9bc8532d56
container/initdev: mount tmpfs on shm for ro dev
...
Test / Create distribution (push) Successful in 26s
Test / Sandbox (push) Successful in 2m13s
Test / Hakurei (push) Successful in 2m51s
Test / Hpkg (push) Successful in 3m58s
Test / Sandbox (race detector) (push) Successful in 4m26s
Test / Hakurei (race detector) (push) Successful in 4m46s
Test / Flake checks (push) Successful in 1m26s
Programs expect /dev/shm to be a writable tmpfs.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-26 03:27:07 +09:00
07194c74cb
release: 0.2.0
...
Release / Create release (push) Successful in 39s
Test / Sandbox (push) Successful in 41s
Test / Hakurei (push) Successful in 1m9s
Test / Create distribution (push) Successful in 24s
Test / Hpkg (push) Successful in 1m10s
Test / Sandbox (race detector) (push) Successful in 4m5s
Test / Hakurei (race detector) (push) Successful in 5m12s
Test / Flake checks (push) Successful in 1m31s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-26 02:23:59 +09:00
4cf694d2b3
hst: use hsu userid for share path suffix
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m8s
Test / Hakurei (push) Successful in 3m11s
Test / Hpkg (push) Successful in 4m8s
Test / Sandbox (race detector) (push) Successful in 4m31s
Test / Hakurei (race detector) (push) Successful in 5m8s
Test / Flake checks (push) Successful in 1m25s
The privileged user is identifier to hakurei through its hsu userid. Using the kernel uid here makes little sense and is a leftover design choice from before hsu was implemented.
Closes #7 .
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-26 02:16:33 +09:00
c9facb746b
hst/config: remove data field, rename dir to home
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m13s
Test / Hakurei (push) Successful in 3m10s
Test / Hpkg (push) Successful in 4m5s
Test / Sandbox (race detector) (push) Successful in 4m27s
Test / Hakurei (race detector) (push) Successful in 5m7s
Test / Flake checks (push) Successful in 1m28s
There is no reason to give the home directory special treatment, as this behaviour can be quite confusing. The home directory also does not necessarily require its own mount point, it could be provided by a parent or simply be ephemeral.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-26 00:56:10 +09:00
878b66022e
hst/fsbind: optional ensure source
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m18s
Test / Hakurei (push) Successful in 3m22s
Test / Hpkg (push) Successful in 4m17s
Test / Sandbox (race detector) (push) Successful in 5m33s
Test / Hakurei (race detector) (push) Successful in 3m1s
Test / Flake checks (push) Successful in 1m29s
This exposes the BindEnsure flag of BindMountOp.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-26 00:50:23 +09:00
2e0a4795f6
container/initbind: optional ensure host directory
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m19s
Test / Hakurei (push) Successful in 3m15s
Test / Hpkg (push) Successful in 4m19s
Test / Sandbox (race detector) (push) Successful in 4m34s
Test / Hakurei (race detector) (push) Successful in 5m11s
Test / Flake checks (push) Successful in 1m46s
This is used for ensuring persistent data directories specific to the container.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-26 00:44:45 +09:00
c328b584c0
hst/fslink: improve string representation
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m7s
Test / Hakurei (push) Successful in 3m14s
Test / Hpkg (push) Successful in 4m1s
Test / Sandbox (race detector) (push) Successful in 4m29s
Test / Hakurei (race detector) (push) Successful in 5m9s
Test / Flake checks (push) Successful in 1m25s
This shortens the representation of most common use cases and generally improves readability.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 22:52:48 +09:00
9585b35d5b
hst/config: remove symlink field
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m15s
Test / Hpkg (push) Successful in 4m10s
Test / Sandbox (race detector) (push) Successful in 4m27s
Test / Hakurei (race detector) (push) Successful in 5m12s
Test / Hakurei (push) Successful in 2m11s
Test / Flake checks (push) Successful in 1m29s
Closes #6 .
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 22:23:54 +09:00
26cafe3e80
hst/fs: implement link fstype
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m16s
Test / Hpkg (push) Successful in 4m8s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 5m9s
Test / Hakurei (push) Successful in 2m31s
Test / Flake checks (push) Successful in 1m40s
Symlinks do not require special treatment, and doing this allows placing links in order.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 21:57:38 +09:00
125f150784
hst/fs: update doc comments
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m18s
Test / Hakurei (push) Successful in 3m22s
Test / Hpkg (push) Successful in 4m15s
Test / Sandbox (race detector) (push) Successful in 4m34s
Test / Hakurei (race detector) (push) Successful in 5m14s
Test / Flake checks (push) Successful in 1m32s
The Type method no longer exists on the interface. Update doc comments to reflect that.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 21:11:39 +09:00
0dcac55a0c
hst/config: remove container etc field
...
Test / Create distribution (push) Successful in 36s
Test / Sandbox (push) Successful in 2m25s
Test / Hakurei (push) Successful in 3m18s
Test / Hpkg (push) Successful in 4m14s
Test / Sandbox (race detector) (push) Successful in 4m32s
Test / Hakurei (race detector) (push) Successful in 5m19s
Test / Flake checks (push) Successful in 1m29s
This no longer needs special treatment since it can be specified as a generic filesystem entry.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 19:24:33 +09:00
6d202d73b4
hst/fsbind: optional autoetc behaviour
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m18s
Test / Hpkg (push) Successful in 4m9s
Test / Sandbox (race detector) (push) Successful in 4m31s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Hakurei (push) Successful in 2m24s
Test / Flake checks (push) Successful in 1m29s
This generalises the special field allowing any special behaviour to be matched from target.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 18:38:19 +09:00
1438096339
hst/config: handle filesystem entry targeting root
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m20s
Test / Hpkg (push) Successful in 4m2s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Hakurei (push) Successful in 2m10s
Test / Flake checks (push) Successful in 1m24s
This allows any fstype supported by hst to be directly mounted on sysroot. A special case in internal/app applies the matching entry early and excludes it from path hiding.
Closes #5 .
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 17:52:57 +09:00
059164d4fa
hst/fsbind: optional autoroot behaviour
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m17s
Test / Hakurei (push) Successful in 3m10s
Test / Hpkg (push) Successful in 4m9s
Test / Sandbox (race detector) (push) Successful in 4m33s
Test / Hakurei (race detector) (push) Successful in 5m9s
Test / Flake checks (push) Successful in 1m23s
This allows autoroot to be configured via Filesystem.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 17:44:12 +09:00
8db906ee64
container/dispatcher: remove exit stub test log
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m18s
Test / Hakurei (push) Successful in 3m15s
Test / Hpkg (push) Successful in 4m1s
Test / Sandbox (race detector) (push) Successful in 4m30s
Test / Hakurei (race detector) (push) Successful in 5m11s
Test / Flake checks (push) Successful in 1m30s
Turns out testing.T does not like being called in defer.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 17:33:35 +09:00
cedfceded5
container/autoroot: remove prefix field
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m9s
Test / Hakurei (push) Successful in 3m12s
Test / Hpkg (push) Successful in 4m14s
Test / Sandbox (race detector) (push) Successful in 5m23s
Test / Hakurei (race detector) (push) Successful in 3m2s
Test / Flake checks (push) Successful in 1m23s
This field has been a noop for a long time. Remove it to prevent further confusion.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 03:39:20 +09:00
33d2dcce1b
container/initoverlay: internal bypass sysroot prefix
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m7s
Test / Hakurei (push) Successful in 3m12s
Test / Hpkg (push) Successful in 4m3s
Test / Sandbox (race detector) (push) Successful in 4m31s
Test / Hakurei (race detector) (push) Successful in 5m7s
Test / Flake checks (push) Successful in 1m23s
This is for supporting overlay mounts for autoroot.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-25 02:42:22 +09:00
2baa2d7063
container/init: measure init behaviour
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m12s
Test / Hakurei (push) Successful in 3m17s
Test / Hpkg (push) Successful in 4m13s
Test / Sandbox (race detector) (push) Successful in 4m33s
Test / Hakurei (race detector) (push) Successful in 5m8s
Test / Flake checks (push) Successful in 1m25s
This used to be entirely done via integration tests, with almost no hope of error injection and coverage profile. These tests significantly increase confidence of future work in this area.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-24 04:52:32 +09:00
0166833431
container/dispatcher: start goroutine in dispatcher
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m13s
Test / Hpkg (push) Successful in 4m1s
Test / Sandbox (race detector) (push) Successful in 4m28s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Hakurei (push) Successful in 2m24s
Test / Flake checks (push) Successful in 1m38s
This allows instrumentation of calls from goroutine without relying on finalizers.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-23 21:58:40 +09:00
b3da3da525
container/init: avoid multiple lastcap calls
...
Test / Create distribution (push) Successful in 37s
Test / Sandbox (push) Successful in 2m19s
Test / Hakurei (push) Successful in 3m24s
Test / Hpkg (push) Successful in 4m18s
Test / Sandbox (race detector) (push) Successful in 4m27s
Test / Hakurei (race detector) (push) Successful in 5m14s
Test / Flake checks (push) Successful in 1m19s
This reduces the size of []kexpect in the test suite.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-23 11:09:11 +09:00
1b3902df78
container/dispatcher: instrument each goroutine individually
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 44s
Test / Hakurei (push) Successful in 2m33s
Test / Sandbox (race detector) (push) Successful in 2m35s
Test / Hakurei (race detector) (push) Successful in 3m25s
Test / Hpkg (push) Successful in 3m41s
Test / Flake checks (push) Successful in 1m30s
Scheduler nondeterminism cannot be accounted for, so do this instead.
There should not be any performance penalty as these calls are optimised out for direct.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-23 11:07:16 +09:00
ea1e3ebae9
container/params: pass fd instead of file
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m9s
Test / Hakurei (push) Successful in 3m9s
Test / Hpkg (push) Successful in 4m12s
Test / Sandbox (race detector) (push) Successful in 4m29s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Flake checks (push) Successful in 1m29s
The file is very difficult to stub. Pass fd instead as it is the value that is actually useful.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-23 00:16:46 +09:00
1c692bfb79
container/init: call lockOSThread through dispatcher
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m8s
Test / Hpkg (push) Successful in 4m6s
Test / Sandbox (race detector) (push) Successful in 4m31s
Test / Hakurei (race detector) (push) Successful in 5m5s
Test / Hakurei (push) Successful in 2m8s
Test / Flake checks (push) Successful in 1m20s
This degrades test performance if not stubbed out.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-22 22:24:14 +09:00
141a18999f
container: move integration test helpers
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m13s
Test / Hpkg (push) Successful in 4m1s
Test / Sandbox (race detector) (push) Successful in 4m42s
Test / Hakurei (race detector) (push) Successful in 5m8s
Test / Hakurei (push) Successful in 42s
Test / Flake checks (push) Successful in 1m38s
With the new instrumentation it is now possible to run init code outside integration tests.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-22 22:07:19 +09:00
afe23600d2
container/path: use syscall dispatcher
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m8s
Test / Hakurei (push) Successful in 3m14s
Test / Hpkg (push) Successful in 4m8s
Test / Sandbox (race detector) (push) Successful in 4m26s
Test / Hakurei (race detector) (push) Successful in 43s
Test / Flake checks (push) Successful in 1m39s
This allows path and mount functions to be instrumented.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-22 22:02:21 +09:00
09d2844981
container/init: wrap syscall helper functions
...
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m7s
Test / Hakurei (push) Successful in 3m8s
Test / Hpkg (push) Successful in 3m59s
Test / Sandbox (race detector) (push) Successful in 4m26s
Test / Hakurei (race detector) (push) Successful in 5m6s
Test / Flake checks (push) Successful in 1m26s
This allows tests to stub all kernel behaviour, enabling measurement of all function call arguments and error injection.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-22 19:27:31 +09:00
d500d6e559
system/dbus: share host net ns for abstract
...
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m5s
Test / Hakurei (push) Successful in 3m3s
Test / Hpkg (push) Successful in 4m3s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 4m58s
Test / Flake checks (push) Successful in 1m19s
Host abstract unix sockets are only accessible when also in the init net ns.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-21 21:55:23 +09:00
5b73316ae0
container/syscall: doc comments from manpages
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m10s
Test / Hakurei (push) Successful in 3m9s
Test / Hpkg (push) Successful in 4m0s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 4m58s
Test / Flake checks (push) Successful in 1m25s
These are pulled straight from the manpages.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-21 00:33:46 +09:00
5d8a2199b6
container/init: op interface valid method
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m10s
Test / Hakurei (push) Successful in 3m12s
Test / Hpkg (push) Successful in 3m58s
Test / Sandbox (race detector) (push) Successful in 4m19s
Test / Hakurei (race detector) (push) Successful in 4m57s
Test / Flake checks (push) Successful in 1m25s
Check ops early and eliminate duplicate checks.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-21 00:18:50 +09:00
a1482ecdd0
container/inittmpfs: check path equivalence by value
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m10s
Test / Hakurei (push) Successful in 3m5s
Test / Hpkg (push) Successful in 4m2s
Test / Sandbox (race detector) (push) Successful in 4m21s
Test / Hakurei (race detector) (push) Successful in 4m57s
Test / Flake checks (push) Successful in 1m19s
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 20:17:28 +09:00
a07f9ed84c
container/initsymlink: check path equivalence by value
...
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m4s
Test / Hakurei (push) Successful in 3m3s
Test / Hpkg (push) Successful in 4m2s
Test / Sandbox (race detector) (push) Successful in 4m22s
Test / Hakurei (race detector) (push) Successful in 4m59s
Test / Flake checks (push) Successful in 1m19s
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 20:03:02 +09:00
51304b03af
container/initremount: check path equivalence by value
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m11s
Test / Hakurei (push) Successful in 3m5s
Test / Hpkg (push) Successful in 4m6s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 5m3s
Test / Flake checks (push) Successful in 1m19s
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 19:55:51 +09:00
c6397b941f
container/initproc: check path equivalence by value
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m10s
Test / Hakurei (push) Successful in 3m10s
Test / Hpkg (push) Successful in 4m8s
Test / Sandbox (race detector) (push) Successful in 4m26s
Test / Hakurei (race detector) (push) Successful in 4m58s
Test / Flake checks (push) Successful in 1m19s
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 19:29:45 +09:00
d65e5f817a
container/initplace: check path equivalence by value
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m25s
Test / Hakurei (push) Successful in 3m6s
Test / Hpkg (push) Successful in 4m5s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 5m1s
Test / Flake checks (push) Successful in 1m19s
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 19:19:27 +09:00
696e593898
container/initoverlay: check path equivalence by value
...
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m4s
Test / Hakurei (push) Successful in 3m7s
Test / Hpkg (push) Successful in 4m7s
Test / Sandbox (race detector) (push) Successful in 4m27s
Test / Hakurei (race detector) (push) Successful in 4m56s
Test / Flake checks (push) Successful in 1m19s
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 17:33:15 +09:00
97ab24feef
container/init: use absolute compare method
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m9s
Test / Hakurei (push) Successful in 3m3s
Test / Hpkg (push) Successful in 4m4s
Test / Sandbox (race detector) (push) Successful in 4m25s
Test / Hakurei (race detector) (push) Successful in 4m59s
Test / Flake checks (push) Successful in 1m19s
More checks are also added.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 17:14:36 +09:00
31f0dd36df
absolute: efficient equivalence check method
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m16s
Test / Hakurei (push) Successful in 3m3s
Test / Hpkg (push) Successful in 3m53s
Test / Sandbox (race detector) (push) Successful in 4m16s
Test / Hakurei (race detector) (push) Successful in 4m58s
Test / Flake checks (push) Successful in 1m20s
This is more efficient and makes the call site cleaner.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 17:06:38 +09:00
9aec2f46fe
container/initdev: check path equivalence by value
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m9s
Test / Hakurei (push) Successful in 3m5s
Test / Hpkg (push) Successful in 4m3s
Test / Sandbox (race detector) (push) Successful in 4m20s
Test / Hakurei (race detector) (push) Successful in 5m2s
Test / Flake checks (push) Successful in 1m28s
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 02:55:45 +09:00
022cc26b2e
container/capability: check CAP_TO_INDEX and CAP_TO_MASK
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m14s
Test / Hakurei (push) Successful in 3m18s
Test / Hpkg (push) Successful in 4m6s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 5m2s
Test / Flake checks (push) Successful in 1m27s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 02:45:00 +09:00
b4c018da8f
container/autoetc: do not bypass absolute check
...
Test / Create distribution (push) Successful in 35s
Test / Sandbox (push) Successful in 2m23s
Test / Hakurei (push) Successful in 3m14s
Test / Hpkg (push) Successful in 4m7s
Test / Sandbox (race detector) (push) Successful in 4m31s
Test / Hakurei (race detector) (push) Successful in 5m3s
Test / Flake checks (push) Successful in 1m27s
This can now be done cleanly via path function wrappers.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 02:37:11 +09:00
66f52407d3
container/initmkdir: check path equivalence by value
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m7s
Test / Hakurei (push) Successful in 3m14s
Test / Hpkg (push) Successful in 3m59s
Test / Sandbox (race detector) (push) Successful in 4m27s
Test / Hakurei (race detector) (push) Successful in 5m1s
Test / Flake checks (push) Successful in 1m39s
Fixes regression introduced while integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 02:32:22 +09:00
e463faf649
container/initbind: check path equivalence by value
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m11s
Test / Hpkg (push) Successful in 4m6s
Test / Sandbox (race detector) (push) Successful in 4m23s
Test / Hakurei (race detector) (push) Successful in 5m2s
Test / Hakurei (push) Successful in 2m21s
Test / Flake checks (push) Successful in 1m29s
Same problem as autoroot, never updated the checks after integrating Absolute.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 02:22:04 +09:00
375acb476d
container/autoroot: check host path equivalence by value
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m21s
Test / Hakurei (push) Successful in 3m8s
Test / Hpkg (push) Successful in 4m12s
Test / Sandbox (race detector) (push) Successful in 4m25s
Test / Hakurei (race detector) (push) Successful in 5m1s
Test / Flake checks (push) Successful in 1m28s
This will never return true otherwise unless the equivalent paths happen to be interned by the caller.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 02:14:39 +09:00
c81c9a9d75
container/init: split setup ops into individual files
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m13s
Test / Hakurei (push) Successful in 3m9s
Test / Hpkg (push) Successful in 4m14s
Test / Sandbox (race detector) (push) Successful in 4m32s
Test / Hakurei (race detector) (push) Successful in 5m4s
Test / Flake checks (push) Successful in 1m27s
This significantly increases readability.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 01:28:31 +09:00
339e4080dc
container/ops: move Op type to init file
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m17s
Test / Hakurei (push) Successful in 3m9s
Test / Hpkg (push) Successful in 4m8s
Test / Sandbox (race detector) (push) Successful in 4m22s
Test / Hakurei (race detector) (push) Successful in 5m2s
Test / Flake checks (push) Successful in 1m28s
This helps with the eventual separation of all setup ops into individual files.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 01:11:24 +09:00
e0533aaa68
container/autoroot: filter dentry with empty name
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m12s
Test / Hakurei (push) Successful in 3m5s
Test / Hpkg (push) Successful in 4m9s
Test / Sandbox (race detector) (push) Successful in 4m24s
Test / Hakurei (race detector) (push) Successful in 5m1s
Test / Flake checks (push) Successful in 1m28s
This is unreachable, but nice to have just in case.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 01:03:49 +09:00
13c7083bc0
container: ptrace protection via Yama LSM
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 40s
Test / Sandbox (race detector) (push) Successful in 41s
Test / Hakurei (push) Successful in 44s
Test / Hpkg (push) Successful in 41s
Test / Hakurei (race detector) (push) Successful in 1m49s
Test / Flake checks (push) Successful in 1m23s
This is only a nice to have feature as the init process has no additional privileges and the monitor process was never reachable anyway.
Closes #4 .
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-20 00:43:55 +09:00
6947ff04e0
system/dbus/proc: host abstract only when not binding
...
Test / Create distribution (push) Successful in 33s
Test / Sandbox (push) Successful in 2m12s
Test / Hakurei (push) Successful in 3m7s
Test / Hpkg (push) Successful in 3m58s
Test / Sandbox (race detector) (push) Successful in 4m20s
Test / Hakurei (race detector) (push) Successful in 5m4s
Test / Flake checks (push) Successful in 1m30s
The test failure seems to be caused by an unrelated bug in xdg-dbus-proxy.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-19 23:39:14 +09:00
140fe21237
container/params: check setup/receive behaviour
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m16s
Test / Hpkg (push) Successful in 4m9s
Test / Sandbox (race detector) (push) Successful in 4m20s
Test / Hakurei (race detector) (push) Successful in 5m1s
Test / Hakurei (push) Successful in 2m7s
Test / Flake checks (push) Successful in 1m22s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-18 22:30:34 +09:00
f52d2c7db6
container/path: check create and mountinfo helpers
...
Test / Create distribution (push) Successful in 34s
Test / Sandbox (push) Successful in 2m11s
Test / Hakurei (push) Successful in 3m7s
Test / Hpkg (push) Successful in 4m4s
Test / Sandbox (race detector) (push) Successful in 4m28s
Test / Hakurei (race detector) (push) Successful in 5m3s
Test / Flake checks (push) Successful in 1m25s
These can quite easily be checked within the framework. The scanner fault injection might require updating at some point if the implementation changes.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-08-18 21:30:28 +09:00
