From eec021cc4b4eb42bc9c8311755826828bfba1996 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Wed, 2 Jul 2025 21:31:29 +0900 Subject: [PATCH] hakurei: move container helpers toplevel Signed-off-by: Ophestra --- cmd/hakurei/internal/app/instance/common/container.go | 2 +- cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go | 2 +- cmd/hakurei/internal/app/internal/setuid/app_pd_test.go | 2 +- cmd/hakurei/internal/app/internal/setuid/shim.go | 2 +- cmd/planterette/app.go | 2 +- cmd/planterette/with.go | 2 +- container.go | 2 +- container_test.go | 4 ++-- dbus/proc.go | 2 +- hst/container.go | 2 +- hst/template.go | 2 +- init.go | 2 +- ldd/exec.go | 2 +- mount.go | 2 +- path.go | 2 +- {sandbox/seccomp => seccomp}/libseccomp-helper.c | 0 {sandbox/seccomp => seccomp}/libseccomp-helper.h | 0 {sandbox/seccomp => seccomp}/libseccomp.go | 0 {sandbox/seccomp => seccomp}/libseccomp_test.go | 2 +- {sandbox/seccomp => seccomp}/mksysnum_linux.pl | 0 {sandbox/seccomp => seccomp}/presets.go | 0 {sandbox/seccomp => seccomp}/presets_clone_backwards2.go | 0 {sandbox/seccomp => seccomp}/presets_clone_generic.go | 0 {sandbox/seccomp => seccomp}/proc.go | 0 {sandbox/seccomp => seccomp}/seccomp.go | 0 {sandbox/seccomp => seccomp}/seccomp_test.go | 2 +- {sandbox/seccomp => seccomp}/syscall.go | 0 {sandbox/seccomp => seccomp}/syscall_extra_linux_amd64.go | 0 {sandbox/seccomp => seccomp}/syscall_linux_amd64.go | 0 {sandbox/seccomp => seccomp}/syscall_test.go | 0 {sandbox/vfs => vfs}/mangle.go | 0 {sandbox/vfs => vfs}/mangle_test.go | 2 +- {sandbox/vfs => vfs}/mountinfo.go | 0 {sandbox/vfs => vfs}/mountinfo_test.go | 2 +- {sandbox/vfs => vfs}/unfold.go | 0 {sandbox/vfs => vfs}/unfold_test.go | 2 +- 36 files changed, 21 insertions(+), 21 deletions(-) rename {sandbox/seccomp => seccomp}/libseccomp-helper.c (100%) rename {sandbox/seccomp => seccomp}/libseccomp-helper.h (100%) rename {sandbox/seccomp => seccomp}/libseccomp.go (100%) rename {sandbox/seccomp => seccomp}/libseccomp_test.go (98%) rename {sandbox/seccomp => seccomp}/mksysnum_linux.pl (100%) rename {sandbox/seccomp => seccomp}/presets.go (100%) rename {sandbox/seccomp => seccomp}/presets_clone_backwards2.go (100%) rename {sandbox/seccomp => seccomp}/presets_clone_generic.go (100%) rename {sandbox/seccomp => seccomp}/proc.go (100%) rename {sandbox/seccomp => seccomp}/seccomp.go (100%) rename {sandbox/seccomp => seccomp}/seccomp_test.go (96%) rename {sandbox/seccomp => seccomp}/syscall.go (100%) rename {sandbox/seccomp => seccomp}/syscall_extra_linux_amd64.go (100%) rename {sandbox/seccomp => seccomp}/syscall_linux_amd64.go (100%) rename {sandbox/seccomp => seccomp}/syscall_test.go (100%) rename {sandbox/vfs => vfs}/mangle.go (100%) rename {sandbox/vfs => vfs}/mangle_test.go (90%) rename {sandbox/vfs => vfs}/mountinfo.go (100%) rename {sandbox/vfs => vfs}/mountinfo_test.go (99%) rename {sandbox/vfs => vfs}/unfold.go (100%) rename {sandbox/vfs => vfs}/unfold_test.go (98%) diff --git a/cmd/hakurei/internal/app/instance/common/container.go b/cmd/hakurei/internal/app/instance/common/container.go index e423e1c..5164d26 100644 --- a/cmd/hakurei/internal/app/instance/common/container.go +++ b/cmd/hakurei/internal/app/instance/common/container.go @@ -12,7 +12,7 @@ import ( "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal/sys" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" ) // in practice there should be less than 30 entries added by the runtime; diff --git a/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go b/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go index 0b7243e..3fe9678 100644 --- a/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_nixos_test.go @@ -6,7 +6,7 @@ import ( "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" "git.gensokyo.uk/security/hakurei/system" ) diff --git a/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go b/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go index 15fd3e5..c839d5b 100644 --- a/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go +++ b/cmd/hakurei/internal/app/internal/setuid/app_pd_test.go @@ -8,7 +8,7 @@ import ( "git.gensokyo.uk/security/hakurei/cmd/hakurei/internal/app" "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" "git.gensokyo.uk/security/hakurei/system" ) diff --git a/cmd/hakurei/internal/app/internal/setuid/shim.go b/cmd/hakurei/internal/app/internal/setuid/shim.go index 19566be..0281f80 100644 --- a/cmd/hakurei/internal/app/internal/setuid/shim.go +++ b/cmd/hakurei/internal/app/internal/setuid/shim.go @@ -13,7 +13,7 @@ import ( "git.gensokyo.uk/security/hakurei" "git.gensokyo.uk/security/hakurei/internal" "git.gensokyo.uk/security/hakurei/internal/hlog" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" ) /* diff --git a/cmd/planterette/app.go b/cmd/planterette/app.go index 6d0993f..1bc2337 100644 --- a/cmd/planterette/app.go +++ b/cmd/planterette/app.go @@ -8,7 +8,7 @@ import ( "git.gensokyo.uk/security/hakurei/dbus" "git.gensokyo.uk/security/hakurei/hst" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" "git.gensokyo.uk/security/hakurei/system" ) diff --git a/cmd/planterette/with.go b/cmd/planterette/with.go index f2f4541..a2eb02e 100644 --- a/cmd/planterette/with.go +++ b/cmd/planterette/with.go @@ -7,7 +7,7 @@ import ( "git.gensokyo.uk/security/hakurei/hst" "git.gensokyo.uk/security/hakurei/internal" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" ) func withNixDaemon( diff --git a/container.go b/container.go index 57e3c6f..5bbc5d3 100644 --- a/container.go +++ b/container.go @@ -14,7 +14,7 @@ import ( . "syscall" "time" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" ) type ( diff --git a/container_test.go b/container_test.go index aa1ed0a..4604d02 100644 --- a/container_test.go +++ b/container_test.go @@ -17,8 +17,8 @@ import ( "git.gensokyo.uk/security/hakurei/internal" "git.gensokyo.uk/security/hakurei/internal/hlog" "git.gensokyo.uk/security/hakurei/ldd" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" - "git.gensokyo.uk/security/hakurei/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/seccomp" + "git.gensokyo.uk/security/hakurei/vfs" ) const ( diff --git a/dbus/proc.go b/dbus/proc.go index bbb72f9..e8cccd5 100644 --- a/dbus/proc.go +++ b/dbus/proc.go @@ -14,7 +14,7 @@ import ( "git.gensokyo.uk/security/hakurei" "git.gensokyo.uk/security/hakurei/helper" "git.gensokyo.uk/security/hakurei/ldd" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" ) // Start starts and configures a D-Bus proxy process. diff --git a/hst/container.go b/hst/container.go index bc36bef..1a5c4eb 100644 --- a/hst/container.go +++ b/hst/container.go @@ -1,7 +1,7 @@ package hst import ( - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" ) type ( diff --git a/hst/template.go b/hst/template.go index bcf14ac..4c0930e 100644 --- a/hst/template.go +++ b/hst/template.go @@ -2,7 +2,7 @@ package hst import ( "git.gensokyo.uk/security/hakurei/dbus" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" "git.gensokyo.uk/security/hakurei/system" ) diff --git a/init.go b/init.go index 74ff929..cb7fd84 100644 --- a/init.go +++ b/init.go @@ -13,7 +13,7 @@ import ( . "syscall" "time" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" ) const ( diff --git a/ldd/exec.go b/ldd/exec.go index ec38f68..9922ba1 100644 --- a/ldd/exec.go +++ b/ldd/exec.go @@ -9,7 +9,7 @@ import ( "time" "git.gensokyo.uk/security/hakurei" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" ) const lddTimeout = 2 * time.Second diff --git a/mount.go b/mount.go index 68d689f..44e1d9c 100644 --- a/mount.go +++ b/mount.go @@ -7,7 +7,7 @@ import ( "path/filepath" . "syscall" - "git.gensokyo.uk/security/hakurei/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/vfs" ) func (p *procPaths) bindMount(source, target string, flags uintptr, eq bool) error { diff --git a/path.go b/path.go index bc4cccb..9e777ee 100644 --- a/path.go +++ b/path.go @@ -10,7 +10,7 @@ import ( "strings" "syscall" - "git.gensokyo.uk/security/hakurei/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/vfs" ) const ( diff --git a/sandbox/seccomp/libseccomp-helper.c b/seccomp/libseccomp-helper.c similarity index 100% rename from sandbox/seccomp/libseccomp-helper.c rename to seccomp/libseccomp-helper.c diff --git a/sandbox/seccomp/libseccomp-helper.h b/seccomp/libseccomp-helper.h similarity index 100% rename from sandbox/seccomp/libseccomp-helper.h rename to seccomp/libseccomp-helper.h diff --git a/sandbox/seccomp/libseccomp.go b/seccomp/libseccomp.go similarity index 100% rename from sandbox/seccomp/libseccomp.go rename to seccomp/libseccomp.go diff --git a/sandbox/seccomp/libseccomp_test.go b/seccomp/libseccomp_test.go similarity index 98% rename from sandbox/seccomp/libseccomp_test.go rename to seccomp/libseccomp_test.go index f5c0105..441245b 100644 --- a/sandbox/seccomp/libseccomp_test.go +++ b/seccomp/libseccomp_test.go @@ -8,7 +8,7 @@ import ( "syscall" "testing" - . "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + . "git.gensokyo.uk/security/hakurei/seccomp" ) func TestExport(t *testing.T) { diff --git a/sandbox/seccomp/mksysnum_linux.pl b/seccomp/mksysnum_linux.pl similarity index 100% rename from sandbox/seccomp/mksysnum_linux.pl rename to seccomp/mksysnum_linux.pl diff --git a/sandbox/seccomp/presets.go b/seccomp/presets.go similarity index 100% rename from sandbox/seccomp/presets.go rename to seccomp/presets.go diff --git a/sandbox/seccomp/presets_clone_backwards2.go b/seccomp/presets_clone_backwards2.go similarity index 100% rename from sandbox/seccomp/presets_clone_backwards2.go rename to seccomp/presets_clone_backwards2.go diff --git a/sandbox/seccomp/presets_clone_generic.go b/seccomp/presets_clone_generic.go similarity index 100% rename from sandbox/seccomp/presets_clone_generic.go rename to seccomp/presets_clone_generic.go diff --git a/sandbox/seccomp/proc.go b/seccomp/proc.go similarity index 100% rename from sandbox/seccomp/proc.go rename to seccomp/proc.go diff --git a/sandbox/seccomp/seccomp.go b/seccomp/seccomp.go similarity index 100% rename from sandbox/seccomp/seccomp.go rename to seccomp/seccomp.go diff --git a/sandbox/seccomp/seccomp_test.go b/seccomp/seccomp_test.go similarity index 96% rename from sandbox/seccomp/seccomp_test.go rename to seccomp/seccomp_test.go index 21198bf..9b43f46 100644 --- a/sandbox/seccomp/seccomp_test.go +++ b/seccomp/seccomp_test.go @@ -6,7 +6,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/hakurei/sandbox/seccomp" + "git.gensokyo.uk/security/hakurei/seccomp" ) func TestLibraryError(t *testing.T) { diff --git a/sandbox/seccomp/syscall.go b/seccomp/syscall.go similarity index 100% rename from sandbox/seccomp/syscall.go rename to seccomp/syscall.go diff --git a/sandbox/seccomp/syscall_extra_linux_amd64.go b/seccomp/syscall_extra_linux_amd64.go similarity index 100% rename from sandbox/seccomp/syscall_extra_linux_amd64.go rename to seccomp/syscall_extra_linux_amd64.go diff --git a/sandbox/seccomp/syscall_linux_amd64.go b/seccomp/syscall_linux_amd64.go similarity index 100% rename from sandbox/seccomp/syscall_linux_amd64.go rename to seccomp/syscall_linux_amd64.go diff --git a/sandbox/seccomp/syscall_test.go b/seccomp/syscall_test.go similarity index 100% rename from sandbox/seccomp/syscall_test.go rename to seccomp/syscall_test.go diff --git a/sandbox/vfs/mangle.go b/vfs/mangle.go similarity index 100% rename from sandbox/vfs/mangle.go rename to vfs/mangle.go diff --git a/sandbox/vfs/mangle_test.go b/vfs/mangle_test.go similarity index 90% rename from sandbox/vfs/mangle_test.go rename to vfs/mangle_test.go index 101d87e..54af8fb 100644 --- a/sandbox/vfs/mangle_test.go +++ b/vfs/mangle_test.go @@ -3,7 +3,7 @@ package vfs_test import ( "testing" - "git.gensokyo.uk/security/hakurei/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/vfs" ) func TestUnmangle(t *testing.T) { diff --git a/sandbox/vfs/mountinfo.go b/vfs/mountinfo.go similarity index 100% rename from sandbox/vfs/mountinfo.go rename to vfs/mountinfo.go diff --git a/sandbox/vfs/mountinfo_test.go b/vfs/mountinfo_test.go similarity index 99% rename from sandbox/vfs/mountinfo_test.go rename to vfs/mountinfo_test.go index 4e1fa3c..255f1c9 100644 --- a/sandbox/vfs/mountinfo_test.go +++ b/vfs/mountinfo_test.go @@ -12,7 +12,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/hakurei/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/vfs" ) func TestMountInfo(t *testing.T) { diff --git a/sandbox/vfs/unfold.go b/vfs/unfold.go similarity index 100% rename from sandbox/vfs/unfold.go rename to vfs/unfold.go diff --git a/sandbox/vfs/unfold_test.go b/vfs/unfold_test.go similarity index 98% rename from sandbox/vfs/unfold_test.go rename to vfs/unfold_test.go index e20fc00..59e5204 100644 --- a/sandbox/vfs/unfold_test.go +++ b/vfs/unfold_test.go @@ -8,7 +8,7 @@ import ( "syscall" "testing" - "git.gensokyo.uk/security/hakurei/sandbox/vfs" + "git.gensokyo.uk/security/hakurei/vfs" ) func TestUnfold(t *testing.T) {