security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

sandbox: wrap fmsg interface
All checks were successful
Test / Create distribution (push) Successful in 24s
Details
Test / Fortify (push) Successful in 2m27s
Details
Test / Fpkg (push) Successful in 3m36s
Details
Test / Data race detector (push) Successful in 4m16s
Details
Test / Flake checks (push) Successful in 55s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-03-17 02:31:46 +09:00
parent ee10860357
commit 9a1f8e129f
32 changed files with 270 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/app/shim/main.go
View File

@@ -17,6 +17,7 @@ import (
"git.gensokyo.uk/security/fortify/internal"
"git.gensokyo.uk/security/fortify/internal/app/init0"
"git.gensokyo.uk/security/fortify/internal/fmsg"
"git.gensokyo.uk/security/fortify/internal/sandbox"
)
// everything beyond this point runs as unconstrained target user
@@ -28,7 +29,7 @@ func Main() {
fmsg.Prepare("shim")
// setting this prevents ptrace
if err := internal.SetDumpable(internal.SUID_DUMP_DISABLE); err != nil {
if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil {
log.Fatalf("cannot set SUID_DUMP_DISABLE: %s", err)
}