hakurei

Author	SHA1	Message	Date
Ophestra	83a1c75f1a	app: set up acl on X11 socket All checks were successful Test / Create distribution (push) Successful in 33s Details Test / Sandbox (push) Successful in 2m9s Details Test / Hakurei (push) Successful in 3m22s Details Test / Sandbox (race detector) (push) Successful in 4m26s Details Test / Hpkg (push) Successful in 4m25s Details Test / Hakurei (race detector) (push) Successful in 43s Details Test / Flake checks (push) Successful in 1m38s Details The socket is typically owned by the priv-user, and inaccessible by the target user, so just allowing access to the directory is not enough. This change fixes this oversight and add checks that will also be useful for merging #1. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-18 11:30:58 +09:00
Ophestra	9ed3ba85ea	hst/fs: implement overlay fstype All checks were successful Test / Create distribution (push) Successful in 33s Details Test / Sandbox (push) Successful in 2m8s Details Test / Hakurei (push) Successful in 3m8s Details Test / Hpkg (push) Successful in 3m59s Details Test / Sandbox (race detector) (push) Successful in 4m20s Details Test / Hakurei (race detector) (push) Successful in 5m1s Details Test / Flake checks (push) Successful in 1m27s Details This finally exposes overlay mounts in the high level hakurei API. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-15 04:00:55 +09:00
Ophestra	3b8a3d3b00	app: remount root readonly All checks were successful Test / Create distribution (push) Successful in 25s Details Test / Sandbox (push) Successful in 41s Details Test / Sandbox (race detector) (push) Successful in 42s Details Test / Hakurei (race detector) (push) Successful in 45s Details Test / Hpkg (push) Successful in 44s Details Test / Hakurei (push) Successful in 2m13s Details Test / Flake checks (push) Successful in 1m25s Details This does nothing for security, but should help avoid hiding bugs of programs developed in a hakurei container. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 23:56:28 +09:00
Ophestra	ec33061c92	nix: remove nscd cover All checks were successful Test / Create distribution (push) Successful in 33s Details Test / Hpkg (push) Successful in 40s Details Test / Sandbox (push) Successful in 1m30s Details Test / Hakurei (push) Successful in 2m18s Details Test / Sandbox (race detector) (push) Successful in 2m21s Details Test / Hakurei (race detector) (push) Successful in 2m50s Details Test / Flake checks (push) Successful in 1m15s Details This is a pd workaround that does nothing in the nixos module. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 22:04:58 +09:00
Ophestra	547a2adaa4	container/mount: pass tmpfs flags All checks were successful Test / Create distribution (push) Successful in 32s Details Test / Sandbox (push) Successful in 2m1s Details Test / Sandbox (race detector) (push) Successful in 3m57s Details Test / Hpkg (push) Successful in 3m55s Details Test / Hakurei (race detector) (push) Successful in 4m30s Details Test / Hakurei (push) Successful in 2m18s Details Test / Flake checks (push) Successful in 1m14s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-08-01 18:59:06 +09:00
Ophestra	625632c593	nix: update flake lock All checks were successful Test / Create distribution (push) Successful in 39s Details Test / Sandbox (race detector) (push) Successful in 50s Details Test / Sandbox (push) Successful in 52s Details Test / Planterette (push) Successful in 50s Details Test / Hakurei (race detector) (push) Successful in 57s Details Test / Hakurei (push) Successful in 59s Details Test / Flake checks (push) Successful in 1m53s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-26 18:57:54 +09:00
Ophestra	749a2779f5	test/sandbox: add arm64 constants All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Sandbox (push) Successful in 40s Details Test / Hakurei (push) Successful in 42s Details Test / Hakurei (race detector) (push) Successful in 42s Details Test / Sandbox (race detector) (push) Successful in 38s Details Test / Planterette (push) Successful in 40s Details Test / Flake checks (push) Successful in 1m30s Details Most of these are differences in qemu. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 05:36:35 +09:00
Ophestra	e574042d76	test/sandbox: verify seccomp on all test cases All checks were successful Test / Hakurei (push) Successful in 42s Details Test / Sandbox (push) Successful in 39s Details Test / Hakurei (race detector) (push) Successful in 41s Details Test / Create distribution (push) Successful in 33s Details Test / Sandbox (race detector) (push) Successful in 39s Details Test / Planterette (push) Successful in 41s Details Test / Flake checks (push) Successful in 1m17s Details This change also makes seccomp hashes cross-platform. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-07-09 04:21:35 +09:00
Ophestra	87e008d56d	treewide: rename to hakurei All checks were successful Test / Create distribution (push) Successful in 43s Details Test / Sandbox (push) Successful in 2m18s Details Test / Hakurei (push) Successful in 3m10s Details Test / Sandbox (race detector) (push) Successful in 3m30s Details Test / Hakurei (race detector) (push) Successful in 4m43s Details Test / Fpkg (push) Successful in 5m4s Details Test / Flake checks (push) Successful in 1m12s Details Fortify makes little sense for a container tool. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-25 04:57:41 +09:00
Ophestra	717771ae80	app: share runtime dir All checks were successful Test / Create distribution (push) Successful in 24s Details Test / Sandbox (race detector) (push) Successful in 37s Details Test / Sandbox (push) Successful in 37s Details Test / Fortify (push) Successful in 40s Details Test / Fortify (race detector) (push) Successful in 40s Details Test / Fpkg (push) Successful in 38s Details Test / Flake checks (push) Successful in 1m5s Details This allows apps with the same identity to access the same runtime dir. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-08 03:24:48 +09:00
Ophestra	b7e991de5b	nix: update flake lock All checks were successful Test / Create distribution (push) Successful in 51s Details Test / Sandbox (push) Successful in 15m56s Details Test / Sandbox (race detector) (push) Successful in 16m5s Details Test / Fpkg (push) Successful in 17m33s Details Test / Fortify (race detector) (push) Successful in 2m28s Details Test / Fortify (push) Successful in 40s Details Test / Flake checks (push) Successful in 2m58s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-06-05 04:05:39 +09:00
Ophestra	f30a439bcd	nix: improve common usability All checks were successful Test / Create distribution (push) Successful in 19s Details Test / Sandbox (push) Successful in 31s Details Test / Fortify (push) Successful in 35s Details Test / Sandbox (race detector) (push) Successful in 31s Details Test / Fortify (race detector) (push) Successful in 35s Details Test / Fpkg (push) Successful in 33s Details Test / Flake checks (push) Successful in 1m7s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-05-16 04:40:12 +09:00
Ophestra	008e9e7fc5	nix: update flake lock All checks were successful Test / Create distribution (push) Successful in 28s Details Test / Fortify (push) Successful in 38s Details Test / Fortify (race detector) (push) Successful in 37s Details Test / Fpkg (push) Successful in 35s Details Test / Sandbox (push) Successful in 1m18s Details Test / Sandbox (race detector) (push) Successful in 1m27s Details Test / Flake checks (push) Successful in 2m47s Details	2025-05-07 21:35:37 +09:00
Ophestra	ae6f5ede19	fst: mount passthrough /dev writable All checks were successful Test / Create distribution (push) Successful in 26s Details Test / Sandbox (push) Successful in 1m50s Details Test / Fortify (push) Successful in 2m39s Details Test / Sandbox (race detector) (push) Successful in 3m1s Details Test / Fpkg (push) Successful in 3m30s Details Test / Fortify (race detector) (push) Successful in 4m13s Details Test / Flake checks (push) Successful in 59s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 20:01:54 +09:00
Ophestra	807d511c8b	test/sandbox: check device outcome All checks were successful Test / Fortify (push) Successful in 35s Details Test / Create distribution (push) Successful in 26s Details Test / Fortify (race detector) (push) Successful in 35s Details Test / Fpkg (push) Successful in 34s Details Test / Sandbox (push) Successful in 1m22s Details Test / Sandbox (race detector) (push) Successful in 1m41s Details Test / Flake checks (push) Successful in 1m5s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-04-11 19:55:16 +09:00

15 Commits