hakurei

Author	SHA1	Message	Date
Ophestra	f955b15b84	system: remove write mode tmpfiles All checks were successful Test / Create distribution (push) Successful in 57s Details Test / Run NixOS test (push) Successful in 3m42s Details This interface is ugly and bug-prone. This change removes its write mode which has been obsoleted by CopyBind. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 03:22:20 +09:00
Ophestra	0340c67995	app: port passwd and group files to copy All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m41s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 03:19:06 +09:00
Ophestra	ea8d1c07df	priv/shim: move /sbin/init setup to app All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m36s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 03:06:10 +09:00
Ophestra	a0062d8275	fmsg: resume on exit All checks were successful Test / Create distribution (push) Successful in 47s Details Test / Run NixOS test (push) Successful in 3m32s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-15 02:22:09 +09:00
Ophestra	1f74b636d3	state/join: use Join method when available All checks were successful Test / Create distribution (push) Successful in 1m4s Details Test / Run NixOS test (push) Successful in 4m11s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-14 14:11:02 +09:00
Ophestra	e431ab3c24	app: check username length against LOGIN_NAME_MAX All checks were successful Test / Create distribution (push) Successful in 49s Details Test / Run NixOS test (push) Successful in 3m46s Details This limit is arbitrary, but it's good to enforce it anyway. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-14 12:44:55 +09:00
Ophestra	fe7d208cf7	helper: use generic extra files interface All checks were successful Test / Create distribution (push) Successful in 1m38s Details Test / Run NixOS test (push) Successful in 4m36s Details This replaces the pipes object and integrates context into helper process lifecycle. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-13 23:34:15 +09:00
Ophestra	e14923ae53	helper/proc: move package out of internal All checks were successful Test / Create distribution (push) Successful in 1m32s Details Test / Run NixOS test (push) Successful in 4m6s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-08 13:03:45 +09:00
Ophestra	a48386bd56	system/dbus: dump messages on early fault All checks were successful Test / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 4m14s Details In the current app implementation this gets dumped in the wait method after resuming output. Wait is never called in an early fault condition, so any error messages get lost. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-07 13:20:56 +09:00
Ophestra	2e52191404	system/dbus: dump method prints msgbuf All checks were successful Test / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 4m1s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-02-07 13:16:54 +09:00
Ophestra	163f15e93f	helper/seccomp: separate seccomp package All checks were successful Test / Create distribution (push) Successful in 1m39s Details Test / Run NixOS test (push) Successful in 3m31s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-25 12:59:11 +09:00
Ophestra	23e1152baa	app/share: clean BaseError message All checks were successful Build / Create distribution (push) Successful in 1m35s Details Test / Run NixOS test (push) Successful in 3m42s Details This removes trailing '\n' in the PulseAudio warning. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 11:54:16 +09:00
Ophestra	8c51012ef5	dbus: enable syscall filter All checks were successful Build / Create distribution (push) Successful in 1m33s Details Test / Run NixOS test (push) Successful in 3m42s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 11:49:23 +09:00
Ophestra	9a239fa1a5	helper/bwrap: integrate seccomp into helper interface All checks were successful Build / Create distribution (push) Successful in 1m36s Details Test / Run NixOS test (push) Successful in 3m40s Details This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-22 01:52:57 +09:00
Ophestra	82029948e6	proc: append to ExtraFiles slice pointer All checks were successful Build / Create distribution (push) Successful in 1m30s Details Test / Run NixOS test (push) Successful in 4m4s Details This is useful for initialising extra files before command. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-21 12:51:39 +09:00
Ophestra	dfcdc5ce20	state: store config in separate gob stream All checks were successful Build / Create distribution (push) Successful in 1m37s Details Test / Run NixOS test (push) Successful in 3m38s Details This enables early serialisation of config. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-21 12:10:58 +09:00
Ophestra	20a3d4c458	proc/priv/shim: resolve and load seccomp rules All checks were successful Build / Create distribution (push) Successful in 1m33s Details Test / Run NixOS test (push) Successful in 3m36s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 23:52:56 +09:00
Ophestra	3df344828f	proc/priv/shim: seccomp bpf filter via libseccomp All checks were successful Build / Create distribution (push) Successful in 1m59s Details Test / Run NixOS test (push) Successful in 4m11s Details Rulesets adapted from Flatpak for compatibility. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 23:39:47 +09:00
Ophestra	27f5922d5c	fst: include syscall filter configuration All checks were successful Build / Create distribution (push) Successful in 3m0s Details Test / Run NixOS test (push) Successful in 5m19s Details This value is passed through to shim. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 21:12:39 +09:00
Ophestra	3c55fc8e86	proc/priv/shim: do not log bwrap args All checks were successful Build / Create distribution (push) Successful in 1m22s Details Test / Run NixOS test (push) Successful in 3m30s Details This message is very long and does not serve much real purpose. Remove it to de-clutter verbose messages. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 19:51:28 +09:00
Ophestra	eb0ef2d115	helper/bwrap: generic extra file interface All checks were successful Build / Create distribution (push) Successful in 1m32s Details Test / Run NixOS test (push) Successful in 3m50s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-20 00:20:04 +09:00
Ophestra	2f70506865	helper/bwrap: move sync to helper state All checks were successful Build / Create distribution (push) Successful in 1m25s Details Test / Run NixOS test (push) Successful in 3m33s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-19 18:38:13 +09:00
Ophestra	cae567c109	proc/priv/shim: remove unnecessary state All checks were successful Build / Create distribution (push) Successful in 1m27s Details Test / Run NixOS test (push) Successful in 3m37s Details These values are only used during process creation. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-19 18:09:07 +09:00
Ophestra	b31d055e20	proc/priv/init: early init check All checks were successful Build / Create distribution (push) Successful in 1m39s Details Test / Run NixOS test (push) Successful in 3m45s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 12:33:33 +09:00
Ophestra	7baca66a56	proc: remove duplicate compile-time fortify reference All checks were successful Build / Create distribution (push) Successful in 1m46s Details Test / Run NixOS test (push) Successful in 3m44s Details This is no longer needed since shim and init are now part of the main program. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:59:33 +09:00
Ophestra	27d2914286	proc/priv/init: merge init into main program All checks were successful Build / Create distribution (push) Successful in 1m47s Details Test / Run NixOS test (push) Successful in 3m46s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-18 11:47:01 +09:00
Ophestra	ea8f228af3	proc/priv/shim: merge shim into main program All checks were successful Build / Create distribution (push) Successful in 2m15s Details Test / Run NixOS test (push) Successful in 2m53s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 23:43:32 +09:00
Ophestra	16db3dabe2	internal: do PR_SET_PDEATHSIG once All checks were successful Build / Create distribution (push) Successful in 3m7s Details Test / Run NixOS test (push) Successful in 4m40s Details This prctl affects the entire process, doing it on every OS thread is pointless. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-17 23:08:46 +09:00
Ophestra	124743ffd3	app: expose single run method All checks were successful Tests / Go tests (push) Successful in 1m1s Details Nix / NixOS tests (push) Successful in 3m20s Details App is no longer just a simple [exec.Cmd] wrapper, so exposing these steps separately no longer makes sense and actually hinders proper error handling, cleanup and cancellation. This change removes the five-second wait when the shim dies before receiving the payload, and provides caller the ability to gracefully stop execution of the confined process. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-15 23:39:51 +09:00
Ophestra	562f5ed797	fst: hide sockets exposed via Filesystem All checks were successful Tests / Go tests (push) Successful in 40s Details Nix / NixOS tests (push) Successful in 2m49s Details This is mostly useful for permissive defaults. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-15 10:13:18 +09:00
Ophestra	6acd0d4e88	linux/std: handle fsu exit status 1 All checks were successful Tests / Go tests (push) Successful in 34s Details Nix / NixOS tests (push) Successful in 2m27s Details Printing "exit status 1" is confusing. This handles the ExitError and returns EACCES instead. Signed-off-by: Ophestra <cat@gensokyo.uk>	2025-01-01 21:34:57 +09:00
Ophestra	c4d6651cae	update reverse-DNS style identifiers All checks were successful Tests / Go tests (push) Successful in 1m6s Details Nix / NixOS tests (push) Successful in 4m11s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-31 16:16:38 +09:00
Ophestra	bf8094c6ca	internal: include path to fortify main program All checks were successful Tests / Go tests (push) Successful in 36s Details Nix / NixOS tests (push) Successful in 4m6s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-26 12:48:48 +09:00
Ophestra	9b206072fa	cmd/fshim: ensure data directory All checks were successful Tests / Go tests (push) Successful in 36s Details Nix / NixOS tests (push) Successful in 3m33s Details Ensuring home directory in shim causes the directory to be owned by the target user. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-28 14:39:01 +09:00
Ophestra	b9e2003d5b	app: ensure extra paths All checks were successful Tests / Go tests (push) Successful in 36s Details Nix / NixOS tests (push) Successful in 3m37s Details The primary use case for extra perms is app-specific state directories, which may or may not exist (first run of any app). Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-28 14:07:49 +09:00
Ophestra	847b667489	app: extra acl entries from configuration Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-28 13:23:27 +09:00
Ophestra	0107620d8c	app: merge share methods All checks were successful Tests / Go tests (push) Successful in 32s Details Nix / NixOS tests (push) Successful in 3m25s Details This significantly increases readability and makes order of ops more obvious. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-28 11:12:35 +09:00
Ophestra	1f173a469c	system/dbus: fix inverted system bus state All checks were successful Tests / Go tests (push) Successful in 33s Details Nix / NixOS tests (push) Successful in 3m38s Details Debug message and socket cleanup gets missed due to this value being inverted. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-27 18:38:11 +09:00
Ophestra	f608f28a6a	app: mount /dev/kvm in permissive defaults All checks were successful Tests / Go tests (push) Successful in 35s Details Nix / NixOS tests (push) Successful in 3m21s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-22 12:37:24 +09:00
Ophestra	cb98baa19d	fortify: clean up ps formatting code All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 3m1s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-21 20:34:40 +09:00
Ophestra	7a8b625a57	app: rename /fortify to /.fortify All checks were successful Tests / Go tests (push) Successful in 35s Details Nix / NixOS tests (push) Successful in 2m57s Details Also removed the inner share tmpfs mount. Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-21 18:11:32 +09:00
Ophestra	74fe74e6b5	app: do not fail on missing cookie All checks were successful Tests / Go tests (push) Successful in 40s Details Nix / NixOS tests (push) Successful in 2m55s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-21 17:56:21 +09:00
Ophestra	b9cc318314	system: implement Enablements String method All checks were successful Tests / Go tests (push) Successful in 40s Details Nix / NixOS tests (push) Successful in 3m9s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-20 23:21:19 +09:00
Ophestra	ed10574dea	state: store join util All checks were successful Tests / Go tests (push) Successful in 39s Details Nix / NixOS tests (push) Successful in 3m5s Details Signed-off-by: Ophestra <cat@gensokyo.uk>	2024-12-20 19:05:39 +09:00
Ophestra Umiker	df6fc298f6	migrate to git.gensokyo.uk/security/fortify All checks were successful Tests / Go tests (push) Successful in 2m55s Details Nix / NixOS tests (push) Successful in 5m10s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-20 00:20:02 +09:00
Ophestra Umiker	eae3034260	state: expose aids and use instance id as key All checks were successful Tests / Go tests (push) Successful in 39s Details Nix / NixOS tests (push) Successful in 3m26s Details Fortify state store instances was specific to aids due to outdated design decisions carried over from the ego rewrite. That no longer makes sense in the current application, so the interface now enables a single store object to manage all transient state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 21:36:17 +09:00
Ophestra Umiker	f796622c35	state: rename simple store implementation All checks were successful Tests / Go tests (push) Successful in 42s Details Nix / NixOS tests (push) Successful in 3m4s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:48:48 +09:00
Ophestra Umiker	5d25bee786	fortify: remove systemd check All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 3m3s Details This is no longer necessary as fortify no longer integrates with external user switchers. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-19 11:14:31 +09:00
Ophestra Umiker	52f21a19f3	cmd/fshim: switch to setup pipe All checks were successful Tests / Go tests (push) Successful in 38s Details Nix / NixOS tests (push) Successful in 5m43s Details The socket-based approach is no longer necessary as fsu allows extra files and sudo compatibility is no longer relevant. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 19:39:25 +09:00
Ophestra Umiker	7f29b37a32	proc: setup payload send Generic setup payload encoder adapted from fshim. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-12-18 17:20:01 +09:00

1 2 3 4 5 ...

258 Commits