security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

fipc: export config struct
All checks were successful
Tests / Go tests (push) Successful in 1m12s
Details
Nix / NixOS tests (push) Successful in 10m51s
Details

Browse Source 
Also store full config as part of state.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra
2024-12-18 13:45:55 +09:00
parent 5d00805a7c
commit b752ec4468
11 changed files with 100 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/app/app_nixos_test.go
View File

@@ -3,6 +3,7 @@ package app_test
import (
"git.ophivana.moe/security/fortify/acl"
"git.ophivana.moe/security/fortify/dbus"
"git.ophivana.moe/security/fortify/fipc"
"git.ophivana.moe/security/fortify/helper/bwrap"
"git.ophivana.moe/security/fortify/internal/app"
"git.ophivana.moe/security/fortify/internal/system"
@@ -11,15 +12,15 @@ import (
var testCasesNixos = []sealTestCase{
{
"nixos chromium direct wayland", new(stubNixOS),
&app.Config{
&fipc.Config{
ID: "org.chromium.Chromium",
Command: []string{"/nix/store/yqivzpzzn7z5x0lq9hmbzygh45d8rhqd-chromium-start"},
Confinement: app.ConfinementConfig{
Confinement: fipc.ConfinementConfig{
AppID: 1, Groups: []string{}, Username: "u0_a1",
Outer: "/var/lib/persist/module/fortify/0/1",
Sandbox: &app.SandboxConfig{
Sandbox: &fipc.SandboxConfig{
UserNS: true, Net: true, MapRealUID: true, DirectWayland: true, Env: nil,
Filesystem: []*app.FilesystemConfig{
Filesystem: []*fipc.FilesystemConfig{
{Src: "/bin", Must: true}, {Src: "/usr/bin", Must: true},
{Src: "/nix/store", Must: true}, {Src: "/run/current-system", Must: true},
{Src: "/sys/block"}, {Src: "/sys/bus"}, {Src: "/sys/class"}, {Src: "/sys/dev"}, {Src: "/sys/devices"},