d2f9a9b83b
treewide: migrate to hakurei.app
...
Test / Create distribution (push) Successful in 24s
Test / Sandbox (push) Successful in 46s
Test / Hakurei (push) Successful in 2m9s
Test / Sandbox (race detector) (push) Successful in 3m14s
Test / Planterette (push) Successful in 3m41s
Test / Hakurei (race detector) (push) Successful in 3m40s
Test / Flake checks (push) Successful in 1m18s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-03 03:30:39 +09:00
1b5ecd9eaf
container: move out of toplevel
...
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 1m52s
Test / Sandbox (race detector) (push) Successful in 3m14s
Test / Planterette (push) Successful in 3m36s
Test / Hakurei (race detector) (push) Successful in 4m31s
Test / Hakurei (push) Successful in 2m3s
Test / Flake checks (push) Successful in 1m13s
This allows slightly easier use of the vanity url. This also provides some disambiguation between low level containers and hakurei app containers.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-03 02:59:43 +09:00
eec021cc4b
hakurei: move container helpers toplevel
...
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 2m1s
Test / Hakurei (push) Successful in 2m52s
Test / Sandbox (race detector) (push) Successful in 3m8s
Test / Planterette (push) Successful in 3m32s
Test / Hakurei (race detector) (push) Successful in 4m27s
Test / Flake checks (push) Successful in 1m9s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-02 21:31:29 +09:00
a1d98823f8
hakurei: move container toplevel
...
Test / Create distribution (push) Successful in 31s
Test / Sandbox (push) Successful in 1m55s
Test / Hakurei (push) Successful in 2m47s
Test / Sandbox (race detector) (push) Successful in 3m16s
Test / Planterette (push) Successful in 3m32s
Test / Hakurei (race detector) (push) Successful in 4m25s
Test / Flake checks (push) Successful in 1m9s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-02 21:23:55 +09:00
31aef905fa
sandbox: expose seccomp interface
...
Test / Create distribution (push) Successful in 31s
Test / Sandbox (push) Successful in 1m59s
Test / Hakurei (push) Successful in 2m47s
Test / Sandbox (race detector) (push) Successful in 3m11s
Test / Planterette (push) Successful in 3m34s
Test / Hakurei (race detector) (push) Successful in 4m22s
Test / Flake checks (push) Successful in 1m8s
There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-07-02 04:47:13 +09:00
87e008d56d
treewide: rename to hakurei
...
Test / Create distribution (push) Successful in 43s
Test / Sandbox (push) Successful in 2m18s
Test / Hakurei (push) Successful in 3m10s
Test / Sandbox (race detector) (push) Successful in 3m30s
Test / Hakurei (race detector) (push) Successful in 4m43s
Test / Fpkg (push) Successful in 5m4s
Test / Flake checks (push) Successful in 1m12s
Fortify makes little sense for a container tool.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-06-25 04:57:41 +09:00
24618ab9a1
sandbox: move out of internal
...
Test / Create distribution (push) Successful in 18s
Test / Fpkg (push) Successful in 2m40s
Test / Data race detector (push) Successful in 3m13s
Test / Fortify (push) Successful in 3m1s
Test / Flake checks (push) Successful in 51s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 02:55:36 +09:00
bc54db54d2
ldd: always copy stderr
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m30s
Test / Fpkg (push) Successful in 3m34s
Test / Data race detector (push) Successful in 3m55s
Test / Flake checks (push) Successful in 53s
Dropping the buffer on success is unhelpful and could hide some useful information.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 00:08:00 +09:00
bf07b7cd9e
ldd: mount /proc in container
...
Test / Create distribution (push) Successful in 25s
Test / Fpkg (push) Successful in 3m45s
Test / Data race detector (push) Successful in 4m0s
Test / Fortify (push) Successful in 1m54s
Test / Flake checks (push) Successful in 53s
This covers host /proc.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-17 00:01:03 +09:00
48feca800f
sandbox: check command function pointer
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m37s
Test / Fpkg (push) Successful in 3m25s
Test / Data race detector (push) Successful in 3m59s
Test / Flake checks (push) Successful in 55s
Setting default CommandContext on initialisation is somewhat of a footgun.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-16 23:29:14 +09:00
273d97af85
ldd: lib paths resolve function
...
Test / Create distribution (push) Successful in 24s
Test / Fortify (push) Successful in 2m37s
Test / Fpkg (push) Successful in 3m37s
Test / Data race detector (push) Successful in 3m50s
Test / Flake checks (push) Successful in 56s
This is what always happens right after a ldd call, so implement it here.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-16 01:20:09 +09:00
4bb5d9780f
ldd: run in native sandbox
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m27s
Test / Fpkg (push) Successful in 3m22s
Test / Data race detector (push) Successful in 3m43s
Test / Flake checks (push) Successful in 48s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-14 17:55:55 +09:00
d22145a392
ldd: handle musl static behaviour
...
Test / Create distribution (push) Successful in 28s
Test / Fortify (push) Successful in 2m36s
Test / Fpkg (push) Successful in 3m24s
Test / Data race detector (push) Successful in 3m32s
Test / Flake checks (push) Successful in 50s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-12 23:29:43 +09:00
39dc8e7bd8
dbus: set process group id
...
Test / Create distribution (push) Successful in 25s
Test / Fortify (push) Successful in 2m18s
Test / Data race detector (push) Successful in 3m11s
Test / Flake checks (push) Successful in 40s
This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-25 18:12:41 +09:00
dccb366608
ldd: handle behaviour on static executable
...
Test / Create distribution (push) Successful in 25s
Test / Run NixOS test (push) Successful in 3m27s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 18:02:33 +09:00
83c8f0488b
ldd: pass absolute path to bwrap
...
Test / Create distribution (push) Successful in 27s
Test / Run NixOS test (push) Successful in 3m31s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-23 17:46:22 +09:00
fe7d208cf7
helper: use generic extra files interface
...
Test / Create distribution (push) Successful in 1m38s
Test / Run NixOS test (push) Successful in 4m36s
This replaces the pipes object and integrates context into helper process lifecycle.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-13 23:34:15 +09:00
5a64cdaf4f
ldd: enable syscall filter
...
Build / Create distribution (push) Successful in 1m55s
Test / Run NixOS test (push) Successful in 4m6s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-22 02:00:49 +09:00
9a239fa1a5
helper/bwrap: integrate seccomp into helper interface
...
Build / Create distribution (push) Successful in 1m36s
Test / Run NixOS test (push) Successful in 3m40s
This makes API usage much cleaner, and encapsulates all bwrap arguments in argsWt.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-22 01:52:57 +09:00
2f70506865
helper/bwrap: move sync to helper state
...
Build / Create distribution (push) Successful in 1m25s
Test / Run NixOS test (push) Successful in 3m33s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-19 18:38:13 +09:00
b956ce4052
ldd: trim leading and trailing white spaces from name
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m31s
Glibc emits ldd output with \t prefix for formatting. Remove that here.
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 16:53:01 +09:00
ade57c39af
ldd: add fhs glibc test case
...
Tests / Go tests (push) Successful in 33s
Nix / NixOS tests (push) Successful in 3m34s
Signed-off-by: Ophestra <cat@gensokyo.uk>
2024-12-26 16:33:02 +09:00
df6fc298f6
migrate to git.gensokyo.uk/security/fortify
...
Tests / Go tests (push) Successful in 2m55s
Nix / NixOS tests (push) Successful in 5m10s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-12-20 00:20:02 +09:00
4b7b899bb3
add package doc comments
...
test / test (push) Successful in 19s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-28 20:57:59 +09:00
65af1684e3
migrate to git.ophivana.moe/security/fortify
...
test / test (push) Successful in 14s
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-20 19:50:13 +09:00
73a698c7cb
ldd: run ldd with read-only filesystem and unshared net
...
This is only called on trusted programs, however extra hardening is never a bad idea.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-17 15:37:27 +09:00
d41b9d2d9c
ldd: separate Parse from Exec and trim space
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-09 23:51:15 +09:00
6232291cae
ldd: implement strict ldd output parser
...
Fortify needs to internally resolve helper program sandbox config. They are considered trusted and runs under the privileged UID so ldd output is used to determine libraries they need inside the sandbox environment.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-09 20:39:27 +09:00
