security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

priv/shim: move /sbin/init setup to app
All checks were successful
Test / Create distribution (push) Successful in 49s
Details
Test / Run NixOS test (push) Successful in 3m36s
Details

Browse Source 
Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-02-15 02:56:08 +09:00
parent a0062d8275
commit ea8d1c07df
7 changed files with 24 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/app/share.go
View File

@@ -293,6 +293,10 @@ func (seal *appSeal) setupShares(bus [2]*dbus.Config, os linux.System) error {
seal.sys.bwrap.Tmpfs(dest, 8*1024)
}
// mount fortify in sandbox for init
seal.sys.bwrap.Bind(os.MustExecutable(), path.Join(fst.Tmp, "sbin/fortify"))
seal.sys.bwrap.Symlink("fortify", path.Join(fst.Tmp, "sbin/init"))
// append extra perms
for _, p := range seal.extraPerms {
if p == nil {