = fs "180" null "u0_a2:x:65534:65534:Fortify:/var/lib/fortify/u0/a2:/run/current-system/sw/bin/bash\n"; + "passwd" = fs "180" null "u0_a2:x:65534:65534:Hakurei:/var/lib/hakurei/u0/a2:/run/current-system/sw/bin/bash\n"; "pipewire" = fs "80001ff" null null; "pki" = fs "80001ff" null null; "polkit-1" = fs "80001ff" null null; @@ -163,7 +163,7 @@ usr = fs "800001c0" { bin = fs "800001ed" { env = fs "80001ff" null null; } null; } null; var = fs "800001c0" { lib = fs "800001c0" { - fortify = fs "800001c0" { + hakurei = fs "800001c0" { u0 = fs "800001c0" { a2 = fs "800001c0" { ".cache" = fs "800001ed" { ".keep" = fs "80001ff" null ""; } null; @@ -211,7 +211,7 @@ mount = [ (ent "/sysroot" "/" "rw,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000002,gid=1000002") (ent "/" "/proc" "rw,nosuid,nodev,noexec,relatime" "proc" "proc" "rw") - (ent "/" "/.fortify" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000002,gid=1000002") + (ent "/" "/.hakurei" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000002,gid=1000002") (ent "/" "/dev" "rw,nosuid,nodev,relatime" "tmpfs" "devtmpfs" "rw,mode=755,uid=1000002,gid=1000002") (ent "/null" "/dev/null" "rw,nosuid" "devtmpfs" "devtmpfs" ignore) (ent "/zero" "/dev/zero" "rw,nosuid" "devtmpfs" "devtmpfs" ignore) @@ -234,9 +234,9 @@ (ent "/var/cache" "/var/cache" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent "/etc" ignore "ro,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent "/" "/run/user" "rw,nosuid,nodev,relatime" "tmpfs" "tmpfs" "rw,size=4k,mode=755,uid=1000002,gid=1000002") - (ent "/tmp/fortify.1000/runtime/2" "/run/user/65534" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") - (ent "/tmp/fortify.1000/tmpdir/2" "/tmp" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") - (ent "/var/lib/fortify/u0/a2" "/var/lib/fortify/u0/a2" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/tmp/hakurei.1000/runtime/2" "/run/user/65534" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/tmp/hakurei.1000/tmpdir/2" "/tmp" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") + (ent "/var/lib/hakurei/u0/a2" "/var/lib/hakurei/u0/a2" "rw,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") (ent ignore "/etc/passwd" "ro,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000002,gid=1000002") (ent ignore "/etc/group" "ro,nosuid,nodev,relatime" "tmpfs" "rootfs" "rw,uid=1000002,gid=1000002") (ent ignore "/run/user/65534/wayland-0" "ro,nosuid,nodev,relatime" "ext4" "/dev/disk/by-label/nixos" "rw") diff --git a/test/sandbox/configuration.nix b/test/sandbox/configuration.nix index 473e9d3..c50363c 100644 --- a/test/sandbox/configuration.nix +++ b/test/sandbox/configuration.nix @@ -5,7 +5,7 @@ ... }: let - testProgram = pkgs.callPackage ./tool/package.nix { inherit (config.environment.fortify.package) version; }; + testProgram = pkgs.callPackage ./tool/package.nix { inherit (config.environment.hakurei.package) version; }; in { users.users = { @@ -23,7 +23,7 @@ in services.getty.autologinUser = "alice"; environment = { - systemPackages = with pkgs; [ + systemPackages = [ # For checking seccomp outcome: testProgram ]; @@ -59,9 +59,9 @@ in "-smp 8" ]; - environment.fortify = { + environment.hakurei = { enable = true; - stateDir = "/var/lib/fortify"; + stateDir = "/var/lib/hakurei"; users.alice = 0; extraHomeConfig = { diff --git a/test/sandbox/default.nix b/test/sandbox/default.nix index 6ffc4fd..8ea1bd5 100644 --- a/test/sandbox/default.nix +++ b/test/sandbox/default.nix @@ -7,23 +7,23 @@ }: nixosTest { - name = "fortify-sandbox" + (if withRace then "-race" else ""); + name = "hakurei-sandbox" + (if withRace then "-race" else ""); nodes.machine = { options, pkgs, ... }: { # Run with Go race detector: - environment.fortify = lib.mkIf withRace rec { + environment.hakurei = lib.mkIf withRace rec { # race detector does not support static linking package = (pkgs.callPackage ../../package.nix { }).overrideAttrs (previousAttrs: { GOFLAGS = previousAttrs.GOFLAGS ++ [ "-race" ]; }); - fsuPackage = options.environment.fortify.fsuPackage.default.override { fortify = package; }; + hsuPackage = options.environment.hakurei.hsuPackage.default.override { hakurei = package; }; }; imports = [ ./configuration.nix - self.nixosModules.fortify + self.nixosModules.hakurei self.inputs.home-manager.nixosModules.home-manager ]; }; diff --git a/test/sandbox/fs_test.go b/test/sandbox/fs_test.go index cac5a3f..e7253af 100644 --- a/test/sandbox/fs_test.go +++ b/test/sandbox/fs_test.go @@ -8,12 +8,12 @@ import ( "testing" "testing/fstest" - "git.gensokyo.uk/security/fortify/test/sandbox" + "git.gensokyo.uk/security/hakurei/test/sandbox" ) var ( - fsPasswdSample = "u0_a20:x:65534:65534:Fortify:/var/lib/persist/module/fortify/u0/a20:/run/current-system/sw/bin/zsh" - fsGroupSample = "fortify:x:65534:" + fsPasswdSample = "u0_a20:x:65534:65534:Hakurei:/var/lib/persist/module/hakurei/u0/a20:/run/current-system/sw/bin/zsh" + fsGroupSample = "hakurei:x:65534:" ) func TestCompare(t *testing.T) { @@ -26,15 +26,15 @@ func TestCompare(t *testing.T) { wantErr error }{ {"skip", fstest.MapFS{}, &sandbox.FS{}, "[ OK ] s .\x00", nil}, - {"simple pass", fstest.MapFS{".fortify": {Mode: 0x800001ed}}, - &sandbox.FS{Dir: map[string]*sandbox.FS{".fortify": {Mode: 0x800001ed}}}, - "[ OK ] s .fortify\x00[ OK ] d .\x00", nil}, - {"bad length", fstest.MapFS{".fortify": {Mode: 0x800001ed}}, + {"simple pass", fstest.MapFS{".hakurei": {Mode: 0x800001ed}}, + &sandbox.FS{Dir: map[string]*sandbox.FS{".hakurei": {Mode: 0x800001ed}}}, + "[ OK ] s .hakurei\x00[ OK ] d .\x00", nil}, + {"bad length", fstest.MapFS{".hakurei": {Mode: 0x800001ed}}, &sandbox.FS{Dir: make(map[string]*sandbox.FS)}, - "[FAIL] d .: \".fortify/\"\x00", sandbox.ErrFSBadLength}, - {"top level bad mode", fstest.MapFS{".fortify": {Mode: 0x800001ed}}, - &sandbox.FS{Dir: map[string]*sandbox.FS{".fortify": {Mode: 0xdeadbeef}}}, - "[FAIL] m .fortify: 800001ed, want deadbeef\x00", sandbox.ErrFSBadMode}, + "[FAIL] d .: \".hakurei/\"\x00", sandbox.ErrFSBadLength}, + {"top level bad mode", fstest.MapFS{".hakurei": {Mode: 0x800001ed}}, + &sandbox.FS{Dir: map[string]*sandbox.FS{".hakurei": {Mode: 0xdeadbeef}}}, + "[FAIL] m .hakurei: 800001ed, want deadbeef\x00", sandbox.ErrFSBadMode}, {"invalid entry condition", fstest.MapFS{"test": {Data: []byte{'0'}, Mode: 0644}}, &sandbox.FS{Dir: map[string]*sandbox.FS{"test": {Dir: make(map[string]*sandbox.FS)}}}, "[FAIL] d .: \"test\"\x00", sandbox.ErrFSInvalidEnt}, @@ -54,7 +54,7 @@ func TestCompare(t *testing.T) { }, &sandbox.FS{Dir: map[string]*sandbox.FS{"etc": {Mode: 0x800001c0, Dir: map[string]*sandbox.FS{ "passwd": {Mode: 0x1a4, Data: &fsGroupSample}, "group": {Mode: 0x1a4, Data: &fsGroupSample}, - }}}}, "[ OK ] f etc/group\x00[FAIL] f etc/passwd\x00got: u0_a20:x:65534:65534:Fortify:/var/lib/persist/module/fortify/u0/a20:/run/current-system/sw/bin/zsh\x00want: fortify:x:65534:\x00", sandbox.ErrFSBadData}, + }}}}, "[ OK ] f etc/group\x00[FAIL] f etc/passwd\x00got: u0_a20:x:65534:65534:Hakurei:/var/lib/persist/module/hakurei/u0/a20:/run/current-system/sw/bin/zsh\x00want: hakurei:x:65534:\x00", sandbox.ErrFSBadData}, } for _, tc := range testCases { diff --git a/test/sandbox/mount.go b/test/sandbox/mount.go index 27dc6ba..2940572 100644 --- a/test/sandbox/mount.go +++ b/test/sandbox/mount.go @@ -7,7 +7,7 @@ package sandbox #include #include -const char *F_MOUNTINFO_PATH = "/proc/self/mountinfo"; +const char *HAKUREI_MOUNTINFO_PATH = "/proc/self/mountinfo"; */ import "C" @@ -86,7 +86,7 @@ func (m *Mountinfo) Parse() error { } if m.p == "" { - m.tb = C.mnt_new_table_from_file(C.F_MOUNTINFO_PATH) + m.tb = C.mnt_new_table_from_file(C.HAKUREI_MOUNTINFO_PATH) } else { name := C.CString(m.p) m.tb = C.mnt_new_table_from_file(name) diff --git a/test/sandbox/mount_test.go b/test/sandbox/mount_test.go index 3591e5c..6a8fc7a 100644 --- a/test/sandbox/mount_test.go +++ b/test/sandbox/mount_test.go @@ -5,7 +5,7 @@ import ( "path" "testing" - "git.gensokyo.uk/security/fortify/test/sandbox" + "git.gensokyo.uk/security/hakurei/test/sandbox" ) func TestMountinfo(t *testing.T) { diff --git a/test/sandbox/test.py b/test/sandbox/test.py index 51a4c86..93fb824 100644 --- a/test/sandbox/test.py +++ b/test/sandbox/test.py @@ -28,27 +28,27 @@ def swaymsg(command: str = "", succeed=True, type="command"): start_all() machine.wait_for_unit("multi-user.target") -# To check fortify's version: -print(machine.succeed("sudo -u alice -i fortify version")) +# To check hakurei's version: +print(machine.succeed("sudo -u alice -i hakurei version")) # Wait for Sway to complete startup: machine.wait_for_file("/run/user/1000/wayland-1") machine.wait_for_file("/tmp/sway-ipc.sock") # Check seccomp outcome: -swaymsg("exec fortify run cat") +swaymsg("exec hakurei run cat") pid = int(machine.wait_until_succeeds("pgrep -U 1000000 -x cat", timeout=5)) -print(machine.succeed(f"fortify-test filter {pid} c698b081ff957afe17a6d94374537d37f2a63f6f9dd75da7546542407a9e32476ebda3312ba7785d7f618542bcfaf27ca27dcc2dddba852069d28bcfe8cad39a &>/dev/stdout", timeout=5)) +print(machine.succeed(f"hakurei-test filter {pid} c698b081ff957afe17a6d94374537d37f2a63f6f9dd75da7546542407a9e32476ebda3312ba7785d7f618542bcfaf27ca27dcc2dddba852069d28bcfe8cad39a &>/dev/stdout", timeout=5)) machine.succeed(f"kill -TERM {pid}") # Verify capabilities/securebits in user namespace: -print(machine.succeed("sudo -u alice -i fortify run capsh --print")) -print(machine.succeed("sudo -u alice -i fortify run capsh --has-no-new-privs")) -print(machine.fail("sudo -u alice -i fortify run capsh --has-a=CAP_SYS_ADMIN")) -print(machine.fail("sudo -u alice -i fortify run capsh --has-b=CAP_SYS_ADMIN")) -print(machine.fail("sudo -u alice -i fortify run capsh --has-i=CAP_SYS_ADMIN")) -print(machine.fail("sudo -u alice -i fortify run capsh --has-p=CAP_SYS_ADMIN")) -print(machine.fail("sudo -u alice -i fortify run umount -R /dev")) +print(machine.succeed("sudo -u alice -i hakurei run capsh --print")) +print(machine.succeed("sudo -u alice -i hakurei run capsh --has-no-new-privs")) +print(machine.fail("sudo -u alice -i hakurei run capsh --has-a=CAP_SYS_ADMIN")) +print(machine.fail("sudo -u alice -i hakurei run capsh --has-b=CAP_SYS_ADMIN")) +print(machine.fail("sudo -u alice -i hakurei run capsh --has-i=CAP_SYS_ADMIN")) +print(machine.fail("sudo -u alice -i hakurei run capsh --has-p=CAP_SYS_ADMIN")) +print(machine.fail("sudo -u alice -i hakurei run umount -R /dev")) # Check sandbox outcome: check_offset = 0 @@ -56,7 +56,7 @@ def check_sandbox(name): global check_offset check_offset += 1 swaymsg(f"exec script /dev/null -E always -qec check-sandbox-{name}") - machine.wait_for_file(f"/tmp/fortify.1000/tmpdir/{check_offset}/sandbox-ok", timeout=15) + machine.wait_for_file(f"/tmp/hakurei.1000/tmpdir/{check_offset}/sandbox-ok", timeout=15) check_sandbox("preset") @@ -68,5 +68,5 @@ check_sandbox("device") swaymsg("exit", succeed=False) machine.wait_for_file("/tmp/sway-exit-ok") -# Print fortify runDir contents: -print(machine.succeed("find /run/user/1000/fortify")) +# Print hakurei runDir contents: +print(machine.succeed("find /run/user/1000/hakurei")) diff --git a/test/sandbox/tool/main.go b/test/sandbox/tool/main.go index 4c639b2..a9a9ee0 100644 --- a/test/sandbox/tool/main.go +++ b/test/sandbox/tool/main.go @@ -6,7 +6,7 @@ import ( "strconv" "strings" - "git.gensokyo.uk/security/fortify/test/sandbox" + "git.gensokyo.uk/security/hakurei/test/sandbox" ) func main() { diff --git a/test/sandbox/tool/package.nix b/test/sandbox/tool/package.nix index 7cc3472..d003cfa 100644 --- a/test/sandbox/tool/package.nix +++ b/test/sandbox/tool/package.nix @@ -21,10 +21,10 @@ buildGoModule rec { nativeBuildInputs = [ pkg-config ]; preBuild = '' - go mod init git.gensokyo.uk/security/fortify/test/sandbox >& /dev/null + go mod init git.gensokyo.uk/security/hakurei/test/sandbox >& /dev/null ''; postInstall = '' - mv $out/bin/tool $out/bin/fortify-test + mv $out/bin/tool $out/bin/hakurei-test ''; } diff --git a/test/test.py b/test/test.py index 4b67b6f..1636164 100644 --- a/test/test.py +++ b/test/test.py @@ -47,15 +47,15 @@ def wait_for_window(pattern): def collect_state_ui(name): - swaymsg(f"exec fortify ps > '/tmp/{name}.ps'") + swaymsg(f"exec hakurei ps > '/tmp/{name}.ps'") machine.copy_from_vm(f"/tmp/{name}.ps", "") - swaymsg(f"exec fortify --json ps > '/tmp/{name}.json'") + swaymsg(f"exec hakurei --json ps > '/tmp/{name}.json'") machine.copy_from_vm(f"/tmp/{name}.json", "") machine.screenshot(name) def check_state(name, enablements): - instances = json.loads(machine.succeed("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 fortify --json ps")) + instances = json.loads(machine.succeed("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 hakurei --json ps")) if len(instances) != 1: raise Exception(f"unexpected state length {len(instances)}") instance = next(iter(instances.values())) @@ -73,36 +73,36 @@ def check_state(name, enablements): raise Exception(f"unexpected enablements {instance['config']['enablements']}") -def fortify(command): - swaymsg(f"exec fortify {command}") +def hakurei(command): + swaymsg(f"exec hakurei {command}") start_all() machine.wait_for_unit("multi-user.target") -# To check fortify's version: -print(machine.succeed("sudo -u alice -i fortify version")) +# To check hakurei's version: +print(machine.succeed("sudo -u alice -i hakurei version")) # Wait for Sway to complete startup: machine.wait_for_file("/run/user/1000/wayland-1") machine.wait_for_file("/tmp/sway-ipc.sock") -# Run fortify Go tests outside of nix build in the background: -swaymsg("exec fortify-test") +# Run hakurei Go tests outside of nix build in the background: +swaymsg("exec hakurei-test") # Deny unmapped uid: -denyOutput = machine.fail("sudo -u untrusted -i fortify run &>/dev/stdout") +denyOutput = machine.fail("sudo -u untrusted -i hakurei run &>/dev/stdout") print(denyOutput) -denyOutputVerbose = machine.fail("sudo -u untrusted -i fortify -v run &>/dev/stdout") +denyOutputVerbose = machine.fail("sudo -u untrusted -i hakurei -v run &>/dev/stdout") print(denyOutputVerbose) -# Fail direct fsu call: -print(machine.fail("sudo -u alice -i fsu")) +# Fail direct hsu call: +print(machine.fail("sudo -u alice -i hsu")) # Verify PrintBaseError behaviour: -if denyOutput != "fsu: uid 1001 is not in the fsurc file\n": +if denyOutput != "hsu: uid 1001 is not in the hsurc file\n": raise Exception(f"unexpected deny output:\n{denyOutput}") -if denyOutputVerbose != "fsu: uid 1001 is not in the fsurc file\nfortify: *cannot obtain uid from fsu: permission denied\n": +if denyOutputVerbose != "hsu: uid 1001 is not in the hsurc file\nhakurei: *cannot obtain uid from setuid wrapper: permission denied\n": raise Exception(f"unexpected deny verbose output:\n{denyOutputVerbose}") check_offset = 0 @@ -113,15 +113,15 @@ def aid(offset): def tmpdir_path(offset, name): - return f"/tmp/fortify.1000/tmpdir/{aid(offset)}/{name}" + return f"/tmp/hakurei.1000/tmpdir/{aid(offset)}/{name}" -# Start fortify permissive defaults outside Wayland session: -print(machine.succeed("sudo -u alice -i fortify -v run -a 0 touch /tmp/pd-bare-ok")) -machine.wait_for_file("/tmp/fortify.1000/tmpdir/0/pd-bare-ok", timeout=5) +# Start hakurei permissive defaults outside Wayland session: +print(machine.succeed("sudo -u alice -i hakurei -v run -a 0 touch /tmp/pd-bare-ok")) +machine.wait_for_file("/tmp/hakurei.1000/tmpdir/0/pd-bare-ok", timeout=5) # Verify silent output permissive defaults: -output = machine.succeed("sudo -u alice -i fortify run -a 0 true &>/dev/stdout") +output = machine.succeed("sudo -u alice -i hakurei run -a 0 true &>/dev/stdout") if output != "": raise Exception(f"unexpected output\n{output}") @@ -130,12 +130,12 @@ def silent_output_interrupt(flags): swaymsg("exec foot") wait_for_window("alice@machine") # aid 0 does not have home-manager - machine.send_chars(f"exec fortify run {flags}-a 0 sh -c 'export PATH=/run/current-system/sw/bin:$PATH && touch /tmp/pd-silent-ready && sleep infinity' &>/tmp/pd-silent\n") - machine.wait_for_file("/tmp/fortify.1000/tmpdir/0/pd-silent-ready", timeout=15) - machine.succeed("rm /tmp/fortify.1000/tmpdir/0/pd-silent-ready") + machine.send_chars(f"exec hakurei run {flags}-a 0 sh -c 'export PATH=/run/current-system/sw/bin:$PATH && touch /tmp/pd-silent-ready && sleep infinity' &>/tmp/pd-silent\n") + machine.wait_for_file("/tmp/hakurei.1000/tmpdir/0/pd-silent-ready", timeout=15) + machine.succeed("rm /tmp/hakurei.1000/tmpdir/0/pd-silent-ready") machine.send_key("ctrl-c") machine.wait_until_fails("pgrep foot", timeout=5) - machine.wait_until_fails(f"pgrep -u alice -f 'fortify run {flags}-a 0 '", timeout=5) + machine.wait_until_fails(f"pgrep -u alice -f 'hakurei run {flags}-a 0 '", timeout=5) output = machine.succeed("cat /tmp/pd-silent && rm /tmp/pd-silent") if output != "": raise Exception(f"unexpected output\n{output}") @@ -146,10 +146,10 @@ silent_output_interrupt("--dbus ") # this one is especially painful as it mainta silent_output_interrupt("--wayland -X --dbus --pulse ") # Verify graceful failure on bad Wayland display name: -print(machine.fail("sudo -u alice -i fortify -v run --wayland true")) +print(machine.fail("sudo -u alice -i hakurei -v run --wayland true")) -# Start fortify permissive defaults within Wayland session: -fortify('-v run --wayland --dbus notify-send -a "NixOS Tests" "Test notification" "Notification from within sandbox." && touch /tmp/dbus-ok') +# Start hakurei permissive defaults within Wayland session: +hakurei('-v run --wayland --dbus notify-send -a "NixOS Tests" "Test notification" "Notification from within sandbox." && touch /tmp/dbus-ok') machine.wait_for_file("/tmp/dbus-ok", timeout=15) collect_state_ui("dbus_notify_exited") # not in pid namespace, verify termination @@ -157,10 +157,10 @@ machine.wait_until_fails("pgrep xdg-dbus-proxy") machine.succeed("pkill -9 mako") # Check revert type selection: -fortify("-v run --wayland -X --dbus --pulse -u p0 foot && touch /tmp/p0-exit-ok") +hakurei("-v run --wayland -X --dbus --pulse -u p0 foot && touch /tmp/p0-exit-ok") wait_for_window("p0@machine") print(machine.succeed("getfacl --absolute-names --omit-header --numeric /run/user/1000 | grep 1000000")) -fortify("-v run --wayland -X --dbus --pulse -u p1 foot && touch /tmp/p1-exit-ok") +hakurei("-v run --wayland -X --dbus --pulse -u p1 foot && touch /tmp/p1-exit-ok") wait_for_window("p1@machine") print(machine.succeed("getfacl --absolute-names --omit-header --numeric /run/user/1000 | grep 1000000")) machine.send_chars("exit\n") @@ -174,7 +174,7 @@ machine.fail("getfacl --absolute-names --omit-header --numeric /run/user/1000 | # Check interrupt shim behaviour: swaymsg("exec sh -c 'ne-foot; echo -n $? > /tmp/monitor-exit-code'") wait_for_window(f"u0_a{aid(0)}@machine") -machine.succeed("pkill -INT -f 'fortify -v app '") +machine.succeed("pkill -INT -f 'hakurei -v app '") machine.wait_until_fails("pgrep foot", timeout=5) machine.wait_for_file("/tmp/monitor-exit-code") interrupt_exit_code = int(machine.succeed("cat /tmp/monitor-exit-code")) @@ -194,7 +194,7 @@ machine.send_chars("exit\n") machine.wait_until_fails("pgrep foot", timeout=5) machine.fail(f"getfacl --absolute-names --omit-header --numeric /run/user/1000 | grep {aid(0) + 1000000}", timeout=5) -# Test PulseAudio (fortify does not support PipeWire yet): +# Test PulseAudio (hakurei does not support PipeWire yet): swaymsg("exec pa-foot") wait_for_window(f"u0_a{aid(1)}@machine") machine.send_chars("clear; pactl info && touch /tmp/pulse-ok\n") @@ -237,7 +237,7 @@ wait_for_window(f"u0_a{aid(0)}@machine") machine.send_chars("clear; wayland-info && touch /tmp/term-ok\n") machine.wait_for_file(tmpdir_path(0, "term-ok"), timeout=15) machine.send_key("alt-h") -machine.send_chars("clear; fortify show $(fortify ps --short) && touch /tmp/ps-show-ok && exec cat\n") +machine.send_chars("clear; hakurei show $(hakurei ps --short) && touch /tmp/ps-show-ok && exec cat\n") machine.wait_for_file("/tmp/ps-show-ok", timeout=5) collect_state_ui("foot_wayland_term") check_state("ne-foot", 1) @@ -251,10 +251,10 @@ machine.wait_until_fails("pgrep foot", timeout=5) swaymsg("exit", succeed=False) machine.wait_for_file("/tmp/sway-exit-ok") -# Print fortify runDir contents: -print(machine.succeed("find /run/user/1000/fortify")) +# Print hakurei runDir contents: +print(machine.succeed("find /run/user/1000/hakurei")) # Verify go test status: -machine.wait_for_file("/tmp/fortify-test-done") -print(machine.succeed("cat /tmp/fortify-test.log")) -machine.wait_for_file("/tmp/fortify-test-ok", timeout=2) +machine.wait_for_file("/tmp/hakurei-test-done") +print(machine.succeed("cat /tmp/hakurei-test.log")) +machine.wait_for_file("/tmp/hakurei-test-ok", timeout=2)