hakurei

Author	SHA1	Message	Date
Ophestra	27d2914286	proc/priv/init: merge init into main program All checks were successful Build / Create distribution (push) Successful in 1m47s Details Test / Run NixOS test (push) Successful in 3m46s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:47:01 +09:00
Ophestra	ea8f228af3	proc/priv/shim: merge shim into main program All checks were successful Build / Create distribution (push) Successful in 2m15s Details Test / Run NixOS test (push) Successful in 2m53s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 23:43:32 +09:00
Ophestra	124743ffd3	app: expose single run method All checks were successful Tests / Go tests (push) Successful in 1m1s Details Nix / NixOS tests (push) Successful in 3m20s Details App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-15 23:39:51 +09:00
Ophestra	22a4b99674	cmd/fpkg/install: deduplicate nix store All checks were successful Tests / Go tests (push) Successful in 41s Details Nix / NixOS tests (push) Successful in 4m43s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-30 02:25:04 +09:00
Ophestra	1464ef774b	cmd/fpkg: expose nixGL wrappers All checks were successful Tests / Go tests (push) Successful in 35s Details Nix / NixOS tests (push) Successful in 4m6s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-30 02:02:20 +09:00
Ophestra	66ba4cea5c	cmd/fpkg: remove workDir acl from activation All checks were successful Tests / Go tests (push) Successful in 33s Details Nix / NixOS tests (push) Successful in 3m56s Details Activation does not require access to workDir, and by this point all information is available in dataHome. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 23:48:45 +09:00
Ophestra	f8d0786509	cmd/fpkg: include nixGL source in inner store All checks were successful Tests / Go tests (push) Successful in 34s Details Nix / NixOS tests (push) Successful in 4m24s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 23:37:11 +09:00
Ophestra	aff80b6b00	cmd/fpkg: optional network access when invoking with nix daemon All checks were successful Tests / Go tests (push) Successful in 34s Details Nix / NixOS tests (push) Successful in 3m36s Details This is useful for building nixGL. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 18:32:44 +09:00
Ophestra	a98a176907	cmd/fpkg: bind and document more gpu devices All checks were successful Tests / Go tests (push) Successful in 34s Details Nix / NixOS tests (push) Successful in 3m40s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 18:25:26 +09:00
Ophestra	5302879b88	cmd/fpkg: improve readability of fortify invocations All checks were successful Tests / Go tests (push) Successful in 34s Details Nix / NixOS tests (push) Successful in 3m41s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 17:55:56 +09:00
Ophestra	891b3cbde7	cmd/fpkg: compare all three store paths All checks were successful Tests / Go tests (push) Successful in 34s Details Nix / NixOS tests (push) Successful in 3m39s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 17:10:41 +09:00
Ophestra	c795293f36	cmd/fpkg: clean up broken links before activation All checks were successful Tests / Go tests (push) Successful in 35s Details Nix / NixOS tests (push) Successful in 3m38s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 15:21:40 +09:00
Ophestra	c1a459a0b1	cmd/fpkg/start: correct drop to shell wording All checks were successful Tests / Go tests (push) Successful in 52s Details Nix / NixOS tests (push) Successful in 4m27s Details Activation no longer happens during application startup. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-29 00:56:14 +09:00
Ophestra	e0e2f40e84	cmd/fpkg: app bundle helper All checks were successful Tests / Go tests (push) Successful in 43s Details Nix / NixOS tests (push) Successful in 4m25s Details This helper program creates fortify configuration for running an application bundle. The activate action wraps a home-manager activation package and ensures each generation gets activated once. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 13:21:49 +09:00
Ophestra	9b206072fa	cmd/fshim: ensure data directory All checks were successful Tests / Go tests (push) Successful in 36s Details Nix / NixOS tests (push) Successful in 3m33s Details Ensuring home directory in shim causes the directory to be owned by the target user. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-28 14:39:01 +09:00
Ophestra	0a2aa5823b	cmd/fshim: bind finit inside sandbox All checks were successful Tests / Go tests (push) Successful in 34s Details Nix / NixOS tests (push) Successful in 3m32s Details The outer finit executable is normally inaccessible inside the sandbox. This was obscured by the current Nix-based setup exposing /nix/store to the sandbox. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-27 14:44:57 +09:00
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify All checks were successful Tests / Go tests (push) Successful in 2m55s Details Nix / NixOS tests (push) Successful in 5m10s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	52f21a19f3	cmd/fshim: switch to setup pipe All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 5m43s Details The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 19:39:25 +09:00
Ophestra Umiker	7be53a2438	cmd/fshim: switch to generic setup func All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 5m47s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 17:20:31 +09:00
Ophestra Umiker	f69e8e753e	cmd/finit: switch to generic receive func All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 5m40s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 16:49:19 +09:00
Ophestra Umiker	b453f70ca2	cmd/fsu: check uid range before syscall All checks were successful Tests / Go tests (push) Successful in 43s Details Nix / NixOS tests (push) Successful in 5m0s Details This limits potential exploits to the fortify uid range. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-17 13:01:36 +09:00
Ophestra Umiker	33c95b80ca	cmd/fuserdb: rename home directories All checks were successful test / test (push) Successful in 36s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-07 20:23:46 +09:00
Ophestra Umiker	cc816a1aaa	proc: cleaner extra files All checks were successful test / test (push) Successful in 37s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 16:05:04 +09:00
Ophestra Umiker	b3ef53b193	app: integrate security-context-v1 All checks were successful test / test (push) Successful in 37s Details Should be able to get rid of XDG_RUNTIME_DIR share after this. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-06 04:25:33 +09:00
Ophestra Umiker	ae2628e57a	cmd/fshim/ipc: install signal handler on shim start All checks were successful test / test (push) Successful in 20s Details Getting killed at this point will result in inconsistent state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 13:33:46 +09:00
Ophestra Umiker	2e23cef7bb	cmd/fuserdb: generate group entries Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:31:06 +09:00
Ophestra Umiker	6a6d30af1f	cmd/fuserdb: systemd userdb drop-in entries generator All checks were successful test / test (push) Successful in 20s Details This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 02:16:02 +09:00
Ophestra Umiker	df33123bd7	app: integrate fsu All checks were successful test / test (push) Successful in 21s Details This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
Ophestra Umiker	45fead18c3	cmd/fshim: set no_new_privs flag Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-09 11:50:56 +09:00
Ophestra Umiker	88abcbe0b2	cmd/fsu: remove import of internal package All checks were successful test / test (push) Successful in 24s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 12:32:14 +09:00
Ophestra Umiker	8cd3651bb6	cmd/fshim/ipc: friendly setup timeout message All checks were successful test / test (push) Successful in 22s Details This message eventually gets returned by the app's Start method, so they should be wrapped to provide a friendly message. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-03 02:03:30 +09:00
Ophestra Umiker	584732f80a	cmd: shim and init into separate binaries All checks were successful test / test (push) Successful in 19s Details This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
Ophestra Umiker	aa1f96eeeb	fsu: check parent executable path All checks were successful test / test (push) Successful in 19s Details Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 18:52:23 +09:00
Ophestra Umiker	d9cb2a9f2b	fsu: implement simple setuid user switcher Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 00:02:34 +09:00

1 2

84 Commits