605d018be2 
							
						 
					 
					
						
						
							
							app/seal: check for '=' in envv  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m58s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m50s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m40s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 18:25:23 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							300571af47 
							
						 
					 
					
						
						
							
							app: pass through $SHELL  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 33s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 39s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 39s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-27 01:22:40 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2dd49c437c 
							
						 
					 
					
						
						
							
							app: create XDG_RUNTIME_DIR with perm 0700  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m41s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m31s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m30s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Many programs complain about this.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-26 02:49:37 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c326c3f97d 
							
						 
					 
					
						
						
							
							fst/sandbox: do not create /etc in advance  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m43s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m36s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m31s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						This is now handled by the setup op. This also gets rid of the hardcoded /etc path.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 20:00:34 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							61dbfeffe7 
							
						 
					 
					
						
						
							
							sandbox/wl: move into sandbox  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m49s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m54s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m36s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 58s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 05:26:37 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							532feb4bfa 
							
						 
					 
					
						
						
							
							app: merge shim into app package  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m48s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m39s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m35s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 05:21:47 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ec5e91b8c9 
							
						 
					 
					
						
						
							
							system: optimise string formatting  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 36s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 42s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 43s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m10s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 04:42:30 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5c4058d5ac 
							
						 
					 
					
						
						
							
							app: run in native sandbox  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m5s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m0s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m12s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m4s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-25 01:52:49 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							7c063833e0 
							
						 
					 
					
						
						
							
							internal/sys: wrap getuid/getgid  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m34s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m26s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m8s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 50s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-17 17:10:03 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							24618ab9a1 
							
						 
					 
					
						
						
							
							sandbox: move out of internal  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 18s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 2m40s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m13s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 3m1s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 51s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-17 02:55:36 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9ce4706a07 
							
						 
					 
					
						
						
							
							sandbox: move params setup functions  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m37s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m30s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m8s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-17 02:48:32 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9a1f8e129f 
							
						 
					 
					
						
						
							
							sandbox: wrap fmsg interface  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m36s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m16s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-17 02:44:07 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ee10860357 
							
						 
					 
					
						
						
							
							seccomp: install output atomically  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m33s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m17s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m1s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 49s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-17 01:10:27 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							48feca800f 
							
						 
					 
					
						
						
							
							sandbox: check command function pointer  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m37s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m25s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m59s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Setting default CommandContext on initialisation is somewhat of a footgun.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-16 23:29:14 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							273d97af85 
							
						 
					 
					
						
						
							
							ldd: lib paths resolve function  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m37s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m37s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m50s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						This is what always happens right after a ldd call, so implement it here.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-16 01:20:09 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9f5dad1998 
							
						 
					 
					
						
						
							
							sandbox: return on zero length ops  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m30s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m24s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m53s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 52s 
				
			 
		
		
	 
 
	 
						
						This dodges potentially confusing behaviour where init fails due to Ops being clobbered during transfer.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-16 00:32:36 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							bac4e67867 
							
						 
					 
					
						
						
							
							sandbox/init: early params nil check  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m31s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m48s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m53s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 51s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-15 04:03:10 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							4230281194 
							
						 
					 
					
						
						
							
							sandbox: return error on doubled start  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 18s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 35s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 38s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 36s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 58s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-15 03:30:14 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e64e7608ca 
							
						 
					 
					
						
						
							
							sandbox: expose cancel behaviour  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 40s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 11m53s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 1m57s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m33s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 58s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-15 03:04:27 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							10a21ce3ef 
							
						 
					 
					
						
						
							
							helper: expose extra files to direct  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 42s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 11m23s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 5m32s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m35s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 56s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-15 02:27:40 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f9bf20a3c7 
							
						 
					 
					
						
						
							
							helper: rearrange initialisation args  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 41s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 3m3s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m32s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 4m47s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 1m3s 
				
			 
		
		
	 
 
	 
						
						This improves consistency across two different helper implementations.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-15 01:06:31 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f443d315ad 
							
						 
					 
					
						
						
							
							helper: clean up interface  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m37s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m40s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m54s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						The helper interface was messy due to odd context acquisition order. That has changed, so this cleans it up.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-15 00:27:44 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9e18d1de77 
							
						 
					 
					
						
						
							
							helper/proc: pass extra files and start  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 28s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m41s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m38s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m53s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						For integration with native container tooling.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 23:23:57 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2647a71be1 
							
						 
					 
					
						
						
							
							seccomp: move out of helper  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 29s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m53s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 4m0s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 4m9s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 59s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 22:42:40 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							7c60a4d8e8 
							
						 
					 
					
						
						
							
							helper: embed context on creation  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m34s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m22s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m44s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 49s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 18:30:22 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							4bb5d9780f 
							
						 
					 
					
						
						
							
							ldd: run in native sandbox  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m22s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m43s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 48s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 17:55:55 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f41fd94628 
							
						 
					 
					
						
						
							
							sandbox: write uid/gid map as init  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m30s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m21s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m39s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 48s 
				
			 
		
		
	 
 
	 
						
						This avoids PR_SET_DUMPABLE in the parent process.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 17:42:22 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							94895bbacb 
							
						 
					 
					
						
						
							
							sandbox: invert seccomp ruleset defaults  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m31s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m20s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m35s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 50s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 02:38:32 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f332200ca4 
							
						 
					 
					
						
						
							
							sandbox: mount container /dev  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m29s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m26s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m33s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 51s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 02:18:44 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							2eff470091 
							
						 
					 
					
						
						
							
							sandbox/mount: pass custom tmpfs name  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 27s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m51s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m53s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m59s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						The tmpfs driver allows arbitrary fsname.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 02:12:35 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							a092b042ab 
							
						 
					 
					
						
						
							
							sandbox: pass params to setup ops  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m5s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m26s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m49s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 02:11:38 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e94b09d337 
							
						 
					 
					
						
						
							
							sandbox/mount: fix source flag path  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m6s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m24s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m56s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 54s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 02:10:48 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							5d9e669d97 
							
						 
					 
					
						
						
							
							sandbox: separate tmpfs function from op  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m34s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m25s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m32s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 52s 
				
			 
		
		
	 
 
	 
						
						This is useful in the implementation of various other ops.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 00:21:20 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f1002157a5 
							
						 
					 
					
						
						
							
							sandbox: separate bind mount function from op  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 24s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m33s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m26s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m36s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 53s 
				
			 
		
		
	 
 
	 
						
						This is useful in the implementation of various other ops.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-14 00:16:41 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							4133b555ba 
							
						 
					 
					
						
						
							
							internal/app: rename init to init0  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m27s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m21s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m40s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 48s 
				
			 
		
		
	 
 
	 
						
						This makes way for the new container init.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-13 21:57:54 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9b1a60b5c9 
							
						 
					 
					
						
						
							
							sandbox: native container tooling  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m28s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m23s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m35s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 48s 
				
			 
		
		
	 
 
	 
						
						This should eventually replace bwrap.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-13 21:36:26 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							e048f31baa 
							
						 
					 
					
						
						
							
							internal: pull EINTR loop from stdlib  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 20s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 35s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 37s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 36s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 57s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-13 00:42:38 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							6af8b8859f 
							
						 
					 
					
						
						
							
							sandbox: read overflow ids  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 1m53s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m7s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m33s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 54s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-13 00:41:37 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							61e58aa14d 
							
						 
					 
					
						
						
							
							helper/proc: expose setup file  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m34s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m29s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m27s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 51s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-09 17:22:31 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							9e15898c8f 
							
						 
					 
					
						
						
							
							internal/prctl: rename prctl wrappers  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m39s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m29s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m34s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 51s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-03-07 22:56:35 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							80f9b62d25 
							
						 
					 
					
						
						
							
							app: print comp values early  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 30s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m31s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m27s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m26s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 51s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-26 22:27:55 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							673b648bd3 
							
						 
					 
					
						
						
							
							cmd/fpkg: call app in-process  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 28s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m31s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m29s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 55s 
				
			 
		
		
	 
 
	 
						
						Wrapping fortify is slow, painful and error-prone. Start apps in-process instead.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-26 19:51:44 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							840ceb615a 
							
						 
					 
					
						
						
							
							app: handle RunState errors  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m27s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m24s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m30s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 52s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-26 17:36:14 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							d050b3de25 
							
						 
					 
					
						
						
							
							app: define errors in a separate file  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m28s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m25s 
				
			 
		
			
				
	Test / Fpkg (push) Successful in 3m31s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 52s 
				
			 
		
		
	 
 
	 
						
						Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-26 17:12:02 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							6d4ac3d9fd 
							
						 
					 
					
						
						
							
							internal: store fortify path in internal  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m33s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m20s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 42s 
				
			 
		
		
	 
 
	 
						
						This now makes more sense due to the changes in build system.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-26 12:03:25 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							39dc8e7bd8 
							
						 
					 
					
						
						
							
							dbus: set process group id  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 25s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m18s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 3m11s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 40s 
				
			 
		
		
	 
 
	 
						
						This stops signals sent by the TTY driver from propagating to the xdg-dbus-proxy process.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-25 18:12:41 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							f0a082ec84 
							
						 
					 
					
						
						
							
							fortify: improve handling of RevertErr  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Fortify (push) Successful in 2m17s 
				
			 
		
			
				
	Test / Data race detector (push) Successful in 2m57s 
				
			 
		
			
				
	Test / Flake checks (push) Successful in 43s 
				
			 
		
		
	 
 
	 
						
						All this error wrapping is getting a bit ridiculous and I might want to do something about that somewhere down the line.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-25 00:45:00 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							c64b8163e7 
							
						 
					 
					
						
						
							
							app: separate instance from process state  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 1m59s 
				
			 
		
		
	 
 
	 
						
						This works better for the implementation.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-21 16:06:24 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							3c80fd2b0f 
							
						 
					 
					
						
						
							
							app: defer system.I revert  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 19s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 49s 
				
			 
		
		
	 
 
	 
						
						Just returning an error after a successful call of commit will leave garbage behind with no way for the caller to clean them. This change ensures revert is always called after successful commit with at least per-process state enabled.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-19 21:12:11 +09:00 
						 
				 
			
				
					
						
					 
					
						
						
							
							
								
									
								
							
						
						
						
							
						
						
							ef81828e0c 
							
						 
					 
					
						
						
							
							app: remove share method  
						
						... 
						
						
	
		
			
	 
	
	
		
	
	
		
			
				
	Test / Create distribution (push) Successful in 26s 
				
			 
		
			
				
	Test / Run NixOS test (push) Successful in 2m3s 
				
			 
		
		
	 
 
	 
						
						This is yet another implementation detail from before system.I, getting rid of this vastly cuts down on redundant seal state.
Signed-off-by: Ophestra <cat@gensokyo.uk> 
						
						
					 
					
						2025-02-19 16:20:25 +09:00