security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity
564 Commits 3 Branches 11 Tags
9953768de5179ac0079721fbb33912519c645109
Commit Graph

11 Commits

Author SHA1 Message Date
Ophestra
e599b5583d fmsg: implement suspend in writer
All checks were successful
Test / Create distribution (push) Successful in 24s
Details
Test / Run NixOS test (push) Successful in 2m18s
Details 
This removes the requirement to call fmsg.Exit on every exit path, and enables direct use of the "log" package. However, fmsg.BeforeExit is still encouraged when possible to catch exit on suspended output.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-16 18:51:53 +09:00
Ophestra
ace97952cc helper/bwrap: merge Args and FDArgs
All checks were successful
Test / Create distribution (push) Successful in 1m13s
Details
Test / Run NixOS test (push) Successful in 4m34s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-14 18:13:06 +09:00
Ophestra
fe7d208cf7 helper: use generic extra files interface
All checks were successful
Test / Create distribution (push) Successful in 1m38s
Details
Test / Run NixOS test (push) Successful in 4m36s
Details 
This replaces the pipes object and integrates context into helper process lifecycle.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-02-13 23:34:15 +09:00
Ophestra Umiker
df6fc298f6 migrate to git.gensokyo.uk/security/fortify
All checks were successful
Tests / Go tests (push) Successful in 2m55s
Details
Nix / NixOS tests (push) Successful in 5m10s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-12-20 00:20:02 +09:00
Ophestra Umiker
ae1a102882 fmsg: support temporarily withholding output
All checks were successful
test / test (push) Successful in 31s
Details 
Trying to print to a shared stdout is a terrible idea. This change makes it possible to withhold output for the lifetime of the sandbox.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-26 23:09:32 +09:00
Ophestra Umiker
65af1684e3 migrate to git.ophivana.moe/security/fortify
All checks were successful
test / test (push) Successful in 14s
Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-20 19:50:13 +09:00
Ophestra Umiker
c201c30c7f helper/bwrap: check args only for internal tests 
Tests internal to the helper package sets crash-test-dummy as the command whenever a launch is expected to go through, and the hardcoded args are only valid for internal tests, so this characteristic is used here to exclude external tests that pass real program names and custom bwrap configurations.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-09 00:21:31 +09:00
Ophestra Umiker
7c7999e9e5 helper: implementation of helper.Helper using bwrap 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-08 18:02:38 +09:00
Ophestra Umiker
9647eb6a6b helper: separate pipes from Helper 
Upcoming bwrap helper implementation requires two sets of pipes to be managed, fd will also no longer be constant.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-07 12:48:20 +09:00
Ophestra Umiker
18d9ce733e helper: test non-existent helpers 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-06 16:00:59 +09:00
Ophestra Umiker
7e7327ebf8 helper: export internal stub functions for cross-package testing 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-29 15:22:35 +09:00