security/hakurei
security/hakurei
5
2
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 4 Wiki Activity

Compare commits

base: security:141bec290b4acc93b844a6d831596f97c2a54e9c
Branches Tags
security:master
security:netadr-landlock-lsm
security:staging
security:develop
security:v0.1.3
security:v0.1.2
security:v0.1.1
security:v0.1.0
..
compare: security:9eb6bc71c4ac3b9b22d923cf65ffc68b8dc2bea2
Branches Tags
security:netadr-landlock-lsm
security:staging
security:develop
security:master
security:v0.1.3
security:v0.1.2
security:v0.1.1
security:v0.1.0

2 Commits
141bec290b ... 9eb6bc71c4

Author SHA1 Message Date
Clayton Gilmer
9eb6bc71c4
container: optionally isolate host abstract UNIX domain sockets via landlock
Some checks failed
Test / Hakurei (race detector) (pull_request) Failing after 41m38s
Details
Test / Flake checks (pull_request) Has been skipped
Details
Test / Hpkg (push) Successful in 4m16s
Details
Test / Hpkg (pull_request) Successful in 3m27s
Details
Test / Sandbox (race detector) (pull_request) Successful in 4m1s
Details
Test / Sandbox (race detector) (push) Successful in 4m36s
Details
Test / Create distribution (push) Failing after 32s
Details
Test / Hakurei (pull_request) Failing after 20m33s
Details
Test / Hakurei (race detector) (push) Failing after 22m25s
Details
Test / Sandbox (push) Successful in 2m20s
Details
Test / Sandbox (pull_request) Successful in 2m14s
Details
Test / Create distribution (pull_request) Failing after 28s
Details
Test / Hakurei (push) Failing after 39m36s
Details
Test / Flake checks (push) Has been skipped
Details
2025-08-17 17:44:14 +09:00
Ophestra
0ac6e99818
container: start from locked thread
All checks were successful
Test / Hpkg (push) Successful in 4m14s
Details
Test / Create distribution (push) Successful in 33s
Details
Test / Sandbox (race detector) (push) Successful in 4m28s
Details
Test / Hakurei (race detector) (push) Successful in 5m12s
Details
Test / Flake checks (push) Successful in 1m33s
Details
Test / Sandbox (push) Successful in 2m10s
Details
Test / Hakurei (push) Successful in 3m17s
Details 
This allows setup that relies on per-thread state like securebits and landlock, from the parent side.

Signed-off-by: Ophestra <cat@gensokyo.uk>
 2025-08-17 17:42:22 +09:00
1 changed files with 8 additions and 7 deletions
Show Stats Expand all files Collapse all files

15
container/container.go
View File

@ -234,15 +234,16 @@ func (p *Container) Serve() error {
// Wait waits for the container init process to exit and releases any resources associated with the [Container].
func (p *Container) Wait() error {
if p.wait == nil {
if p.cmd != nil {
// pass through error from Cmd
return p.cmd.Wait()
}
if p.cmd == nil {
return EINVAL
}
defer func() { close(p.wait); p.cancel(); p.wait = nil }()
return p.cmd.Wait()
err := p.cmd.Wait()
p.cancel()
if p.wait != nil && err == nil {
close(p.wait)
}
return err
}
func (p *Container) String() string {