security/hakurei
security/hakurei
6
3
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 7 Wiki Activity
1,112 Commits 3 Branches 7 Tags
Commit Graph

387 Commits

Author SHA1 Message Date
Ophestra
9bc8532d56
container/initdev: mount tmpfs on shm for ro dev
All checks were successful
Test / Create distribution (push) Successful in 26s
Details
Test / Sandbox (push) Successful in 2m13s
Details
Test / Hakurei (push) Successful in 2m51s
Details
Test / Hpkg (push) Successful in 3m58s
Details
Test / Sandbox (race detector) (push) Successful in 4m26s
Details
Test / Hakurei (race detector) (push) Successful in 4m46s
Details
Test / Flake checks (push) Successful in 1m26s
Details 
Programs expect /dev/shm to be a writable tmpfs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 03:27:07 +09:00
Ophestra
4cf694d2b3
hst: use hsu userid for share path suffix
All checks were successful
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (push) Successful in 2m8s
Details
Test / Hakurei (push) Successful in 3m11s
Details
Test / Hpkg (push) Successful in 4m8s
Details
Test / Sandbox (race detector) (push) Successful in 4m31s
Details
Test / Hakurei (race detector) (push) Successful in 5m8s
Details
Test / Flake checks (push) Successful in 1m25s
Details 
The privileged user is identifier to hakurei through its hsu userid. Using the kernel uid here makes little sense and is a leftover design choice from before hsu was implemented.

Closes #7.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 02:16:33 +09:00
Ophestra
c9facb746b
hst/config: remove data field, rename dir to home
All checks were successful
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (push) Successful in 2m13s
Details
Test / Hakurei (push) Successful in 3m10s
Details
Test / Hpkg (push) Successful in 4m5s
Details
Test / Sandbox (race detector) (push) Successful in 4m27s
Details
Test / Hakurei (race detector) (push) Successful in 5m7s
Details
Test / Flake checks (push) Successful in 1m28s
Details 
There is no reason to give the home directory special treatment, as this behaviour can be quite confusing. The home directory also does not necessarily require its own mount point, it could be provided by a parent or simply be ephemeral.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-26 00:56:10 +09:00
Ophestra
9585b35d5b
hst/config: remove symlink field
All checks were successful
Test / Create distribution (push) Successful in 35s
Details
Test / Sandbox (push) Successful in 2m15s
Details
Test / Hpkg (push) Successful in 4m10s
Details
Test / Sandbox (race detector) (push) Successful in 4m27s
Details
Test / Hakurei (race detector) (push) Successful in 5m12s
Details
Test / Hakurei (push) Successful in 2m11s
Details
Test / Flake checks (push) Successful in 1m29s
Details 
Closes #6.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 22:23:54 +09:00
Ophestra
0dcac55a0c
hst/config: remove container etc field
All checks were successful
Test / Create distribution (push) Successful in 36s
Details
Test / Sandbox (push) Successful in 2m25s
Details
Test / Hakurei (push) Successful in 3m18s
Details
Test / Hpkg (push) Successful in 4m14s
Details
Test / Sandbox (race detector) (push) Successful in 4m32s
Details
Test / Hakurei (race detector) (push) Successful in 5m19s
Details
Test / Flake checks (push) Successful in 1m29s
Details 
This no longer needs special treatment since it can be specified as a generic filesystem entry.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 19:24:33 +09:00
Ophestra
6d202d73b4
hst/fsbind: optional autoetc behaviour
All checks were successful
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (push) Successful in 2m18s
Details
Test / Hpkg (push) Successful in 4m9s
Details
Test / Sandbox (race detector) (push) Successful in 4m31s
Details
Test / Hakurei (race detector) (push) Successful in 5m6s
Details
Test / Hakurei (push) Successful in 2m24s
Details
Test / Flake checks (push) Successful in 1m29s
Details 
This generalises the special field allowing any special behaviour to be matched from target.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 18:38:19 +09:00
Ophestra
1438096339
hst/config: handle filesystem entry targeting root
All checks were successful
Test / Create distribution (push) Successful in 35s
Details
Test / Sandbox (push) Successful in 2m20s
Details
Test / Hpkg (push) Successful in 4m2s
Details
Test / Sandbox (race detector) (push) Successful in 4m24s
Details
Test / Hakurei (race detector) (push) Successful in 5m6s
Details
Test / Hakurei (push) Successful in 2m10s
Details
Test / Flake checks (push) Successful in 1m24s
Details 
This allows any fstype supported by hst to be directly mounted on sysroot. A special case in internal/app applies the matching entry early and excludes it from path hiding.

Closes #5.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 17:52:57 +09:00
Ophestra
cedfceded5
container/autoroot: remove prefix field
All checks were successful
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (push) Successful in 2m9s
Details
Test / Hakurei (push) Successful in 3m12s
Details
Test / Hpkg (push) Successful in 4m14s
Details
Test / Sandbox (race detector) (push) Successful in 5m23s
Details
Test / Hakurei (race detector) (push) Successful in 3m2s
Details
Test / Flake checks (push) Successful in 1m23s
Details 
This field has been a noop for a long time. Remove it to prevent further confusion.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-25 03:39:20 +09:00
Ophestra
a3988c1a77
hst: rename net and abstract fields
All checks were successful
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (push) Successful in 2m12s
Details
Test / Hakurei (push) Successful in 3m8s
Details
Test / Hpkg (push) Successful in 4m2s
Details
Test / Sandbox (race detector) (push) Successful in 4m25s
Details
Test / Hakurei (race detector) (push) Successful in 5m3s
Details
Test / Flake checks (push) Successful in 1m22s
Details 
This makes more sense and matches the container library.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 16:48:01 +09:00
Clayton Gilmer
5db0714072
container: optionally isolate host abstract UNIX domain sockets via landlock
All checks were successful
Test / Create distribution (pull_request) Successful in 33s
Details
Test / Sandbox (pull_request) Successful in 2m10s
Details
Test / Hpkg (pull_request) Successful in 4m1s
Details
Test / Sandbox (race detector) (pull_request) Successful in 4m19s
Details
Test / Hakurei (pull_request) Successful in 4m55s
Details
Test / Hakurei (race detector) (pull_request) Successful in 5m0s
Details
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (race detector) (push) Successful in 44s
Details
Test / Sandbox (push) Successful in 44s
Details
Test / Hakurei (push) Successful in 47s
Details
Test / Hakurei (race detector) (push) Successful in 47s
Details
Test / Hpkg (push) Successful in 45s
Details
Test / Flake checks (pull_request) Successful in 1m47s
Details
Test / Flake checks (push) Successful in 1m36s
Details
2025-08-18 16:28:14 +09:00
Ophestra
83a1c75f1a
app: set up acl on X11 socket
All checks were successful
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m9s
Details
Test / Hakurei (push) Successful in 3m22s
Details
Test / Sandbox (race detector) (push) Successful in 4m26s
Details
Test / Hpkg (push) Successful in 4m25s
Details
Test / Hakurei (race detector) (push) Successful in 43s
Details
Test / Flake checks (push) Successful in 1m38s
Details 
The socket is typically owned by the priv-user, and inaccessible by the target user, so just allowing access to the directory is not enough. This change fixes this oversight and add checks that will also be useful for merging #1.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-18 11:30:58 +09:00
Ophestra
305c600cf5
hst: move container type to config
All checks were successful
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m10s
Details
Test / Hakurei (push) Successful in 3m7s
Details
Test / Hpkg (push) Successful in 3m55s
Details
Test / Sandbox (race detector) (push) Successful in 4m18s
Details
Test / Hakurei (race detector) (push) Successful in 3m5s
Details
Test / Flake checks (push) Successful in 1m33s
Details 
Container state initialisation is no longer implemented in hst so splitting them no longer makes sense.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-16 02:28:36 +09:00
Ophestra
8dd3e1ee5d
hst/fs: rename method Target to Path
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 2m7s
Details
Test / Hakurei (push) Successful in 3m7s
Details
Test / Hpkg (push) Successful in 3m50s
Details
Test / Sandbox (race detector) (push) Successful in 4m17s
Details
Test / Hakurei (race detector) (push) Successful in 5m3s
Details
Test / Flake checks (push) Successful in 1m27s
Details 
This allows adapter structs to use the same field names as Op structs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-16 02:06:41 +09:00
Ophestra
4ffeec3004
hst/enablement: editor friendly enablement adaptor
All checks were successful
Test / Create distribution (push) Successful in 35s
Details
Test / Hakurei (push) Successful in 45s
Details
Test / Hpkg (push) Successful in 3m17s
Details
Test / Sandbox (push) Successful in 43s
Details
Test / Hakurei (race detector) (push) Successful in 45s
Details
Test / Sandbox (race detector) (push) Successful in 43s
Details
Test / Flake checks (push) Successful in 1m27s
Details 
Having the bit field value here (in decimal, no less) is unfriendly to text editors. Use a bunch of booleans here to improve ease of use.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-15 05:16:51 +09:00
Ophestra
99ac96511b
hst/fs: interface filesystem config
All checks were successful
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m14s
Details
Test / Hakurei (push) Successful in 3m37s
Details
Test / Hpkg (push) Successful in 4m27s
Details
Test / Sandbox (race detector) (push) Successful in 4m23s
Details
Test / Hakurei (race detector) (push) Successful in 5m22s
Details
Test / Flake checks (push) Successful in 1m22s
Details 
This allows mount points to be represented by different underlying structs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-14 04:52:49 +09:00
Ophestra
e99d7affb0
container: use absolute for pathname
All checks were successful
Test / Flake checks (push) Successful in 1m26s
Details
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 1m59s
Details
Test / Hakurei (push) Successful in 2m58s
Details
Test / Hpkg (push) Successful in 3m45s
Details
Test / Sandbox (race detector) (push) Successful in 4m11s
Details
Test / Hakurei (race detector) (push) Successful in 4m47s
Details 
This is simultaneously more efficient and less error-prone. This change caused minor API changes in multiple other packages.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-11 04:56:42 +09:00
Ophestra
02271583fb
container: remove PATH lookup behaviour
All checks were successful
Test / Hakurei (race detector) (push) Successful in 2m42s
Details
Test / Flake checks (push) Successful in 1m25s
Details
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 1m57s
Details
Test / Hakurei (push) Successful in 2m57s
Details
Test / Hpkg (push) Successful in 3m58s
Details
Test / Sandbox (race detector) (push) Successful in 4m7s
Details 
This is way higher level than the container package and does not even work unless every path is mounted in the exact same location.

This behaviour causes nothing but confusion and problems,

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 19:08:54 +09:00
Ophestra
82608164f6
container/params: remove confusingly named error
All checks were successful
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m9s
Details
Test / Hakurei (push) Successful in 2m59s
Details
Test / Hpkg (push) Successful in 3m53s
Details
Test / Flake checks (push) Successful in 1m19s
Details
Test / Sandbox (race detector) (push) Successful in 4m16s
Details
Test / Hakurei (race detector) (push) Successful in 4m49s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-09 17:37:46 +09:00
Ophestra
c6be82bcf9
container/path: fhs path constants
All checks were successful
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m6s
Details
Test / Hakurei (push) Successful in 3m6s
Details
Test / Sandbox (race detector) (push) Successful in 4m14s
Details
Test / Hpkg (push) Successful in 4m11s
Details
Test / Hakurei (race detector) (push) Successful in 4m40s
Details
Test / Flake checks (push) Successful in 1m18s
Details 
This increases readability since this can help disambiguate absolute paths from similarly named path segments.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 21:16:45 +09:00
Ophestra
38245559dc
container/ops: mount dev readonly
All checks were successful
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m2s
Details
Test / Hakurei (push) Successful in 2m57s
Details
Test / Sandbox (race detector) (push) Successful in 3m53s
Details
Test / Hpkg (push) Successful in 3m53s
Details
Test / Hakurei (race detector) (push) Successful in 4m37s
Details
Test / Flake checks (push) Successful in 1m18s
Details 
There is usually no good reason to write to /dev. This however doesn't work in internal/app because FilesystemConfig supplied by ContainerConfig might add entries to /dev, so internal/app follows DevWritable with Remount instead.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 19:18:53 +09:00
Ophestra
7b416d47dc
container/ops: merge mqueue and dev Ops
All checks were successful
Test / Create distribution (push) Successful in 34s
Details
Test / Sandbox (push) Successful in 40s
Details
Test / Sandbox (race detector) (push) Successful in 40s
Details
Test / Hakurei (push) Successful in 43s
Details
Test / Hakurei (race detector) (push) Successful in 43s
Details
Test / Hpkg (push) Successful in 41s
Details
Test / Flake checks (push) Successful in 1m21s
Details 
There is no reason to mount mqueue anywhere else, and these Ops usually follow each other. This change merges them. This helps decrease IPC overhead and also enables mounting dev readonly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-03 19:13:46 +09:00
Ophestra
b32b1975a8
hst/container: remove cover
All checks were successful
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m6s
Details
Test / Hakurei (push) Successful in 2m56s
Details
Test / Sandbox (race detector) (push) Successful in 3m55s
Details
Test / Hpkg (push) Successful in 3m55s
Details
Test / Hakurei (race detector) (push) Successful in 4m31s
Details
Test / Flake checks (push) Successful in 1m20s
Details 
This was never useful, and is now completely replaced by regular FilesystemConfig being able to mount tmpfs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-02 00:34:52 +09:00
Ophestra
3b8a3d3b00
app: remount root readonly
All checks were successful
Test / Create distribution (push) Successful in 25s
Details
Test / Sandbox (push) Successful in 41s
Details
Test / Sandbox (race detector) (push) Successful in 42s
Details
Test / Hakurei (race detector) (push) Successful in 45s
Details
Test / Hpkg (push) Successful in 44s
Details
Test / Hakurei (push) Successful in 2m13s
Details
Test / Flake checks (push) Successful in 1m25s
Details 
This does nothing for security, but should help avoid hiding bugs of programs developed in a hakurei container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-01 23:56:28 +09:00
Ophestra
af0899de96
hst/container: mount tmpfs via magic src string
All checks were successful
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m10s
Details
Test / Hakurei (push) Successful in 2m50s
Details
Test / Sandbox (race detector) (push) Successful in 3m53s
Details
Test / Hpkg (push) Successful in 3m54s
Details
Test / Hakurei (race detector) (push) Successful in 4m30s
Details
Test / Flake checks (push) Successful in 1m24s
Details 
There's often good reason to mount tmpfs in the container.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-01 21:23:52 +09:00
Ophestra
387b86bcdd
app: integrate container autoroot
All checks were successful
Test / Create distribution (push) Successful in 36s
Details
Test / Sandbox (push) Successful in 2m25s
Details
Test / Sandbox (race detector) (push) Successful in 4m13s
Details
Test / Hpkg (push) Successful in 4m36s
Details
Test / Hakurei (race detector) (push) Successful in 5m2s
Details
Test / Hakurei (push) Successful in 2m40s
Details
Test / Flake checks (push) Successful in 1m36s
Details 
Doing this instead of mounting directly on / because it's impossible to ensure a parent is available for every path hakurei wants to mount to. This situation is similar to autoetc hence the similar name, however a symlink mirror will not work in this case.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-01 04:21:54 +09:00
Ophestra
f7bd28118c
hst: configurable wait delay
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 1m58s
Details
Test / Hakurei (push) Successful in 2m47s
Details
Test / Sandbox (race detector) (push) Successful in 3m56s
Details
Test / Planterette (push) Successful in 3m58s
Details
Test / Hakurei (race detector) (push) Successful in 4m31s
Details
Test / Flake checks (push) Successful in 1m17s
Details 
This is useful for programs that take a long time to clean up.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-29 03:06:49 +09:00
Ophestra
b43d104680
app: integrate interrupt forwarding
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 1m58s
Details
Test / Hakurei (push) Successful in 2m53s
Details
Test / Sandbox (race detector) (push) Successful in 3m53s
Details
Test / Planterette (push) Successful in 3m53s
Details
Test / Hakurei (race detector) (push) Successful in 4m31s
Details
Test / Flake checks (push) Successful in 1m19s
Details 
This significantly increases usability of command line tools running through hakurei.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-29 02:23:06 +09:00
Ophestra
ddf48a6c22
app/shim: implement signal handler outcome in Go
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 1m53s
Details
Test / Hakurei (push) Successful in 2m48s
Details
Test / Planterette (push) Successful in 3m48s
Details
Test / Sandbox (race detector) (push) Successful in 3m56s
Details
Test / Hakurei (race detector) (push) Successful in 4m27s
Details
Test / Flake checks (push) Successful in 1m13s
Details 
This needs to be done from the Go side eventually anyway to integrate the signal forwarding behaviour now supported by the container package.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-28 23:39:30 +09:00
Ophestra
a0f499e30a
app/shim: separate signal handler implementation
All checks were successful
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 1m57s
Details
Test / Planterette (push) Successful in 3m44s
Details
Test / Sandbox (race detector) (push) Successful in 3m50s
Details
Test / Hakurei (race detector) (push) Successful in 4m25s
Details
Test / Hakurei (push) Successful in 2m0s
Details
Test / Flake checks (push) Successful in 1m19s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-28 21:52:53 +09:00
Ophestra
087959e81b
app: remove split implementation
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 1m56s
Details
Test / Hakurei (push) Successful in 2m42s
Details
Test / Sandbox (race detector) (push) Successful in 3m5s
Details
Test / Planterette (push) Successful in 3m37s
Details
Test / Hakurei (race detector) (push) Successful in 4m19s
Details
Test / Flake checks (push) Successful in 1m7s
Details 
It is completely nonsensical and highly error-prone to have multiple implementations of this in the same build. This should be switched at compile time instead therefore the split packages are pointless.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-03 04:36:59 +09:00
Ophestra
d2f9a9b83b
treewide: migrate to hakurei.app
All checks were successful
Test / Create distribution (push) Successful in 24s
Details
Test / Sandbox (push) Successful in 46s
Details
Test / Hakurei (push) Successful in 2m9s
Details
Test / Sandbox (race detector) (push) Successful in 3m14s
Details
Test / Planterette (push) Successful in 3m41s
Details
Test / Hakurei (race detector) (push) Successful in 3m40s
Details
Test / Flake checks (push) Successful in 1m18s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-03 03:30:39 +09:00
Ophestra
1b5ecd9eaf
container: move out of toplevel
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 1m52s
Details
Test / Sandbox (race detector) (push) Successful in 3m14s
Details
Test / Planterette (push) Successful in 3m36s
Details
Test / Hakurei (race detector) (push) Successful in 4m31s
Details
Test / Hakurei (push) Successful in 2m3s
Details
Test / Flake checks (push) Successful in 1m13s
Details 
This allows slightly easier use of the vanity url. This also provides some disambiguation between low level containers and hakurei app containers.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-03 02:59:43 +09:00
Ophestra
a1d98823f8
hakurei: move container toplevel
All checks were successful
Test / Create distribution (push) Successful in 31s
Details
Test / Sandbox (push) Successful in 1m55s
Details
Test / Hakurei (push) Successful in 2m47s
Details
Test / Sandbox (race detector) (push) Successful in 3m16s
Details
Test / Planterette (push) Successful in 3m32s
Details
Test / Hakurei (race detector) (push) Successful in 4m25s
Details
Test / Flake checks (push) Successful in 1m9s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 21:23:55 +09:00
Ophestra
eb22a8bcc1
cmd/hakurei: move to cmd
All checks were successful
Test / Create distribution (push) Successful in 31s
Details
Test / Sandbox (push) Successful in 1m50s
Details
Test / Hakurei (push) Successful in 3m2s
Details
Test / Sandbox (race detector) (push) Successful in 3m18s
Details
Test / Planterette (push) Successful in 3m36s
Details
Test / Hakurei (race detector) (push) Successful in 4m35s
Details
Test / Flake checks (push) Successful in 1m7s
Details 
Having it at the project root never made sense since the "ego" name was deprecated. This change finally addresses it.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 20:42:51 +09:00
Ophestra
31aef905fa
sandbox: expose seccomp interface
All checks were successful
Test / Create distribution (push) Successful in 31s
Details
Test / Sandbox (push) Successful in 1m59s
Details
Test / Hakurei (push) Successful in 2m47s
Details
Test / Sandbox (race detector) (push) Successful in 3m11s
Details
Test / Planterette (push) Successful in 3m34s
Details
Test / Hakurei (race detector) (push) Successful in 4m22s
Details
Test / Flake checks (push) Successful in 1m8s
Details 
There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 04:47:13 +09:00
Ophestra
d5532aade0
sandbox/seccomp: native rule slice in helpers
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 2m6s
Details
Test / Hakurei (push) Successful in 2m49s
Details
Test / Sandbox (race detector) (push) Successful in 3m8s
Details
Test / Planterette (push) Successful in 3m33s
Details
Test / Hakurei (race detector) (push) Successful in 4m16s
Details
Test / Flake checks (push) Successful in 1m16s
Details 
These helper functions took FilterPreset as input for ease of integration. This moves them to []NativeRule.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-02 00:22:27 +09:00
Ophestra
1a8840bebc
sandbox/seccomp: resolve rules natively
All checks were successful
Test / Create distribution (push) Successful in 32s
Details
Test / Sandbox (push) Successful in 1m45s
Details
Test / Hakurei (push) Successful in 2m49s
Details
Test / Sandbox (race detector) (push) Successful in 3m1s
Details
Test / Planterette (push) Successful in 3m31s
Details
Test / Hakurei (race detector) (push) Successful in 4m18s
Details
Test / Flake checks (push) Successful in 1m6s
Details 
This enables loading syscall filter policies from external cross-platform config files.

This also removes a significant amount of C code.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-07-01 22:11:32 +09:00
Ophestra
972f4006f0
treewide: switch to hakurei.app
All checks were successful
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (push) Successful in 2m0s
Details
Test / Hakurei (push) Successful in 2m49s
Details
Test / Sandbox (race detector) (push) Successful in 3m12s
Details
Test / Planterette (push) Successful in 3m35s
Details
Test / Hakurei (race detector) (push) Successful in 4m22s
Details
Test / Flake checks (push) Successful in 1m7s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-26 04:01:02 +09:00
Ophestra
aa454b158f
cmd/planterette: remove hsu special case
All checks were successful
Test / Hakurei (push) Successful in 42s
Details
Test / Create distribution (push) Successful in 25s
Details
Test / Sandbox (push) Successful in 40s
Details
Test / Hakurei (race detector) (push) Successful in 43s
Details
Test / Sandbox (race detector) (push) Successful in 38s
Details
Test / Planterette (push) Successful in 40s
Details
Test / Flake checks (push) Successful in 1m15s
Details 
Remove special case and invoke hakurei out of process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 20:50:24 +09:00
Ophestra
87e008d56d
treewide: rename to hakurei
All checks were successful
Test / Create distribution (push) Successful in 43s
Details
Test / Sandbox (push) Successful in 2m18s
Details
Test / Hakurei (push) Successful in 3m10s
Details
Test / Sandbox (race detector) (push) Successful in 3m30s
Details
Test / Hakurei (race detector) (push) Successful in 4m43s
Details
Test / Fpkg (push) Successful in 5m4s
Details
Test / Flake checks (push) Successful in 1m12s
Details 
Fortify makes little sense for a container tool.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-25 04:57:41 +09:00
Ophestra
717771ae80
app: share runtime dir
All checks were successful
Test / Create distribution (push) Successful in 24s
Details
Test / Sandbox (race detector) (push) Successful in 37s
Details
Test / Sandbox (push) Successful in 37s
Details
Test / Fortify (push) Successful in 40s
Details
Test / Fortify (race detector) (push) Successful in 40s
Details
Test / Fpkg (push) Successful in 38s
Details
Test / Flake checks (push) Successful in 1m5s
Details 
This allows apps with the same identity to access the same runtime dir.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-06-08 03:24:48 +09:00
Ophestra
15011c4173
app/instance/common: optimise ops allocation
All checks were successful
Test / Create distribution (push) Successful in 26s
Details
Test / Sandbox (push) Successful in 1m55s
Details
Test / Fortify (push) Successful in 2m46s
Details
Test / Sandbox (race detector) (push) Successful in 3m10s
Details
Test / Fpkg (push) Successful in 3m52s
Details
Test / Fortify (race detector) (push) Successful in 4m23s
Details
Test / Flake checks (push) Successful in 1m2s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-13 03:49:07 +09:00
Ophestra
31b7ddd122
fst: improve config
All checks were successful
Test / Create distribution (push) Successful in 26s
Details
Test / Sandbox (push) Successful in 1m50s
Details
Test / Fortify (push) Successful in 2m46s
Details
Test / Sandbox (race detector) (push) Successful in 2m59s
Details
Test / Fortify (race detector) (push) Successful in 4m23s
Details
Test / Fpkg (push) Successful in 5m25s
Details
Test / Flake checks (push) Successful in 1m1s
Details 
The config struct more or less "grew" to what it is today. This change moves things around to make more sense and fixes nonsensical comments describing obsolete behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-13 03:30:19 +09:00
Ophestra
6309469e93
app/instance: wrap internal implementation
All checks were successful
Test / Create distribution (push) Successful in 26s
Details
Test / Sandbox (push) Successful in 1m44s
Details
Test / Fortify (push) Successful in 2m37s
Details
Test / Sandbox (race detector) (push) Successful in 2m59s
Details
Test / Fpkg (push) Successful in 3m34s
Details
Test / Fortify (race detector) (push) Successful in 4m6s
Details
Test / Flake checks (push) Successful in 59s
Details 
This reduces the scope of the fst package, which was growing questionably large.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-12 13:56:41 +09:00
Ophestra
0d7c1a9a43
app: rename app implementation package
All checks were successful
Test / Create distribution (push) Successful in 26s
Details
Test / Sandbox (push) Successful in 1m48s
Details
Test / Fortify (push) Successful in 2m36s
Details
Test / Sandbox (race detector) (push) Successful in 2m52s
Details
Test / Fpkg (push) Successful in 3m32s
Details
Test / Fortify (race detector) (push) Successful in 4m9s
Details
Test / Flake checks (push) Successful in 1m4s
Details 
Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-12 10:54:24 +09:00
Ophestra
9967909460
sandbox: relative autoetc links
All checks were successful
Test / Create distribution (push) Successful in 26s
Details
Test / Sandbox (push) Successful in 1m44s
Details
Test / Fortify (push) Successful in 2m41s
Details
Test / Sandbox (race detector) (push) Successful in 2m48s
Details
Test / Fpkg (push) Successful in 3m35s
Details
Test / Fortify (race detector) (push) Successful in 4m13s
Details
Test / Flake checks (push) Successful in 1m3s
Details 
This allows nested containers to use autoetc, and increases compatibility with other implementations.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-11 18:54:00 +09:00
Ophestra
c806f43881
sandbox: implement autoetc as setup op
All checks were successful
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (push) Successful in 1m48s
Details
Test / Fortify (push) Successful in 2m42s
Details
Test / Sandbox (race detector) (push) Successful in 2m51s
Details
Test / Fpkg (push) Successful in 3m37s
Details
Test / Fortify (race detector) (push) Successful in 4m9s
Details
Test / Flake checks (push) Successful in 1m4s
Details 
This significantly reduces setup op count and the readdir call now happens in the context of the init process.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-10 18:54:25 +09:00
Ophestra
584405f7cc
sandbox/seccomp: rename flag type and constants
All checks were successful
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (push) Successful in 1m38s
Details
Test / Fortify (push) Successful in 2m39s
Details
Test / Sandbox (race detector) (push) Successful in 2m55s
Details
Test / Fpkg (push) Successful in 3m26s
Details
Test / Fortify (race detector) (push) Successful in 4m5s
Details
Test / Flake checks (push) Successful in 56s
Details 
The names are ambiguous. Rename them to make more sense.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-08 01:59:45 +09:00
Ophestra
74ba183256
app: install seccomp filter to shim
All checks were successful
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (push) Successful in 1m57s
Details
Test / Fortify (push) Successful in 2m53s
Details
Test / Sandbox (race detector) (push) Successful in 3m5s
Details
Test / Fpkg (push) Successful in 3m51s
Details
Test / Fortify (race detector) (push) Successful in 4m19s
Details
Test / Flake checks (push) Successful in 1m5s
Details 
This does not necessarily reduce attack surface but does not affect functionality or introduce any side effects, so is nice to have.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 04:13:08 +09:00
Ophestra
e9a7cd526f
app: improve shim process management
All checks were successful
Test / Create distribution (push) Successful in 27s
Details
Test / Sandbox (push) Successful in 1m45s
Details
Test / Fortify (push) Successful in 2m36s
Details
Test / Sandbox (race detector) (push) Successful in 2m49s
Details
Test / Fpkg (push) Successful in 3m33s
Details
Test / Fortify (race detector) (push) Successful in 4m13s
Details
Test / Flake checks (push) Successful in 1m6s
Details 
This ensures a signal gets delivered to the process instead of relying on parent death behaviour.

SIGCONT was chosen as it is the only signal an unprivileged process is allowed to send to processes with different credentials.

A custom signal handler is installed because the Go runtime does not expose signal information other than which signal was received, and shim must check pid to ensure reasonable behaviour.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-04-07 03:55:17 +09:00