Compare commits
	
		
			No commits in common. "b380bb248c69ae2c9bbd6b2784f953a20492a228" and "6c1205106d7ac9702464e274502303d2b6df1dc3" have entirely different histories.
		
	
	
		
			b380bb248c
			...
			6c1205106d
		
	
		
| @ -20,5 +20,5 @@ jobs: | ||||
|         uses: https://gitea.com/actions/release-action@main | ||||
|         with: | ||||
|           files: |- | ||||
|             result/hakurei-** | ||||
|             result/fortify-** | ||||
|           api_key: '${{secrets.RELEASE_TOKEN}}' | ||||
|  | ||||
| @ -5,25 +5,25 @@ on: | ||||
|   - pull_request | ||||
| 
 | ||||
| jobs: | ||||
|   hakurei: | ||||
|     name: Hakurei | ||||
|   fortify: | ||||
|     name: Fortify | ||||
|     runs-on: nix | ||||
|     steps: | ||||
|       - name: Checkout | ||||
|         uses: actions/checkout@v4 | ||||
| 
 | ||||
|       - name: Run NixOS test | ||||
|         run: nix build --out-link "result" --print-out-paths --print-build-logs .#checks.x86_64-linux.hakurei | ||||
|         run: nix build --out-link "result" --print-out-paths --print-build-logs .#checks.x86_64-linux.fortify | ||||
| 
 | ||||
|       - name: Upload test output | ||||
|         uses: actions/upload-artifact@v3 | ||||
|         with: | ||||
|           name: "hakurei-vm-output" | ||||
|           name: "fortify-vm-output" | ||||
|           path: result/* | ||||
|           retention-days: 1 | ||||
| 
 | ||||
|   race: | ||||
|     name: Hakurei (race detector) | ||||
|     name: Fortify (race detector) | ||||
|     runs-on: nix | ||||
|     steps: | ||||
|       - name: Checkout | ||||
| @ -35,7 +35,7 @@ jobs: | ||||
|       - name: Upload test output | ||||
|         uses: actions/upload-artifact@v3 | ||||
|         with: | ||||
|           name: "hakurei-race-vm-output" | ||||
|           name: "fortify-race-vm-output" | ||||
|           path: result/* | ||||
|           retention-days: 1 | ||||
| 
 | ||||
| @ -93,7 +93,7 @@ jobs: | ||||
|   check: | ||||
|     name: Flake checks | ||||
|     needs: | ||||
|       - hakurei | ||||
|       - fortify | ||||
|       - race | ||||
|       - sandbox | ||||
|       - sandbox-race | ||||
| @ -116,15 +116,15 @@ jobs: | ||||
|       - name: Build for test | ||||
|         id: build-test | ||||
|         run: >- | ||||
|           export HAKUREI_REV="$(git rev-parse --short HEAD)" && | ||||
|           sed -i.old 's/version = /version = "0.0.0-'$HAKUREI_REV'"; # version = /' package.nix && | ||||
|           export FORTIFY_REV="$(git rev-parse --short HEAD)" && | ||||
|           sed -i.old 's/version = /version = "0.0.0-'$FORTIFY_REV'"; # version = /' package.nix && | ||||
|           nix build --print-out-paths --print-build-logs .#dist && | ||||
|           mv package.nix.old package.nix && | ||||
|           echo "rev=$HAKUREI_REV" >> $GITHUB_OUTPUT | ||||
|           echo "rev=$FORTIFY_REV" >> $GITHUB_OUTPUT | ||||
| 
 | ||||
|       - name: Upload test build | ||||
|         uses: actions/upload-artifact@v3 | ||||
|         with: | ||||
|           name: "hakurei-${{ steps.build-test.outputs.rev }}" | ||||
|           name: "fortify-${{ steps.build-test.outputs.rev }}" | ||||
|           path: result/* | ||||
|           retention-days: 1 | ||||
|  | ||||
							
								
								
									
										4
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										4
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -5,7 +5,7 @@ | ||||
| *.so | ||||
| *.dylib | ||||
| *.pkg | ||||
| /hakurei | ||||
| /fortify | ||||
| 
 | ||||
| # Test binary, built with `go test -c` | ||||
| *.test | ||||
| @ -29,4 +29,4 @@ go.work.sum | ||||
| security-context-v1-protocol.* | ||||
| 
 | ||||
| # release | ||||
| /dist/hakurei-* | ||||
| /dist/fortify-* | ||||
							
								
								
									
										30
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										30
									
								
								README.md
									
									
									
									
									
								
							| @ -1,11 +1,11 @@ | ||||
| Hakurei | ||||
| Fortify | ||||
| ======= | ||||
| 
 | ||||
| [](https://pkg.go.dev/git.gensokyo.uk/security/hakurei) | ||||
| [](https://goreportcard.com/report/git.gensokyo.uk/security/hakurei) | ||||
| [](https://pkg.go.dev/git.gensokyo.uk/security/fortify) | ||||
| [](https://goreportcard.com/report/git.gensokyo.uk/security/fortify) | ||||
| 
 | ||||
| Lets you run graphical applications as dedicated subordinate users in a container environment with a nice NixOS | ||||
| module to configure target users and provide launch scripts and desktop files. | ||||
| Lets you run graphical applications as another user in a confined environment with a nice NixOS | ||||
| module to configure target users and provide launchers and desktop files for your privileged user. | ||||
| 
 | ||||
| Why would you want this? | ||||
| 
 | ||||
| @ -18,12 +18,12 @@ Why would you want this? | ||||
| If you have a flakes-enabled nix environment, you can try out the tool by running: | ||||
| 
 | ||||
| ```shell | ||||
| nix run git+https://git.gensokyo.uk/security/hakurei -- help | ||||
| nix run git+https://git.gensokyo.uk/security/fortify -- help | ||||
| ``` | ||||
| 
 | ||||
| ## Module usage | ||||
| 
 | ||||
| The NixOS module currently requires home-manager to configure subordinate users. | ||||
| The NixOS module currently requires home-manager to function correctly. | ||||
| 
 | ||||
| Full module documentation can be found [here](options.md). | ||||
| 
 | ||||
| @ -34,35 +34,35 @@ To use the module, import it into your configuration with | ||||
|   inputs = { | ||||
|     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; | ||||
| 
 | ||||
|     hakurei = { | ||||
|       url = "git+https://git.gensokyo.uk/security/hakurei"; | ||||
|     fortify = { | ||||
|       url = "git+https://git.gensokyo.uk/security/fortify"; | ||||
| 
 | ||||
|       # Optional but recommended to limit the size of your system closure. | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|   }; | ||||
| 
 | ||||
|   outputs = { self, nixpkgs, hakurei, ... }: | ||||
|   outputs = { self, nixpkgs, fortify, ... }: | ||||
|   { | ||||
|     nixosConfigurations.hakurei = nixpkgs.lib.nixosSystem { | ||||
|     nixosConfigurations.fortify = nixpkgs.lib.nixosSystem { | ||||
|       system = "x86_64-linux"; | ||||
|       modules = [ | ||||
|         hakurei.nixosModules.hakurei | ||||
|         fortify.nixosModules.fortify | ||||
|       ]; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| ``` | ||||
| 
 | ||||
| This adds the `environment.hakurei` option: | ||||
| This adds the `environment.fortify` option: | ||||
| 
 | ||||
| ```nix | ||||
| { pkgs, ... }: | ||||
| 
 | ||||
| { | ||||
|   environment.hakurei = { | ||||
|   environment.fortify = { | ||||
|     enable = true; | ||||
|     stateDir = "/var/lib/hakurei"; | ||||
|     stateDir = "/var/lib/fortify"; | ||||
|     users = { | ||||
|       alice = 0; | ||||
|       nixos = 10; | ||||
|  | ||||
							
								
								
									
										108
									
								
								acl/acl-update.c
									
									
									
									
									
								
							
							
						
						
									
										108
									
								
								acl/acl-update.c
									
									
									
									
									
								
							| @ -1,71 +1,69 @@ | ||||
| #include "acl-update.h" | ||||
| #include <acl/libacl.h> | ||||
| #include <stdbool.h> | ||||
| #include <stdlib.h> | ||||
| #include <stdbool.h> | ||||
| #include <sys/acl.h> | ||||
| #include <acl/libacl.h> | ||||
| 
 | ||||
| int hakurei_acl_update_file_by_uid(const char *path_p, uid_t uid, acl_perm_t *perms, | ||||
|                              size_t plen) { | ||||
|   int ret = -1; | ||||
|   bool v; | ||||
|   int i; | ||||
|   acl_t acl; | ||||
|   acl_entry_t entry; | ||||
|   acl_tag_t tag_type; | ||||
|   void *qualifier_p; | ||||
|   acl_permset_t permset; | ||||
| int f_acl_update_file_by_uid(const char *path_p, uid_t uid, acl_perm_t *perms, size_t plen) { | ||||
|     int ret = -1; | ||||
|     bool v; | ||||
|     int i; | ||||
|     acl_t acl; | ||||
|     acl_entry_t entry; | ||||
|     acl_tag_t tag_type; | ||||
|     void *qualifier_p; | ||||
|     acl_permset_t permset; | ||||
| 
 | ||||
|   acl = acl_get_file(path_p, ACL_TYPE_ACCESS); | ||||
|   if (acl == NULL) | ||||
|     goto out; | ||||
|     acl = acl_get_file(path_p, ACL_TYPE_ACCESS); | ||||
|     if (acl == NULL) | ||||
|         goto out; | ||||
| 
 | ||||
|   // prune entries by uid
 | ||||
|   for (i = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); i == 1; | ||||
|        i = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry)) { | ||||
|     if (acl_get_tag_type(entry, &tag_type) != 0) | ||||
|       return -1; | ||||
|     if (tag_type != ACL_USER) | ||||
|       continue; | ||||
|     // prune entries by uid
 | ||||
|     for (i = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); i == 1; i = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry)) { | ||||
|         if (acl_get_tag_type(entry, &tag_type) != 0) | ||||
|             return -1; | ||||
|         if (tag_type != ACL_USER) | ||||
|             continue; | ||||
| 
 | ||||
|     qualifier_p = acl_get_qualifier(entry); | ||||
|     if (qualifier_p == NULL) | ||||
|       return -1; | ||||
|     v = *(uid_t *)qualifier_p == uid; | ||||
|     acl_free(qualifier_p); | ||||
|         qualifier_p = acl_get_qualifier(entry); | ||||
|         if (qualifier_p == NULL) | ||||
|             return -1; | ||||
|         v = *(uid_t *)qualifier_p == uid; | ||||
|         acl_free(qualifier_p); | ||||
| 
 | ||||
|     if (!v) | ||||
|       continue; | ||||
|         if (!v) | ||||
|             continue; | ||||
| 
 | ||||
|     acl_delete_entry(acl, entry); | ||||
|   } | ||||
|         acl_delete_entry(acl, entry); | ||||
|     } | ||||
| 
 | ||||
|   if (plen == 0) | ||||
|     goto set; | ||||
|     if (plen == 0) | ||||
|         goto set; | ||||
| 
 | ||||
|   if (acl_create_entry(&acl, &entry) != 0) | ||||
|     goto out; | ||||
|   if (acl_get_permset(entry, &permset) != 0) | ||||
|     goto out; | ||||
|   for (i = 0; i < plen; i++) { | ||||
|     if (acl_add_perm(permset, perms[i]) != 0) | ||||
|       goto out; | ||||
|   } | ||||
|   if (acl_set_tag_type(entry, ACL_USER) != 0) | ||||
|     goto out; | ||||
|   if (acl_set_qualifier(entry, (void *)&uid) != 0) | ||||
|     goto out; | ||||
|     if (acl_create_entry(&acl, &entry) != 0) | ||||
|         goto out; | ||||
|     if (acl_get_permset(entry, &permset) != 0) | ||||
|         goto out; | ||||
|     for (i = 0; i < plen; i++) { | ||||
|         if (acl_add_perm(permset, perms[i]) != 0) | ||||
|             goto out; | ||||
|     } | ||||
|     if (acl_set_tag_type(entry, ACL_USER) != 0) | ||||
|         goto out; | ||||
|     if (acl_set_qualifier(entry, (void *)&uid) != 0) | ||||
|         goto out; | ||||
| 
 | ||||
| set: | ||||
|   if (acl_calc_mask(&acl) != 0) | ||||
|     goto out; | ||||
|   if (acl_valid(acl) != 0) | ||||
|     goto out; | ||||
|   if (acl_set_file(path_p, ACL_TYPE_ACCESS, acl) == 0) | ||||
|     ret = 0; | ||||
|     if (acl_calc_mask(&acl) != 0) | ||||
|         goto out; | ||||
|     if (acl_valid(acl) != 0) | ||||
|         goto out; | ||||
|     if (acl_set_file(path_p, ACL_TYPE_ACCESS, acl) == 0) | ||||
|         ret = 0; | ||||
| 
 | ||||
| out: | ||||
|   free((void *)path_p); | ||||
|   if (acl != NULL) | ||||
|     acl_free((void *)acl); | ||||
|   return ret; | ||||
|     free((void *)path_p); | ||||
|     if (acl != NULL) | ||||
|         acl_free((void *)acl); | ||||
|     return ret; | ||||
| } | ||||
|  | ||||
| @ -1,4 +1,3 @@ | ||||
| #include <sys/acl.h> | ||||
| 
 | ||||
| int hakurei_acl_update_file_by_uid(const char *path_p, uid_t uid, acl_perm_t *perms, | ||||
|                              size_t plen); | ||||
| int f_acl_update_file_by_uid(const char *path_p, uid_t uid, acl_perm_t *perms, size_t plen); | ||||
|  | ||||
| @ -23,7 +23,7 @@ func Update(name string, uid int, perms ...Perm) error { | ||||
| 		p = &perms[0] | ||||
| 	} | ||||
| 
 | ||||
| 	r, err := C.hakurei_acl_update_file_by_uid( | ||||
| 	r, err := C.f_acl_update_file_by_uid( | ||||
| 		C.CString(name), | ||||
| 		C.uid_t(uid), | ||||
| 		(*C.acl_perm_t)(p), | ||||
|  | ||||
| @ -7,7 +7,7 @@ import ( | ||||
| 	"reflect" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/acl" | ||||
| 	"git.gensokyo.uk/security/fortify/acl" | ||||
| ) | ||||
| 
 | ||||
| const testFileName = "acl.test" | ||||
|  | ||||
| @ -6,46 +6,46 @@ import ( | ||||
| 	"os" | ||||
| 	"path" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| type appInfo struct { | ||||
| 	Name    string `json:"name"` | ||||
| 	Version string `json:"version"` | ||||
| 
 | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	ID string `json:"id"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	Identity int `json:"identity"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	Groups []string `json:"groups,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	Devel bool `json:"devel,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	Userns bool `json:"userns,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	Net bool `json:"net,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	Device bool `json:"dev,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	Tty bool `json:"tty,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	MapRealUID bool `json:"map_real_uid,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	DirectWayland bool `json:"direct_wayland,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	SystemBus *dbus.Config `json:"system_bus,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	SessionBus *dbus.Config `json:"session_bus,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	Enablements system.Enablement `json:"enablements"` | ||||
| 
 | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	Multiarch bool `json:"multiarch,omitempty"` | ||||
| 	// passed through to [hst.Config] | ||||
| 	// passed through to [fst.Config] | ||||
| 	Bluetooth bool `json:"bluetooth,omitempty"` | ||||
| 
 | ||||
| 	// allow gpu access within sandbox | ||||
| @ -62,8 +62,8 @@ type appInfo struct { | ||||
| 	ActivationPackage string `json:"activation_package"` | ||||
| } | ||||
| 
 | ||||
| func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool) *hst.Config { | ||||
| 	config := &hst.Config{ | ||||
| func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool) *fst.Config { | ||||
| 	config := &fst.Config{ | ||||
| 		ID: app.ID, | ||||
| 
 | ||||
| 		Path: argv[0], | ||||
| @ -75,7 +75,7 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool | ||||
| 		SessionBus:    app.SessionBus, | ||||
| 		DirectWayland: app.DirectWayland, | ||||
| 
 | ||||
| 		Username: "hakurei", | ||||
| 		Username: "fortify", | ||||
| 		Shell:    shellPath, | ||||
| 		Data:     pathSet.homeDir, | ||||
| 		Dir:      path.Join("/data/data", app.ID), | ||||
| @ -83,7 +83,7 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool | ||||
| 		Identity: app.Identity, | ||||
| 		Groups:   app.Groups, | ||||
| 
 | ||||
| 		Container: &hst.ContainerConfig{ | ||||
| 		Container: &fst.ContainerConfig{ | ||||
| 			Hostname:   formatHostname(app.Name), | ||||
| 			Devel:      app.Devel, | ||||
| 			Userns:     app.Userns, | ||||
| @ -91,9 +91,9 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool | ||||
| 			Device:     app.Device, | ||||
| 			Tty:        app.Tty || flagDropShell, | ||||
| 			MapRealUID: app.MapRealUID, | ||||
| 			Filesystem: []*hst.FilesystemConfig{ | ||||
| 			Filesystem: []*fst.FilesystemConfig{ | ||||
| 				{Src: path.Join(pathSet.nixPath, "store"), Dst: "/nix/store", Must: true}, | ||||
| 				{Src: pathSet.metaPath, Dst: path.Join(hst.Tmp, "app"), Must: true}, | ||||
| 				{Src: pathSet.metaPath, Dst: path.Join(fst.Tmp, "app"), Must: true}, | ||||
| 				{Src: "/etc/resolv.conf"}, | ||||
| 				{Src: "/sys/block"}, | ||||
| 				{Src: "/sys/bus"}, | ||||
| @ -109,7 +109,7 @@ func (app *appInfo) toFst(pathSet *appPathSet, argv []string, flagDropShell bool | ||||
| 			Etc:     path.Join(pathSet.cacheDir, "etc"), | ||||
| 			AutoEtc: true, | ||||
| 		}, | ||||
| 		ExtraPerms: []*hst.ExtraPermConfig{ | ||||
| 		ExtraPerms: []*fst.ExtraPermConfig{ | ||||
| 			{Path: dataHome, Execute: true}, | ||||
| 			{Ensure: true, Path: pathSet.baseDir, Read: true, Write: true, Execute: true}, | ||||
| 		}, | ||||
| @ -147,7 +147,7 @@ func loadAppInfo(name string, beforeFail func()) *appInfo { | ||||
| func formatHostname(name string) string { | ||||
| 	if h, err := os.Hostname(); err != nil { | ||||
| 		log.Printf("cannot get hostname: %v", err) | ||||
| 		return "hakurei-" + name | ||||
| 		return "fortify-" + name | ||||
| 	} else { | ||||
| 		return h + "-" + name | ||||
| 	} | ||||
|  | ||||
| @ -57,7 +57,7 @@ let | ||||
|     modules = modules ++ [ | ||||
|       { | ||||
|         home = { | ||||
|           username = "hakurei"; | ||||
|           username = "fortify"; | ||||
|           homeDirectory = "/data/data/${id}"; | ||||
|           stateVersion = "22.11"; | ||||
|         }; | ||||
| @ -65,7 +65,7 @@ let | ||||
|     ]; | ||||
|   }; | ||||
| 
 | ||||
|   launcher = writeScript "hakurei-${pname}" '' | ||||
|   launcher = writeScript "fortify-${pname}" '' | ||||
|     #!${runtimeShell} -el | ||||
|     ${script} | ||||
|   ''; | ||||
|  | ||||
| @ -10,13 +10,13 @@ import ( | ||||
| 	"path" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/command" | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app/instance" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/sys" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/command" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app/instance" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/sys" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| ) | ||||
| 
 | ||||
| const shellPath = "/run/current-system/sw/bin/bash" | ||||
| @ -28,7 +28,7 @@ var ( | ||||
| ) | ||||
| 
 | ||||
| func init() { | ||||
| 	hlog.Prepare("fpkg") | ||||
| 	fmsg.Prepare("fpkg") | ||||
| 	if err := os.Setenv("SHELL", shellPath); err != nil { | ||||
| 		log.Fatalf("cannot set $SHELL: %v", err) | ||||
| 	} | ||||
| @ -36,7 +36,7 @@ func init() { | ||||
| 
 | ||||
| func main() { | ||||
| 	// early init path, skips root check and duplicate PR_SET_DUMPABLE | ||||
| 	sandbox.TryArgv0(hlog.Output{}, hlog.Prepare, internal.InstallFmsg) | ||||
| 	sandbox.TryArgv0(fmsg.Output{}, fmsg.Prepare, internal.InstallFmsg) | ||||
| 
 | ||||
| 	if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil { | ||||
| 		log.Printf("cannot set SUID_DUMP_DISABLE: %s", err) | ||||
| @ -60,7 +60,7 @@ func main() { | ||||
| 		return nil | ||||
| 	}). | ||||
| 		Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console"). | ||||
| 		Flag(&flagDropShell, "s", command.BoolFlag(false), "Drop to a shell in place of next hakurei action") | ||||
| 		Flag(&flagDropShell, "s", command.BoolFlag(false), "Drop to a shell in place of next fortify action") | ||||
| 
 | ||||
| 	c.Command("shim", command.UsageInternal, func([]string) error { instance.ShimMain(); return errSuccess }) | ||||
| 
 | ||||
| @ -166,10 +166,10 @@ func main() { | ||||
| 				} | ||||
| 
 | ||||
| 				// sec: should compare version string | ||||
| 				hlog.Verbosef("installing application %q version %q over local %q", | ||||
| 				fmsg.Verbosef("installing application %q version %q over local %q", | ||||
| 					bundle.ID, bundle.Version, a.Version) | ||||
| 			} else { | ||||
| 				hlog.Verbosef("application %q clean installation", bundle.ID) | ||||
| 				fmsg.Verbosef("application %q clean installation", bundle.ID) | ||||
| 				// sec: should install credentials | ||||
| 			} | ||||
| 
 | ||||
| @ -179,7 +179,7 @@ func main() { | ||||
| 
 | ||||
| 			withCacheDir(ctx, "install", []string{ | ||||
| 				// export inner bundle path in the environment | ||||
| 				"export BUNDLE=" + hst.Tmp + "/bundle", | ||||
| 				"export BUNDLE=" + fst.Tmp + "/bundle", | ||||
| 				// replace inner /etc | ||||
| 				"mkdir -p etc", | ||||
| 				"chmod -R +w etc", | ||||
| @ -218,7 +218,7 @@ func main() { | ||||
| 				"rm -rf .local/state/{nix,home-manager}", | ||||
| 				// run activation script | ||||
| 				bundle.ActivationPackage + "/activate", | ||||
| 			}, false, func(config *hst.Config) *hst.Config { return config }, | ||||
| 			}, false, func(config *fst.Config) *fst.Config { return config }, | ||||
| 				bundle, pathSet, flagDropShellActivate, cleanup) | ||||
| 
 | ||||
| 			/* | ||||
| @ -291,8 +291,8 @@ func main() { | ||||
| 						"--out-link /nix/.nixGL/auto/vulkan " + | ||||
| 						"--override-input nixpkgs path:/etc/nixpkgs " + | ||||
| 						"path:" + a.NixGL + "#nixVulkanNvidia", | ||||
| 				}, true, func(config *hst.Config) *hst.Config { | ||||
| 					config.Container.Filesystem = append(config.Container.Filesystem, []*hst.FilesystemConfig{ | ||||
| 				}, true, func(config *fst.Config) *fst.Config { | ||||
| 					config.Container.Filesystem = append(config.Container.Filesystem, []*fst.FilesystemConfig{ | ||||
| 						{Src: "/etc/resolv.conf"}, | ||||
| 						{Src: "/sys/block"}, | ||||
| 						{Src: "/sys/bus"}, | ||||
| @ -325,7 +325,7 @@ func main() { | ||||
| 
 | ||||
| 			if a.GPU { | ||||
| 				config.Container.Filesystem = append(config.Container.Filesystem, | ||||
| 					&hst.FilesystemConfig{Src: path.Join(pathSet.nixPath, ".nixGL"), Dst: path.Join(hst.Tmp, "nixGL")}) | ||||
| 					&fst.FilesystemConfig{Src: path.Join(pathSet.nixPath, ".nixGL"), Dst: path.Join(fst.Tmp, "nixGL")}) | ||||
| 				appendGPUFilesystem(config) | ||||
| 			} | ||||
| 
 | ||||
| @ -341,9 +341,9 @@ func main() { | ||||
| 	} | ||||
| 
 | ||||
| 	c.MustParse(os.Args[1:], func(err error) { | ||||
| 		hlog.Verbosef("command returned %v", err) | ||||
| 		fmsg.Verbosef("command returned %v", err) | ||||
| 		if errors.Is(err, errSuccess) { | ||||
| 			hlog.BeforeExit() | ||||
| 			fmsg.BeforeExit() | ||||
| 			os.Exit(0) | ||||
| 		} | ||||
| 	}) | ||||
|  | ||||
| @ -8,8 +8,8 @@ import ( | ||||
| 	"strconv" | ||||
| 	"sync/atomic" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| ) | ||||
| 
 | ||||
| var ( | ||||
| @ -18,10 +18,10 @@ var ( | ||||
| 
 | ||||
| func init() { | ||||
| 	// dataHome | ||||
| 	if p, ok := os.LookupEnv("HAKUREI_DATA_HOME"); ok { | ||||
| 	if p, ok := os.LookupEnv("FORTIFY_DATA_HOME"); ok { | ||||
| 		dataHome = p | ||||
| 	} else { | ||||
| 		dataHome = "/var/lib/hakurei/" + strconv.Itoa(os.Getuid()) | ||||
| 		dataHome = "/var/lib/fortify/" + strconv.Itoa(os.Getuid()) | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| @ -37,7 +37,7 @@ func lookPath(file string) string { | ||||
| var beforeRunFail = new(atomic.Pointer[func()]) | ||||
| 
 | ||||
| func mustRun(name string, arg ...string) { | ||||
| 	hlog.Verbosef("spawning process: %q %q", name, arg) | ||||
| 	fmsg.Verbosef("spawning process: %q %q", name, arg) | ||||
| 	cmd := exec.Command(name, arg...) | ||||
| 	cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr | ||||
| 	if err := cmd.Run(); err != nil { | ||||
| @ -71,8 +71,8 @@ func pathSetByApp(id string) *appPathSet { | ||||
| 	return pathSet | ||||
| } | ||||
| 
 | ||||
| func appendGPUFilesystem(config *hst.Config) { | ||||
| 	config.Container.Filesystem = append(config.Container.Filesystem, []*hst.FilesystemConfig{ | ||||
| func appendGPUFilesystem(config *fst.Config) { | ||||
| 	config.Container.Filesystem = append(config.Container.Filesystem, []*fst.FilesystemConfig{ | ||||
| 		// flatpak commit 763a686d874dd668f0236f911de00b80766ffe79 | ||||
| 		{Src: "/dev/dri", Device: true}, | ||||
| 		// mali | ||||
|  | ||||
| @ -4,19 +4,19 @@ import ( | ||||
| 	"context" | ||||
| 	"os" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app/instance" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app/instance" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| ) | ||||
| 
 | ||||
| func mustRunApp(ctx context.Context, config *hst.Config, beforeFail func()) { | ||||
| func mustRunApp(ctx context.Context, config *fst.Config, beforeFail func()) { | ||||
| 	rs := new(app.RunState) | ||||
| 	a := instance.MustNew(instance.ISetuid, ctx, std) | ||||
| 
 | ||||
| 	var code int | ||||
| 	if sa, err := a.Seal(config); err != nil { | ||||
| 		hlog.PrintBaseError(err, "cannot seal app:") | ||||
| 		fmsg.PrintBaseError(err, "cannot seal app:") | ||||
| 		code = 1 | ||||
| 	} else { | ||||
| 		code = instance.PrintRunStateErr(instance.ISetuid, rs, sa.Run(rs)) | ||||
|  | ||||
| @ -50,9 +50,9 @@ | ||||
|     ]; | ||||
|   }; | ||||
| 
 | ||||
|   environment.hakurei = { | ||||
|   environment.fortify = { | ||||
|     enable = true; | ||||
|     stateDir = "/var/lib/hakurei"; | ||||
|     stateDir = "/var/lib/fortify"; | ||||
|     users.alice = 0; | ||||
| 
 | ||||
|     extraHomeConfig = { | ||||
|  | ||||
| @ -18,7 +18,7 @@ nixosTest { | ||||
|     imports = [ | ||||
|       ./configuration.nix | ||||
| 
 | ||||
|       self.nixosModules.hakurei | ||||
|       self.nixosModules.fortify | ||||
|       self.inputs.home-manager.nixosModules.home-manager | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
| @ -47,22 +47,22 @@ def wait_for_window(pattern): | ||||
| 
 | ||||
| 
 | ||||
| def collect_state_ui(name): | ||||
|     swaymsg(f"exec hakurei ps > '/tmp/{name}.ps'") | ||||
|     swaymsg(f"exec fortify ps > '/tmp/{name}.ps'") | ||||
|     machine.copy_from_vm(f"/tmp/{name}.ps", "") | ||||
|     swaymsg(f"exec hakurei --json ps > '/tmp/{name}.json'") | ||||
|     swaymsg(f"exec fortify --json ps > '/tmp/{name}.json'") | ||||
|     machine.copy_from_vm(f"/tmp/{name}.json", "") | ||||
|     machine.screenshot(name) | ||||
| 
 | ||||
| 
 | ||||
| def check_state(name, enablements): | ||||
|     instances = json.loads(machine.succeed("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 hakurei --json ps")) | ||||
|     instances = json.loads(machine.succeed("sudo -u alice -i XDG_RUNTIME_DIR=/run/user/1000 fortify --json ps")) | ||||
|     if len(instances) != 1: | ||||
|         raise Exception(f"unexpected state length {len(instances)}") | ||||
|     instance = next(iter(instances.values())) | ||||
| 
 | ||||
|     config = instance['config'] | ||||
| 
 | ||||
|     if len(config['args']) != 1 or not (config['args'][0].startswith("/nix/store/")) or f"hakurei-{name}-" not in (config['args'][0]): | ||||
|     if len(config['args']) != 1 or not (config['args'][0].startswith("/nix/store/")) or f"fortify-{name}-" not in (config['args'][0]): | ||||
|         raise Exception(f"unexpected args {instance['config']['args']}") | ||||
| 
 | ||||
|     if config['enablements'] != enablements: | ||||
| @ -72,15 +72,15 @@ def check_state(name, enablements): | ||||
| start_all() | ||||
| machine.wait_for_unit("multi-user.target") | ||||
| 
 | ||||
| # To check hakurei's version: | ||||
| print(machine.succeed("sudo -u alice -i hakurei version")) | ||||
| # To check fortify's version: | ||||
| print(machine.succeed("sudo -u alice -i fortify version")) | ||||
| 
 | ||||
| # Wait for Sway to complete startup: | ||||
| machine.wait_for_file("/run/user/1000/wayland-1") | ||||
| machine.wait_for_file("/tmp/sway-ipc.sock") | ||||
| 
 | ||||
| # Prepare fpkg directory: | ||||
| machine.succeed("install -dm 0700 -o alice -g users /var/lib/hakurei/1000") | ||||
| machine.succeed("install -dm 0700 -o alice -g users /var/lib/fortify/1000") | ||||
| 
 | ||||
| # Install fpkg app: | ||||
| swaymsg("exec fpkg -v install /etc/foot.pkg && touch /tmp/fpkg-install-done") | ||||
| @ -88,9 +88,9 @@ machine.wait_for_file("/tmp/fpkg-install-done") | ||||
| 
 | ||||
| # Start app (foot) with Wayland enablement: | ||||
| swaymsg("exec fpkg -v start org.codeberg.dnkl.foot") | ||||
| wait_for_window("hakurei@machine-foot") | ||||
| wait_for_window("fortify@machine-foot") | ||||
| machine.send_chars("clear; wayland-info && touch /tmp/success-client\n") | ||||
| machine.wait_for_file("/tmp/hakurei.1000/tmpdir/2/success-client") | ||||
| machine.wait_for_file("/tmp/fortify.1000/tmpdir/2/success-client") | ||||
| collect_state_ui("app_wayland") | ||||
| check_state("foot", 13) | ||||
| # Verify acl on XDG_RUNTIME_DIR: | ||||
| @ -104,5 +104,5 @@ machine.wait_until_fails("getfacl --absolute-names --omit-header --numeric /run/ | ||||
| swaymsg("exit", succeed=False) | ||||
| machine.wait_for_file("/tmp/sway-exit-ok") | ||||
| 
 | ||||
| # Print hakurei runDir contents: | ||||
| print(machine.succeed("find /run/user/1000/hakurei")) | ||||
| # Print fortify runDir contents: | ||||
| print(machine.succeed("find /run/user/1000/fortify")) | ||||
| @ -5,17 +5,17 @@ import ( | ||||
| 	"path" | ||||
| 	"strings" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| ) | ||||
| 
 | ||||
| func withNixDaemon( | ||||
| 	ctx context.Context, | ||||
| 	action string, command []string, net bool, updateConfig func(config *hst.Config) *hst.Config, | ||||
| 	action string, command []string, net bool, updateConfig func(config *fst.Config) *fst.Config, | ||||
| 	app *appInfo, pathSet *appPathSet, dropShell bool, beforeFail func(), | ||||
| ) { | ||||
| 	mustRunAppDropShell(ctx, updateConfig(&hst.Config{ | ||||
| 	mustRunAppDropShell(ctx, updateConfig(&fst.Config{ | ||||
| 		ID: app.ID, | ||||
| 
 | ||||
| 		Path: shellPath, | ||||
| @ -31,24 +31,24 @@ func withNixDaemon( | ||||
| 			" && pkill nix-daemon", | ||||
| 		}, | ||||
| 
 | ||||
| 		Username: "hakurei", | ||||
| 		Username: "fortify", | ||||
| 		Shell:    shellPath, | ||||
| 		Data:     pathSet.homeDir, | ||||
| 		Dir:      path.Join("/data/data", app.ID), | ||||
| 		ExtraPerms: []*hst.ExtraPermConfig{ | ||||
| 		ExtraPerms: []*fst.ExtraPermConfig{ | ||||
| 			{Path: dataHome, Execute: true}, | ||||
| 			{Ensure: true, Path: pathSet.baseDir, Read: true, Write: true, Execute: true}, | ||||
| 		}, | ||||
| 
 | ||||
| 		Identity: app.Identity, | ||||
| 
 | ||||
| 		Container: &hst.ContainerConfig{ | ||||
| 		Container: &fst.ContainerConfig{ | ||||
| 			Hostname: formatHostname(app.Name) + "-" + action, | ||||
| 			Userns:   true, // nix sandbox requires userns | ||||
| 			Net:      net, | ||||
| 			Seccomp:  seccomp.FilterMultiarch, | ||||
| 			Tty:      dropShell, | ||||
| 			Filesystem: []*hst.FilesystemConfig{ | ||||
| 			Filesystem: []*fst.FilesystemConfig{ | ||||
| 				{Src: pathSet.nixPath, Dst: "/nix", Write: true, Must: true}, | ||||
| 			}, | ||||
| 			Link: [][2]string{ | ||||
| @ -66,7 +66,7 @@ func withCacheDir( | ||||
| 	ctx context.Context, | ||||
| 	action string, command []string, workDir string, | ||||
| 	app *appInfo, pathSet *appPathSet, dropShell bool, beforeFail func()) { | ||||
| 	mustRunAppDropShell(ctx, &hst.Config{ | ||||
| 	mustRunAppDropShell(ctx, &fst.Config{ | ||||
| 		ID: app.ID, | ||||
| 
 | ||||
| 		Path: shellPath, | ||||
| @ -76,7 +76,7 @@ func withCacheDir( | ||||
| 		Shell:    shellPath, | ||||
| 		Data:     pathSet.cacheDir, // this also ensures cacheDir via shim | ||||
| 		Dir:      path.Join("/data/data", app.ID, "cache"), | ||||
| 		ExtraPerms: []*hst.ExtraPermConfig{ | ||||
| 		ExtraPerms: []*fst.ExtraPermConfig{ | ||||
| 			{Path: dataHome, Execute: true}, | ||||
| 			{Ensure: true, Path: pathSet.baseDir, Read: true, Write: true, Execute: true}, | ||||
| 			{Path: workDir, Execute: true}, | ||||
| @ -84,13 +84,13 @@ func withCacheDir( | ||||
| 
 | ||||
| 		Identity: app.Identity, | ||||
| 
 | ||||
| 		Container: &hst.ContainerConfig{ | ||||
| 		Container: &fst.ContainerConfig{ | ||||
| 			Hostname: formatHostname(app.Name) + "-" + action, | ||||
| 			Seccomp:  seccomp.FilterMultiarch, | ||||
| 			Tty:      dropShell, | ||||
| 			Filesystem: []*hst.FilesystemConfig{ | ||||
| 			Filesystem: []*fst.FilesystemConfig{ | ||||
| 				{Src: path.Join(workDir, "nix"), Dst: "/nix", Must: true}, | ||||
| 				{Src: workDir, Dst: path.Join(hst.Tmp, "bundle"), Must: true}, | ||||
| 				{Src: workDir, Dst: path.Join(fst.Tmp, "bundle"), Must: true}, | ||||
| 			}, | ||||
| 			Link: [][2]string{ | ||||
| 				{app.CurrentSystem, "/run/current-system"}, | ||||
| @ -103,7 +103,7 @@ func withCacheDir( | ||||
| 	}, dropShell, beforeFail) | ||||
| } | ||||
| 
 | ||||
| func mustRunAppDropShell(ctx context.Context, config *hst.Config, dropShell bool, beforeFail func()) { | ||||
| func mustRunAppDropShell(ctx context.Context, config *fst.Config, dropShell bool, beforeFail func()) { | ||||
| 	if dropShell { | ||||
| 		config.Args = []string{shellPath, "-l"} | ||||
| 		mustRunApp(ctx, config, beforeFail) | ||||
|  | ||||
| @ -13,17 +13,17 @@ import ( | ||||
| ) | ||||
| 
 | ||||
| const ( | ||||
| 	hsuConfFile = "/etc/hsurc" | ||||
| 	envShim     = "HAKUREI_SHIM" | ||||
| 	envAID      = "HAKUREI_APP_ID" | ||||
| 	envGroups   = "HAKUREI_GROUPS" | ||||
| 	fsuConfFile = "/etc/fsurc" | ||||
| 	envShim     = "FORTIFY_SHIM" | ||||
| 	envAID      = "FORTIFY_APP_ID" | ||||
| 	envGroups   = "FORTIFY_GROUPS" | ||||
| 
 | ||||
| 	PR_SET_NO_NEW_PRIVS = 0x26 | ||||
| ) | ||||
| 
 | ||||
| func main() { | ||||
| 	log.SetFlags(0) | ||||
| 	log.SetPrefix("hsu: ") | ||||
| 	log.SetPrefix("fsu: ") | ||||
| 	log.SetOutput(os.Stderr) | ||||
| 
 | ||||
| 	if os.Geteuid() != 0 { | ||||
| @ -40,9 +40,9 @@ func main() { | ||||
| 	if p, err := os.Readlink(pexe); err != nil { | ||||
| 		log.Fatalf("cannot read parent executable path: %v", err) | ||||
| 	} else if strings.HasSuffix(p, " (deleted)") { | ||||
| 		log.Fatal("hakurei executable has been deleted") | ||||
| 	} else if p != mustCheckPath(hmain) && p != mustCheckPath(fpkg) { | ||||
| 		log.Fatal("this program must be started by hakurei") | ||||
| 		log.Fatal("fortify executable has been deleted") | ||||
| 	} else if p != mustCheckPath(fmain) && p != mustCheckPath(fpkg) { | ||||
| 		log.Fatal("this program must be started by fortify") | ||||
| 	} else { | ||||
| 		toolPath = p | ||||
| 	} | ||||
| @ -52,27 +52,27 @@ func main() { | ||||
| 	//           aid | ||||
| 	uid := 1000000 | ||||
| 
 | ||||
| 	// refuse to run if hsurc is not protected correctly | ||||
| 	if s, err := os.Stat(hsuConfFile); err != nil { | ||||
| 	// refuse to run if fsurc is not protected correctly | ||||
| 	if s, err := os.Stat(fsuConfFile); err != nil { | ||||
| 		log.Fatal(err) | ||||
| 	} else if s.Mode().Perm() != 0400 { | ||||
| 		log.Fatal("bad hsurc perm") | ||||
| 		log.Fatal("bad fsurc perm") | ||||
| 	} else if st := s.Sys().(*syscall.Stat_t); st.Uid != 0 || st.Gid != 0 { | ||||
| 		log.Fatal("hsurc must be owned by uid 0") | ||||
| 		log.Fatal("fsurc must be owned by uid 0") | ||||
| 	} | ||||
| 
 | ||||
| 	// authenticate before accepting user input | ||||
| 	if f, err := os.Open(hsuConfFile); err != nil { | ||||
| 	if f, err := os.Open(fsuConfFile); err != nil { | ||||
| 		log.Fatal(err) | ||||
| 	} else if fid, ok := mustParseConfig(f, puid); !ok { | ||||
| 		log.Fatalf("uid %d is not in the hsurc file", puid) | ||||
| 		log.Fatalf("uid %d is not in the fsurc file", puid) | ||||
| 	} else { | ||||
| 		uid += fid * 10000 | ||||
| 	} | ||||
| 
 | ||||
| 	// allowed aid range 0 to 9999 | ||||
| 	if as, ok := os.LookupEnv(envAID); !ok { | ||||
| 		log.Fatal("HAKUREI_APP_ID not set") | ||||
| 		log.Fatal("FORTIFY_APP_ID not set") | ||||
| 	} else if aid, err := parseUint32Fast(as); err != nil || aid < 0 || aid > 9999 { | ||||
| 		log.Fatal("invalid aid") | ||||
| 	} else { | ||||
| @ -82,12 +82,12 @@ func main() { | ||||
| 	// pass through setup fd to shim | ||||
| 	var shimSetupFd string | ||||
| 	if s, ok := os.LookupEnv(envShim); !ok { | ||||
| 		// hakurei requests target uid | ||||
| 		// fortify requests target uid | ||||
| 		// print resolved uid and exit | ||||
| 		fmt.Print(uid) | ||||
| 		os.Exit(0) | ||||
| 	} else if len(s) != 1 || s[0] > '9' || s[0] < '3' { | ||||
| 		log.Fatal("HAKUREI_SHIM holds an invalid value") | ||||
| 		log.Fatal("FORTIFY_SHIM holds an invalid value") | ||||
| 	} else { | ||||
| 		shimSetupFd = s | ||||
| 	} | ||||
| @ -124,7 +124,7 @@ func main() { | ||||
| 		panic("uid out of bounds") | ||||
| 	} | ||||
| 
 | ||||
| 	// careful! users in the allowlist is effectively allowed to drop groups via hsu | ||||
| 	// careful! users in the allowlist is effectively allowed to drop groups via fsu | ||||
| 
 | ||||
| 	if err := syscall.Setresgid(uid, uid, uid); err != nil { | ||||
| 		log.Fatalf("cannot set gid: %v", err) | ||||
| @ -138,7 +138,7 @@ func main() { | ||||
| 	if _, _, errno := syscall.AllThreadsSyscall(syscall.SYS_PRCTL, PR_SET_NO_NEW_PRIVS, 1, 0); errno != 0 { | ||||
| 		log.Fatalf("cannot set no_new_privs flag: %s", errno.Error()) | ||||
| 	} | ||||
| 	if err := syscall.Exec(toolPath, []string{"hakurei", "shim"}, []string{envShim + "=" + shimSetupFd}); err != nil { | ||||
| 	if err := syscall.Exec(toolPath, []string{"fortify", "shim"}, []string{envShim + "=" + shimSetupFd}); err != nil { | ||||
| 		log.Fatalf("cannot start shim: %v", err) | ||||
| 	} | ||||
| 
 | ||||
							
								
								
									
										30
									
								
								cmd/fsu/package.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								cmd/fsu/package.nix
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,30 @@ | ||||
| { | ||||
|   lib, | ||||
|   buildGoModule, | ||||
|   fortify ? abort "fortify package required", | ||||
| }: | ||||
| 
 | ||||
| buildGoModule { | ||||
|   pname = "${fortify.pname}-fsu"; | ||||
|   inherit (fortify) version; | ||||
| 
 | ||||
|   src = ./.; | ||||
|   inherit (fortify) vendorHash; | ||||
|   CGO_ENABLED = 0; | ||||
| 
 | ||||
|   preBuild = '' | ||||
|     go mod init fsu >& /dev/null | ||||
|   ''; | ||||
| 
 | ||||
|   ldflags = | ||||
|     lib.attrsets.foldlAttrs | ||||
|       ( | ||||
|         ldflags: name: value: | ||||
|         ldflags ++ [ "-X main.${name}=${value}" ] | ||||
|       ) | ||||
|       [ "-s -w" ] | ||||
|       { | ||||
|         fmain = "${fortify}/libexec/fortify"; | ||||
|         fpkg = "${fortify}/libexec/fpkg"; | ||||
|       }; | ||||
| } | ||||
| @ -50,7 +50,7 @@ func parseConfig(r io.Reader, puid int) (fid int, ok bool, err error) { | ||||
| 		if ok { | ||||
| 			// allowed fid range 0 to 99 | ||||
| 			if fid, err = parseUint32Fast(lf[1]); err != nil || fid < 0 || fid > 99 { | ||||
| 				return -1, false, fmt.Errorf("invalid identity on line %d", line) | ||||
| 				return -1, false, fmt.Errorf("invalid fortify uid on line %d", line) | ||||
| 			} | ||||
| 			return | ||||
| 		} | ||||
| @ -65,7 +65,7 @@ func Test_parseConfig(t *testing.T) { | ||||
| 		{"empty", 0, -1, "", ``}, | ||||
| 		{"invalid field", 0, -1, "invalid entry on line 1", `9`}, | ||||
| 		{"invalid puid", 0, -1, "invalid parent uid on line 1", `f 9`}, | ||||
| 		{"invalid fid", 1000, -1, "invalid identity on line 1", `1000 f`}, | ||||
| 		{"invalid fid", 1000, -1, "invalid fortify uid on line 1", `1000 f`}, | ||||
| 		{"match", 1000, 0, "", `1000 0`}, | ||||
| 	} | ||||
| 
 | ||||
| @ -8,7 +8,7 @@ import ( | ||||
| const compPoison = "INVALIDINVALIDINVALIDINVALIDINVALID" | ||||
| 
 | ||||
| var ( | ||||
| 	hmain = compPoison | ||||
| 	fmain = compPoison | ||||
| 	fpkg  = compPoison | ||||
| ) | ||||
| 
 | ||||
| @ -1,30 +0,0 @@ | ||||
| { | ||||
|   lib, | ||||
|   buildGoModule, | ||||
|   hakurei ? abort "hakurei package required", | ||||
| }: | ||||
| 
 | ||||
| buildGoModule { | ||||
|   pname = "${hakurei.pname}-hsu"; | ||||
|   inherit (hakurei) version; | ||||
| 
 | ||||
|   src = ./.; | ||||
|   inherit (hakurei) vendorHash; | ||||
|   env.CGO_ENABLED = 0; | ||||
| 
 | ||||
|   preBuild = '' | ||||
|     go mod init hsu >& /dev/null | ||||
|   ''; | ||||
| 
 | ||||
|   ldflags = | ||||
|     lib.attrsets.foldlAttrs | ||||
|       ( | ||||
|         ldflags: name: value: | ||||
|         ldflags ++ [ "-X main.${name}=${value}" ] | ||||
|       ) | ||||
|       [ "-s -w" ] | ||||
|       { | ||||
|         hmain = "${hakurei}/libexec/hakurei"; | ||||
|         fpkg = "${hakurei}/libexec/fpkg"; | ||||
|       }; | ||||
| } | ||||
| @ -3,7 +3,7 @@ package command_test | ||||
| import ( | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/command" | ||||
| 	"git.gensokyo.uk/security/fortify/command" | ||||
| ) | ||||
| 
 | ||||
| func TestBuild(t *testing.T) { | ||||
|  | ||||
| @ -10,7 +10,7 @@ import ( | ||||
| 	"strings" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/command" | ||||
| 	"git.gensokyo.uk/security/fortify/command" | ||||
| ) | ||||
| 
 | ||||
| func TestParse(t *testing.T) { | ||||
|  | ||||
| @ -1,11 +1,11 @@ | ||||
| #compdef hakurei | ||||
| #compdef fortify | ||||
| 
 | ||||
| _hakurei_app() { | ||||
|   __hakurei_files | ||||
| _fortify_app() { | ||||
|   __fortify_files | ||||
|   return $? | ||||
| } | ||||
| 
 | ||||
| _hakurei_run() { | ||||
| _fortify_run() { | ||||
|   _arguments \ | ||||
|     '--id[Reverse-DNS style Application identifier, leave empty to inherit instance identifier]:id' \ | ||||
|     '-a[Application identity]: :_numbers' \ | ||||
| @ -22,26 +22,26 @@ _hakurei_run() { | ||||
|     '--dbus-log[Force buffered logging in the D-Bus proxy]' | ||||
| } | ||||
| 
 | ||||
| _hakurei_ps() { | ||||
| _fortify_ps() { | ||||
|   _arguments \ | ||||
|     '--short[List instances only]' | ||||
| } | ||||
| 
 | ||||
| _hakurei_show() { | ||||
| _fortify_show() { | ||||
|   _alternative \ | ||||
|     'instances:domains:__hakurei_instances' \ | ||||
|     'files:files:__hakurei_files' | ||||
|     'instances:domains:__fortify_instances' \ | ||||
|     'files:files:__fortify_files' | ||||
| } | ||||
| 
 | ||||
| __hakurei_files() { | ||||
|   _files -g "*.(json|hakurei)" | ||||
| __fortify_files() { | ||||
|   _files -g "*.(json|ftfy)" | ||||
|   return $? | ||||
| } | ||||
| 
 | ||||
| __hakurei_instances() { | ||||
| __fortify_instances() { | ||||
|   local -a out | ||||
|   shift -p | ||||
|   out=( ${(f)"$(_call_program commands hakurei ps --short 2>&1)"} ) | ||||
|   out=( ${(f)"$(_call_program commands fortify ps --short 2>&1)"} ) | ||||
|   if (( $#out == 0 )); then | ||||
|     _message "No active instances" | ||||
|   else | ||||
| @ -50,26 +50,26 @@ __hakurei_instances() { | ||||
|   return $? | ||||
| } | ||||
| 
 | ||||
| (( $+functions[_hakurei_commands] )) || _hakurei_commands() | ||||
| (( $+functions[_fortify_commands] )) || _fortify_commands() | ||||
| { | ||||
|   local -a _hakurei_cmds | ||||
|   _hakurei_cmds=( | ||||
|     "app:Load app from configuration file" | ||||
|   local -a _fortify_cmds | ||||
|   _fortify_cmds=( | ||||
|     "app:Launch app defined by the specified config file" | ||||
|     "run:Configure and start a permissive default sandbox" | ||||
|     "show:Show live or local app configuration" | ||||
|     "ps:List active instances" | ||||
|     "version:Display version information" | ||||
|     "show:Show the contents of an app configuration" | ||||
|     "ps:List active apps and their state" | ||||
|     "version:Show fortify version" | ||||
|     "license:Show full license text" | ||||
|     "template:Produce a config template" | ||||
|     "help:Show help message" | ||||
|   ) | ||||
|   if (( CURRENT == 1 )); then | ||||
|     _describe -t commands 'action' _hakurei_cmds || compadd "$@" | ||||
|     _describe -t commands 'action' _fortify_cmds || compadd "$@" | ||||
|   else | ||||
|     local curcontext="$curcontext" | ||||
|     cmd="${${_hakurei_cmds[(r)$words[1]:*]%%:*}}" | ||||
|     if (( $+functions[_hakurei_$cmd] )); then | ||||
|       _hakurei_$cmd | ||||
|     cmd="${${_fortify_cmds[(r)$words[1]:*]%%:*}}" | ||||
|     if (( $+functions[_fortify_$cmd] )); then | ||||
|       _fortify_$cmd | ||||
|     else | ||||
|       _message "no more options" | ||||
|     fi | ||||
| @ -77,6 +77,6 @@ __hakurei_instances() { | ||||
| } | ||||
| 
 | ||||
| _arguments -C \ | ||||
|   '-v[Increase log verbosity]' \ | ||||
|   '-v[Verbose output]' \ | ||||
|   '--json[Serialise output in JSON when applicable]' \ | ||||
|   '*::hakurei command:_hakurei_commands' | ||||
|   '*::fortify command:_fortify_commands' | ||||
| @ -5,7 +5,7 @@ import ( | ||||
| 	"reflect" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| ) | ||||
| 
 | ||||
| func TestParse(t *testing.T) { | ||||
|  | ||||
| @ -9,7 +9,7 @@ import ( | ||||
| 	"strings" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| ) | ||||
| 
 | ||||
| func TestConfig_Args(t *testing.T) { | ||||
|  | ||||
| @ -13,11 +13,11 @@ import ( | ||||
| 	"testing" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/helper" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/helper" | ||||
| 	"git.gensokyo.uk/security/fortify/internal" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| ) | ||||
| 
 | ||||
| func TestFinalise(t *testing.T) { | ||||
| @ -90,9 +90,9 @@ func testProxyFinaliseStartWaitCloseString(t *testing.T, useSandbox bool) { | ||||
| 
 | ||||
| 	t.Run("invalid start", func(t *testing.T) { | ||||
| 		if !useSandbox { | ||||
| 			p = dbus.NewDirect(t.Context(), nil, nil) | ||||
| 			p = dbus.NewDirect(context.TODO(), nil, nil) | ||||
| 		} else { | ||||
| 			p = dbus.New(t.Context(), nil, nil) | ||||
| 			p = dbus.New(context.TODO(), nil, nil) | ||||
| 		} | ||||
| 
 | ||||
| 		if err := p.Start(); !errors.Is(err, syscall.ENOTRECOVERABLE) { | ||||
| @ -120,7 +120,7 @@ func testProxyFinaliseStartWaitCloseString(t *testing.T, useSandbox bool) { | ||||
| 				} | ||||
| 			}) | ||||
| 
 | ||||
| 			ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second) | ||||
| 			ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Second) | ||||
| 			defer cancel() | ||||
| 			if !useSandbox { | ||||
| 				p = dbus.NewDirect(ctx, final, nil) | ||||
| @ -208,6 +208,6 @@ func TestHelperInit(t *testing.T) { | ||||
| 	if len(os.Args) != 5 || os.Args[4] != "init" { | ||||
| 		return | ||||
| 	} | ||||
| 	sandbox.SetOutput(hlog.Output{}) | ||||
| 	sandbox.Init(hlog.Prepare, internal.InstallFmsg) | ||||
| 	sandbox.SetOutput(fmsg.Output{}) | ||||
| 	sandbox.Init(fmsg.Prepare, internal.InstallFmsg) | ||||
| } | ||||
|  | ||||
							
								
								
									
										10
									
								
								dbus/proc.go
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								dbus/proc.go
									
									
									
									
									
								
							| @ -11,10 +11,10 @@ import ( | ||||
| 	"strconv" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper" | ||||
| 	"git.gensokyo.uk/security/hakurei/ldd" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/helper" | ||||
| 	"git.gensokyo.uk/security/fortify/ldd" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| ) | ||||
| 
 | ||||
| // Start starts and configures a D-Bus proxy process. | ||||
| @ -67,7 +67,7 @@ func (p *Proxy) Start() error { | ||||
| 			p.final, true, | ||||
| 			argF, func(container *sandbox.Container) { | ||||
| 				container.Seccomp |= seccomp.FilterMultiarch | ||||
| 				container.Hostname = "hakurei-dbus" | ||||
| 				container.Hostname = "fortify-dbus" | ||||
| 				container.CommandContext = p.CommandContext | ||||
| 				if p.output != nil { | ||||
| 					container.Stdout, container.Stderr = p.output, p.output | ||||
|  | ||||
| @ -8,7 +8,7 @@ import ( | ||||
| 	"sync" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper" | ||||
| 	"git.gensokyo.uk/security/fortify/helper" | ||||
| ) | ||||
| 
 | ||||
| // ProxyName is the file name or path to the proxy program. | ||||
|  | ||||
| @ -3,7 +3,7 @@ package dbus_test | ||||
| import ( | ||||
| 	"sync" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| ) | ||||
| 
 | ||||
| const ( | ||||
|  | ||||
| @ -3,7 +3,7 @@ package dbus_test | ||||
| import ( | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper" | ||||
| 	"git.gensokyo.uk/security/fortify/helper" | ||||
| ) | ||||
| 
 | ||||
| func TestHelperStub(t *testing.T) { helper.InternalHelperStub() } | ||||
|  | ||||
							
								
								
									
										0
									
								
								dist/hsurc.default → dist/fsurc.default
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										0
									
								
								dist/hsurc.default → dist/fsurc.default
									
									
									
									
										vendored
									
									
								
							
							
								
								
									
										12
									
								
								dist/install.sh
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										12
									
								
								dist/install.sh
									
									
									
									
										vendored
									
									
								
							| @ -1,12 +1,12 @@ | ||||
| #!/bin/sh | ||||
| cd "$(dirname -- "$0")" || exit 1 | ||||
| 
 | ||||
| install -vDm0755 "bin/hakurei" "${HAKUREI_INSTALL_PREFIX}/usr/bin/hakurei" | ||||
| install -vDm0755 "bin/fpkg" "${HAKUREI_INSTALL_PREFIX}/usr/bin/fpkg" | ||||
| install -vDm0755 "bin/fortify" "${FORTIFY_INSTALL_PREFIX}/usr/bin/fortify" | ||||
| install -vDm0755 "bin/fpkg" "${FORTIFY_INSTALL_PREFIX}/usr/bin/fpkg" | ||||
| 
 | ||||
| install -vDm6511 "bin/hsu" "${HAKUREI_INSTALL_PREFIX}/usr/bin/hsu" | ||||
| if [ ! -f "${HAKUREI_INSTALL_PREFIX}/etc/hsurc" ]; then | ||||
|     install -vDm0400 "hsurc.default" "${HAKUREI_INSTALL_PREFIX}/etc/hsurc" | ||||
| install -vDm6511 "bin/fsu" "${FORTIFY_INSTALL_PREFIX}/usr/bin/fsu" | ||||
| if [ ! -f "${FORTIFY_INSTALL_PREFIX}/etc/fsurc" ]; then | ||||
|     install -vDm0400 "fsurc.default" "${FORTIFY_INSTALL_PREFIX}/etc/fsurc" | ||||
| fi | ||||
| 
 | ||||
| install -vDm0644 "comp/_hakurei" "${HAKUREI_INSTALL_PREFIX}/usr/share/zsh/site-functions/_hakurei" | ||||
| install -vDm0644 "comp/_fortify" "${FORTIFY_INSTALL_PREFIX}/usr/share/zsh/site-functions/_fortify" | ||||
							
								
								
									
										14
									
								
								dist/release.sh
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										14
									
								
								dist/release.sh
									
									
									
									
										vendored
									
									
								
							| @ -1,18 +1,18 @@ | ||||
| #!/bin/sh -e | ||||
| cd "$(dirname -- "$0")/.." | ||||
| VERSION="${HAKUREI_VERSION:-untagged}" | ||||
| pname="hakurei-${VERSION}" | ||||
| VERSION="${FORTIFY_VERSION:-untagged}" | ||||
| pname="fortify-${VERSION}" | ||||
| out="dist/${pname}" | ||||
| 
 | ||||
| mkdir -p "${out}" | ||||
| cp -v "README.md" "dist/hsurc.default" "dist/install.sh" "${out}" | ||||
| cp -rv "dist/comp" "${out}" | ||||
| cp -v "README.md" "dist/fsurc.default" "dist/install.sh" "${out}" | ||||
| cp -rv "comp" "${out}" | ||||
| 
 | ||||
| go generate ./... | ||||
| go build -trimpath -v -o "${out}/bin/" -ldflags "-s -w -buildid= -extldflags '-static' | ||||
|   -X git.gensokyo.uk/security/hakurei/internal.version=${VERSION} | ||||
|   -X git.gensokyo.uk/security/hakurei/internal.hsu=/usr/bin/hsu | ||||
|   -X main.hmain=/usr/bin/hakurei | ||||
|   -X git.gensokyo.uk/security/fortify/internal.version=${VERSION} | ||||
|   -X git.gensokyo.uk/security/fortify/internal.fsu=/usr/bin/fsu | ||||
|   -X main.fmain=/usr/bin/fortify | ||||
|   -X main.fpkg=/usr/bin/fpkg" ./... | ||||
| 
 | ||||
| rm -f "./${out}.tar.gz" && tar -C dist -czf "${out}.tar.gz" "${pname}" | ||||
|  | ||||
							
								
								
									
										16
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										16
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							| @ -7,32 +7,32 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1748665073, | ||||
|         "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=", | ||||
|         "lastModified": 1746171682, | ||||
|         "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "home-manager", | ||||
|         "rev": "282e1e029cb6ab4811114fc85110613d72771dea", | ||||
|         "rev": "50eee705bbdbac942074a8c120e8194185633675", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-community", | ||||
|         "ref": "release-25.05", | ||||
|         "ref": "release-24.11", | ||||
|         "repo": "home-manager", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs": { | ||||
|       "locked": { | ||||
|         "lastModified": 1749024892, | ||||
|         "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", | ||||
|         "lastModified": 1746557022, | ||||
|         "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", | ||||
|         "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "NixOS", | ||||
|         "ref": "nixos-25.05", | ||||
|         "ref": "nixos-24.11", | ||||
|         "repo": "nixpkgs", | ||||
|         "type": "github" | ||||
|       } | ||||
|  | ||||
							
								
								
									
										36
									
								
								flake.nix
									
									
									
									
									
								
							
							
						
						
									
										36
									
								
								flake.nix
									
									
									
									
									
								
							| @ -1,11 +1,11 @@ | ||||
| { | ||||
|   description = "hakurei container tool and nixos module"; | ||||
|   description = "fortify sandbox tool and nixos module"; | ||||
| 
 | ||||
|   inputs = { | ||||
|     nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; | ||||
|     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; | ||||
| 
 | ||||
|     home-manager = { | ||||
|       url = "github:nix-community/home-manager/release-25.05"; | ||||
|       url = "github:nix-community/home-manager/release-24.11"; | ||||
|       inputs.nixpkgs.follows = "nixpkgs"; | ||||
|     }; | ||||
|   }; | ||||
| @ -27,7 +27,7 @@ | ||||
|       nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); | ||||
|     in | ||||
|     { | ||||
|       nixosModules.hakurei = import ./nixos.nix self.packages; | ||||
|       nixosModules.fortify = import ./nixos.nix self.packages; | ||||
| 
 | ||||
|       buildPackage = forAllSystems ( | ||||
|         system: | ||||
| @ -57,7 +57,7 @@ | ||||
|             ; | ||||
|         in | ||||
|         { | ||||
|           hakurei = callPackage ./test { inherit system self; }; | ||||
|           fortify = callPackage ./test { inherit system self; }; | ||||
|           race = callPackage ./test { | ||||
|             inherit system self; | ||||
|             withRace = true; | ||||
| @ -105,12 +105,12 @@ | ||||
|       packages = forAllSystems ( | ||||
|         system: | ||||
|         let | ||||
|           inherit (self.packages.${system}) hakurei hsu; | ||||
|           inherit (self.packages.${system}) fortify fsu; | ||||
|           pkgs = nixpkgsFor.${system}; | ||||
|         in | ||||
|         { | ||||
|           default = hakurei; | ||||
|           hakurei = pkgs.pkgsStatic.callPackage ./package.nix { | ||||
|           default = fortify; | ||||
|           fortify = pkgs.pkgsStatic.callPackage ./package.nix { | ||||
|             inherit (pkgs) | ||||
|               # passthru.buildInputs | ||||
|               go | ||||
| @ -131,20 +131,20 @@ | ||||
|               coreutils | ||||
|               ; | ||||
|           }; | ||||
|           hsu = pkgs.callPackage ./cmd/hsu/package.nix { inherit (self.packages.${system}) hakurei; }; | ||||
|           fsu = pkgs.callPackage ./cmd/fsu/package.nix { inherit (self.packages.${system}) fortify; }; | ||||
| 
 | ||||
|           dist = pkgs.runCommand "${hakurei.name}-dist" { buildInputs = hakurei.targetPkgs ++ [ pkgs.pkgsStatic.musl ]; } '' | ||||
|           dist = pkgs.runCommand "${fortify.name}-dist" { buildInputs = fortify.targetPkgs ++ [ pkgs.pkgsStatic.musl ]; } '' | ||||
|             # go requires XDG_CACHE_HOME for the build cache | ||||
|             export XDG_CACHE_HOME="$(mktemp -d)" | ||||
| 
 | ||||
|             # get a different workdir as go does not like /build | ||||
|             cd $(mktemp -d) \ | ||||
|                 && cp -r ${hakurei.src}/. . \ | ||||
|                 && chmod +w cmd && cp -r ${hsu.src}/. cmd/hsu/ \ | ||||
|                 && cp -r ${fortify.src}/. . \ | ||||
|                 && chmod +w cmd && cp -r ${fsu.src}/. cmd/fsu/ \ | ||||
|                 && chmod -R +w . | ||||
| 
 | ||||
|             export HAKUREI_VERSION="v${hakurei.version}" | ||||
|             ./dist/release.sh && mkdir $out && cp -v "dist/hakurei-$HAKUREI_VERSION.tar.gz"* $out | ||||
|             export FORTIFY_VERSION="v${fortify.version}" | ||||
|             ./dist/release.sh && mkdir $out && cp -v "dist/fortify-$FORTIFY_VERSION.tar.gz"* $out | ||||
|           ''; | ||||
|         } | ||||
|       ); | ||||
| @ -152,12 +152,12 @@ | ||||
|       devShells = forAllSystems ( | ||||
|         system: | ||||
|         let | ||||
|           inherit (self.packages.${system}) hakurei; | ||||
|           inherit (self.packages.${system}) fortify; | ||||
|           pkgs = nixpkgsFor.${system}; | ||||
|         in | ||||
|         { | ||||
|           default = pkgs.mkShell { buildInputs = hakurei.targetPkgs; }; | ||||
|           withPackage = pkgs.mkShell { buildInputs = [ hakurei ] ++ hakurei.targetPkgs; }; | ||||
|           default = pkgs.mkShell { buildInputs = fortify.targetPkgs; }; | ||||
|           withPackage = pkgs.mkShell { buildInputs = [ fortify ] ++ fortify.targetPkgs; }; | ||||
| 
 | ||||
|           generateDoc = | ||||
|             let | ||||
| @ -174,7 +174,7 @@ | ||||
|                   cleanEval = lib.filterAttrsRecursive (n: _: n != "_module") eval; | ||||
|                 in | ||||
|                 pkgs.nixosOptionsDoc { inherit (cleanEval) options; }; | ||||
|               docText = pkgs.runCommand "hakurei-module-docs.md" { } '' | ||||
|               docText = pkgs.runCommand "fortify-module-docs.md" { } '' | ||||
|                 cat ${doc.optionsCommonMark} > $out | ||||
|                 sed -i '/*Declared by:*/,+1 d' $out | ||||
|               ''; | ||||
|  | ||||
| @ -1,12 +1,12 @@ | ||||
| // Package hst exports shared types for invoking hakurei. | ||||
| package hst | ||||
| // Package fst exports shared fortify types. | ||||
| package fst | ||||
| 
 | ||||
| import ( | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| const Tmp = "/.hakurei" | ||||
| const Tmp = "/.fortify" | ||||
| 
 | ||||
| // Config is used to seal an app implementation. | ||||
| type Config struct { | ||||
| @ -1,7 +1,7 @@ | ||||
| package hst | ||||
| package fst | ||||
| 
 | ||||
| import ( | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| ) | ||||
| 
 | ||||
| type ( | ||||
| @ -1,4 +1,4 @@ | ||||
| package hst | ||||
| package fst | ||||
| 
 | ||||
| type Info struct { | ||||
| 	User int `json:"user"` | ||||
| @ -1,9 +1,9 @@ | ||||
| package hst | ||||
| package fst | ||||
| 
 | ||||
| import ( | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| // Template returns a fully populated instance of Config. | ||||
| @ -46,11 +46,11 @@ func Template() *Config { | ||||
| 
 | ||||
| 		Username: "chronos", | ||||
| 		Shell:    "/run/current-system/sw/bin/zsh", | ||||
| 		Data:     "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
| 		Data:     "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
| 		Dir:      "/data/data/org.chromium.Chromium", | ||||
| 		ExtraPerms: []*ExtraPermConfig{ | ||||
| 			{Path: "/var/lib/hakurei/u0", Ensure: true, Execute: true}, | ||||
| 			{Path: "/var/lib/hakurei/u0/org.chromium.Chromium", Read: true, Write: true, Execute: true}, | ||||
| 			{Path: "/var/lib/fortify/u0", Ensure: true, Execute: true}, | ||||
| 			{Path: "/var/lib/fortify/u0/org.chromium.Chromium", Read: true, Write: true, Execute: true}, | ||||
| 		}, | ||||
| 
 | ||||
| 		Identity: 9, | ||||
| @ -78,7 +78,7 @@ func Template() *Config { | ||||
| 				{Src: "/run/current-system"}, | ||||
| 				{Src: "/run/opengl-driver"}, | ||||
| 				{Src: "/var/db/nix-channels"}, | ||||
| 				{Src: "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
| 				{Src: "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
| 					Dst: "/data/data/org.chromium.Chromium", Write: true, Must: true}, | ||||
| 				{Src: "/dev/dri", Device: true}, | ||||
| 			}, | ||||
| @ -1,10 +1,10 @@ | ||||
| package hst_test | ||||
| package fst_test | ||||
| 
 | ||||
| import ( | ||||
| 	"encoding/json" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| ) | ||||
| 
 | ||||
| func TestTemplate(t *testing.T) { | ||||
| @ -57,16 +57,16 @@ func TestTemplate(t *testing.T) { | ||||
| 	}, | ||||
| 	"username": "chronos", | ||||
| 	"shell": "/run/current-system/sw/bin/zsh", | ||||
| 	"data": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
| 	"data": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
| 	"dir": "/data/data/org.chromium.Chromium", | ||||
| 	"extra_perms": [ | ||||
| 		{ | ||||
| 			"ensure": true, | ||||
| 			"path": "/var/lib/hakurei/u0", | ||||
| 			"path": "/var/lib/fortify/u0", | ||||
| 			"x": true | ||||
| 		}, | ||||
| 		{ | ||||
| 			"path": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
| 			"path": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
| 			"r": true, | ||||
| 			"w": true, | ||||
| 			"x": true | ||||
| @ -108,7 +108,7 @@ func TestTemplate(t *testing.T) { | ||||
| 			}, | ||||
| 			{ | ||||
| 				"dst": "/data/data/org.chromium.Chromium", | ||||
| 				"src": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
| 				"src": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
| 				"write": true, | ||||
| 				"require": true | ||||
| 			}, | ||||
| @ -131,7 +131,7 @@ func TestTemplate(t *testing.T) { | ||||
| 	} | ||||
| }` | ||||
| 
 | ||||
| 	if p, err := json.MarshalIndent(hst.Template(), "", "\t"); err != nil { | ||||
| 	if p, err := json.MarshalIndent(fst.Template(), "", "\t"); err != nil { | ||||
| 		t.Fatalf("cannot marshal: %v", err) | ||||
| 	} else if s := string(p); s != want { | ||||
| 		t.Fatalf("Template:\n%s\nwant:\n%s", | ||||
							
								
								
									
										4
									
								
								go.mod
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								go.mod
									
									
									
									
									
								
							| @ -1,3 +1,3 @@ | ||||
| module git.gensokyo.uk/security/hakurei | ||||
| module git.gensokyo.uk/security/fortify | ||||
| 
 | ||||
| go 1.24 | ||||
| go 1.23 | ||||
|  | ||||
| @ -7,7 +7,7 @@ import ( | ||||
| 	"syscall" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper" | ||||
| 	"git.gensokyo.uk/security/fortify/helper" | ||||
| ) | ||||
| 
 | ||||
| func TestArgsString(t *testing.T) { | ||||
|  | ||||
| @ -10,7 +10,7 @@ import ( | ||||
| 	"sync" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper/proc" | ||||
| 	"git.gensokyo.uk/security/fortify/helper/proc" | ||||
| ) | ||||
| 
 | ||||
| // NewDirect initialises a new direct Helper instance with wt as the null-terminated argument writer. | ||||
| @ -67,17 +67,17 @@ func (h *helperCmd) Start() error { | ||||
| 
 | ||||
| 	h.Env = slices.Grow(h.Env, 2) | ||||
| 	if h.useArgsFd { | ||||
| 		h.Env = append(h.Env, HakureiHelper+"=1") | ||||
| 		h.Env = append(h.Env, FortifyHelper+"=1") | ||||
| 	} else { | ||||
| 		h.Env = append(h.Env, HakureiHelper+"=0") | ||||
| 		h.Env = append(h.Env, FortifyHelper+"=0") | ||||
| 	} | ||||
| 	if h.useStatFd { | ||||
| 		h.Env = append(h.Env, HakureiStatus+"=1") | ||||
| 		h.Env = append(h.Env, FortifyStatus+"=1") | ||||
| 
 | ||||
| 		// stat is populated on fulfill | ||||
| 		h.Cancel = func() error { return h.stat.Close() } | ||||
| 	} else { | ||||
| 		h.Env = append(h.Env, HakureiStatus+"=0") | ||||
| 		h.Env = append(h.Env, FortifyStatus+"=0") | ||||
| 	} | ||||
| 
 | ||||
| 	return proc.Fulfill(h.helperFiles.ctx, &h.ExtraFiles, h.Cmd.Start, h.files, h.extraFiles) | ||||
|  | ||||
| @ -8,12 +8,12 @@ import ( | ||||
| 	"os/exec" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper" | ||||
| 	"git.gensokyo.uk/security/fortify/helper" | ||||
| ) | ||||
| 
 | ||||
| func TestCmd(t *testing.T) { | ||||
| 	t.Run("start non-existent helper path", func(t *testing.T) { | ||||
| 		h := helper.NewDirect(t.Context(), "/proc/nonexistent", argsWt, false, argF, nil, nil) | ||||
| 		h := helper.NewDirect(context.Background(), "/proc/nonexistent", argsWt, false, argF, nil, nil) | ||||
| 
 | ||||
| 		if err := h.Start(); !errors.Is(err, os.ErrNotExist) { | ||||
| 			t.Errorf("Start: error = %v, wantErr %v", | ||||
| @ -22,9 +22,9 @@ func TestCmd(t *testing.T) { | ||||
| 	}) | ||||
| 
 | ||||
| 	t.Run("valid new helper nil check", func(t *testing.T) { | ||||
| 		if got := helper.NewDirect(t.Context(), "hakurei", argsWt, false, argF, nil, nil); got == nil { | ||||
| 		if got := helper.NewDirect(context.TODO(), "fortify", argsWt, false, argF, nil, nil); got == nil { | ||||
| 			t.Errorf("NewDirect(%q, %q) got nil", | ||||
| 				argsWt, "hakurei") | ||||
| 				argsWt, "fortify") | ||||
| 			return | ||||
| 		} | ||||
| 	}) | ||||
|  | ||||
| @ -9,8 +9,8 @@ import ( | ||||
| 	"slices" | ||||
| 	"sync" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper/proc" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/helper/proc" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| ) | ||||
| 
 | ||||
| // New initialises a Helper instance with wt as the null-terminated argument writer. | ||||
| @ -54,17 +54,17 @@ func (h *helperContainer) Start() error { | ||||
| 
 | ||||
| 	h.Env = slices.Grow(h.Env, 2) | ||||
| 	if h.useArgsFd { | ||||
| 		h.Env = append(h.Env, HakureiHelper+"=1") | ||||
| 		h.Env = append(h.Env, FortifyHelper+"=1") | ||||
| 	} else { | ||||
| 		h.Env = append(h.Env, HakureiHelper+"=0") | ||||
| 		h.Env = append(h.Env, FortifyHelper+"=0") | ||||
| 	} | ||||
| 	if h.useStatFd { | ||||
| 		h.Env = append(h.Env, HakureiStatus+"=1") | ||||
| 		h.Env = append(h.Env, FortifyStatus+"=1") | ||||
| 
 | ||||
| 		// stat is populated on fulfill | ||||
| 		h.Cancel = func(*exec.Cmd) error { return h.stat.Close() } | ||||
| 	} else { | ||||
| 		h.Env = append(h.Env, HakureiStatus+"=0") | ||||
| 		h.Env = append(h.Env, FortifyStatus+"=0") | ||||
| 	} | ||||
| 
 | ||||
| 	return proc.Fulfill(h.helperFiles.ctx, &h.ExtraFiles, func() error { | ||||
|  | ||||
| @ -7,15 +7,15 @@ import ( | ||||
| 	"os/exec" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/helper" | ||||
| 	"git.gensokyo.uk/security/fortify/internal" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| ) | ||||
| 
 | ||||
| func TestContainer(t *testing.T) { | ||||
| 	t.Run("start empty container", func(t *testing.T) { | ||||
| 		h := helper.New(t.Context(), "/nonexistent", argsWt, false, argF, nil, nil) | ||||
| 		h := helper.New(context.Background(), "/nonexistent", argsWt, false, argF, nil, nil) | ||||
| 
 | ||||
| 		wantErr := "sandbox: starting an empty container" | ||||
| 		if err := h.Start(); err == nil || err.Error() != wantErr { | ||||
| @ -25,9 +25,9 @@ func TestContainer(t *testing.T) { | ||||
| 	}) | ||||
| 
 | ||||
| 	t.Run("valid new helper nil check", func(t *testing.T) { | ||||
| 		if got := helper.New(t.Context(), "hakurei", argsWt, false, argF, nil, nil); got == nil { | ||||
| 		if got := helper.New(context.TODO(), "fortify", argsWt, false, argF, nil, nil); got == nil { | ||||
| 			t.Errorf("New(%q, %q) got nil", | ||||
| 				argsWt, "hakurei") | ||||
| 				argsWt, "fortify") | ||||
| 			return | ||||
| 		} | ||||
| 	}) | ||||
| @ -52,6 +52,6 @@ func TestHelperInit(t *testing.T) { | ||||
| 	if len(os.Args) != 5 || os.Args[4] != "init" { | ||||
| 		return | ||||
| 	} | ||||
| 	sandbox.SetOutput(hlog.Output{}) | ||||
| 	sandbox.Init(hlog.Prepare, func(bool) { internal.InstallFmsg(false) }) | ||||
| 	sandbox.SetOutput(fmsg.Output{}) | ||||
| 	sandbox.Init(fmsg.Prepare, func(bool) { internal.InstallFmsg(false) }) | ||||
| } | ||||
|  | ||||
| @ -8,16 +8,16 @@ import ( | ||||
| 	"os" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper/proc" | ||||
| 	"git.gensokyo.uk/security/fortify/helper/proc" | ||||
| ) | ||||
| 
 | ||||
| var WaitDelay = 2 * time.Second | ||||
| 
 | ||||
| const ( | ||||
| 	// HakureiHelper is set to 1 when args fd is enabled and 0 otherwise. | ||||
| 	HakureiHelper = "HAKUREI_HELPER" | ||||
| 	// HakureiStatus is set to 1 when stat fd is enabled and 0 otherwise. | ||||
| 	HakureiStatus = "HAKUREI_STATUS" | ||||
| 	// FortifyHelper is set to 1 when args fd is enabled and 0 otherwise. | ||||
| 	FortifyHelper = "FORTIFY_HELPER" | ||||
| 	// FortifyStatus is set to 1 when stat fd is enabled and 0 otherwise. | ||||
| 	FortifyStatus = "FORTIFY_STATUS" | ||||
| ) | ||||
| 
 | ||||
| type Helper interface { | ||||
|  | ||||
| @ -11,13 +11,13 @@ import ( | ||||
| 	"testing" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper" | ||||
| 	"git.gensokyo.uk/security/fortify/helper" | ||||
| ) | ||||
| 
 | ||||
| var ( | ||||
| 	wantArgs = []string{ | ||||
| 		"unix:path=/run/dbus/system_bus_socket", | ||||
| 		"/tmp/hakurei.1971/12622d846cc3fe7b4c10359d01f0eb47/system_bus_socket", | ||||
| 		"/tmp/fortify.1971/12622d846cc3fe7b4c10359d01f0eb47/system_bus_socket", | ||||
| 		"--filter", | ||||
| 		"--talk=org.bluez", | ||||
| 		"--talk=org.freedesktop.Avahi", | ||||
| @ -55,7 +55,7 @@ func testHelper(t *testing.T, createHelper func(ctx context.Context, setOutput f | ||||
| 	t.Cleanup(func() { helper.WaitDelay = oldWaitDelay }) | ||||
| 
 | ||||
| 	t.Run("start helper with status channel and wait", func(t *testing.T) { | ||||
| 		ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second) | ||||
| 		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) | ||||
| 		stdout := new(strings.Builder) | ||||
| 		h := createHelper(ctx, func(stdoutP, stderrP *io.Writer) { *stdoutP, *stderrP = stdout, os.Stderr }, true) | ||||
| 
 | ||||
| @ -109,7 +109,7 @@ func testHelper(t *testing.T, createHelper func(ctx context.Context, setOutput f | ||||
| 	}) | ||||
| 
 | ||||
| 	t.Run("start helper and wait", func(t *testing.T) { | ||||
| 		ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second) | ||||
| 		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) | ||||
| 		defer cancel() | ||||
| 		stdout := new(strings.Builder) | ||||
| 		h := createHelper(ctx, func(stdoutP, stderrP *io.Writer) { *stdoutP, *stderrP = stdout, os.Stderr }, false) | ||||
|  | ||||
| @ -14,13 +14,13 @@ import ( | ||||
| func InternalHelperStub() { | ||||
| 	// this test mocks the helper process | ||||
| 	var ap, sp string | ||||
| 	if v, ok := os.LookupEnv(HakureiHelper); !ok { | ||||
| 	if v, ok := os.LookupEnv(FortifyHelper); !ok { | ||||
| 		return | ||||
| 	} else { | ||||
| 		ap = v | ||||
| 	} | ||||
| 	if v, ok := os.LookupEnv(HakureiStatus); !ok { | ||||
| 		panic(HakureiStatus) | ||||
| 	if v, ok := os.LookupEnv(FortifyStatus); !ok { | ||||
| 		panic(FortifyStatus) | ||||
| 	} else { | ||||
| 		sp = v | ||||
| 	} | ||||
|  | ||||
| @ -3,7 +3,7 @@ package helper_test | ||||
| import ( | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/helper" | ||||
| 	"git.gensokyo.uk/security/fortify/helper" | ||||
| ) | ||||
| 
 | ||||
| func TestHelperStub(t *testing.T) { helper.InternalHelperStub() } | ||||
|  | ||||
| @ -5,7 +5,7 @@ import ( | ||||
| 	"syscall" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| ) | ||||
| 
 | ||||
| type App interface { | ||||
| @ -14,7 +14,7 @@ type App interface { | ||||
| 
 | ||||
| 	// Seal determines the outcome of config as a [SealedApp]. | ||||
| 	// The value of config might be overwritten and must not be used again. | ||||
| 	Seal(config *hst.Config) (SealedApp, error) | ||||
| 	Seal(config *fst.Config) (SealedApp, error) | ||||
| 
 | ||||
| 	String() string | ||||
| } | ||||
| @ -48,12 +48,12 @@ func (rs *RunState) SetStart() { | ||||
| 	rs.Time = &now | ||||
| } | ||||
| 
 | ||||
| // Paths contains environment-dependent paths used by hakurei. | ||||
| // Paths contains environment-dependent paths used by fortify. | ||||
| type Paths struct { | ||||
| 	// path to shared directory (usually `/tmp/hakurei.%d`) | ||||
| 	// path to shared directory (usually `/tmp/fortify.%d`) | ||||
| 	SharePath string `json:"share_path"` | ||||
| 	// XDG_RUNTIME_DIR value (usually `/run/user/%d`) | ||||
| 	RuntimePath string `json:"runtime_path"` | ||||
| 	// application runtime directory (usually `/run/user/%d/hakurei`) | ||||
| 	// application runtime directory (usually `/run/user/%d/fortify`) | ||||
| 	RunDirPath string `json:"run_dir_path"` | ||||
| } | ||||
|  | ||||
| @ -4,7 +4,7 @@ import ( | ||||
| 	"errors" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	. "git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	. "git.gensokyo.uk/security/fortify/internal/app" | ||||
| ) | ||||
| 
 | ||||
| func TestParseAppID(t *testing.T) { | ||||
|  | ||||
| @ -8,20 +8,20 @@ import ( | ||||
| 	"path" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/sys" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/sys" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| ) | ||||
| 
 | ||||
| // in practice there should be less than 30 entries added by the runtime; | ||||
| // allocating slightly more as a margin for future expansion | ||||
| const preallocateOpsCount = 1 << 5 | ||||
| 
 | ||||
| // NewContainer initialises [sandbox.Params] via [hst.ContainerConfig]. | ||||
| // NewContainer initialises [sandbox.Params] via [fst.ContainerConfig]. | ||||
| // Note that remaining container setup must be queued by the caller. | ||||
| func NewContainer(s *hst.ContainerConfig, os sys.State, uid, gid *int) (*sandbox.Params, map[string]string, error) { | ||||
| func NewContainer(s *fst.ContainerConfig, os sys.State, uid, gid *int) (*sandbox.Params, map[string]string, error) { | ||||
| 	if s == nil { | ||||
| 		return nil, nil, syscall.EBADE | ||||
| 	} | ||||
| @ -67,7 +67,7 @@ func NewContainer(s *hst.ContainerConfig, os sys.State, uid, gid *int) (*sandbox | ||||
| 
 | ||||
| 	container. | ||||
| 		Proc("/proc"). | ||||
| 		Tmpfs(hst.Tmp, 1<<12, 0755) | ||||
| 		Tmpfs(fst.Tmp, 1<<12, 0755) | ||||
| 
 | ||||
| 	if !s.Device { | ||||
| 		container.Dev("/dev").Mqueue("/dev/mqueue") | ||||
|  | ||||
| @ -3,8 +3,8 @@ package instance | ||||
| import ( | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app/internal/setuid" | ||||
| ) | ||||
| 
 | ||||
| func PrintRunStateErr(whence int, rs *app.RunState, runErr error) (code int) { | ||||
|  | ||||
| @ -6,9 +6,9 @@ import ( | ||||
| 	"log" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/sys" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app/internal/setuid" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/sys" | ||||
| ) | ||||
| 
 | ||||
| const ( | ||||
|  | ||||
| @ -1,6 +1,6 @@ | ||||
| package instance | ||||
| 
 | ||||
| import "git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" | ||||
| import "git.gensokyo.uk/security/fortify/internal/app/internal/setuid" | ||||
| 
 | ||||
| // ShimMain is the main function of the shim process and runs as the unconstrained target user. | ||||
| func ShimMain() { setuid.ShimMain() } | ||||
|  | ||||
| @ -5,10 +5,10 @@ import ( | ||||
| 	"fmt" | ||||
| 	"sync" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	. "git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/sys" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	. "git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/sys" | ||||
| ) | ||||
| 
 | ||||
| func New(ctx context.Context, os sys.State) (App, error) { | ||||
| @ -52,7 +52,7 @@ func (a *app) String() string { | ||||
| 	return fmt.Sprintf("(unsealed app %s)", a.id) | ||||
| } | ||||
| 
 | ||||
| func (a *app) Seal(config *hst.Config) (SealedApp, error) { | ||||
| func (a *app) Seal(config *fst.Config) (SealedApp, error) { | ||||
| 	a.mu.Lock() | ||||
| 	defer a.mu.Unlock() | ||||
| 
 | ||||
| @ -60,7 +60,7 @@ func (a *app) Seal(config *hst.Config) (SealedApp, error) { | ||||
| 		panic("app sealed twice") | ||||
| 	} | ||||
| 	if config == nil { | ||||
| 		return nil, hlog.WrapErr(ErrConfig, | ||||
| 		return nil, fmsg.WrapError(ErrConfig, | ||||
| 			"attempted to seal app with nil config") | ||||
| 	} | ||||
| 
 | ||||
|  | ||||
| @ -1,25 +1,25 @@ | ||||
| package setuid_test | ||||
| 
 | ||||
| import ( | ||||
| 	"git.gensokyo.uk/security/hakurei/acl" | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	"git.gensokyo.uk/security/fortify/acl" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| var testCasesNixos = []sealTestCase{ | ||||
| 	{ | ||||
| 		"nixos chromium direct wayland", new(stubNixOS), | ||||
| 		&hst.Config{ | ||||
| 		&fst.Config{ | ||||
| 			ID:          "org.chromium.Chromium", | ||||
| 			Path:        "/nix/store/yqivzpzzn7z5x0lq9hmbzygh45d8rhqd-chromium-start", | ||||
| 			Enablements: system.EWayland | system.EDBus | system.EPulse, | ||||
| 
 | ||||
| 			Container: &hst.ContainerConfig{ | ||||
| 			Container: &fst.ContainerConfig{ | ||||
| 				Userns: true, Net: true, MapRealUID: true, Env: nil, AutoEtc: true, | ||||
| 				Filesystem: []*hst.FilesystemConfig{ | ||||
| 				Filesystem: []*fst.FilesystemConfig{ | ||||
| 					{Src: "/bin", Must: true}, {Src: "/usr/bin", Must: true}, | ||||
| 					{Src: "/nix/store", Must: true}, {Src: "/run/current-system", Must: true}, | ||||
| 					{Src: "/sys/block"}, {Src: "/sys/bus"}, {Src: "/sys/class"}, {Src: "/sys/dev"}, {Src: "/sys/devices"}, | ||||
| @ -48,7 +48,7 @@ var testCasesNixos = []sealTestCase{ | ||||
| 			DirectWayland: true, | ||||
| 
 | ||||
| 			Username: "u0_a1", | ||||
| 			Data:     "/var/lib/persist/module/hakurei/0/1", | ||||
| 			Data:     "/var/lib/persist/module/fortify/0/1", | ||||
| 			Identity: 1, Groups: []string{}, | ||||
| 		}, | ||||
| 		app.ID{ | ||||
| @ -58,19 +58,17 @@ var testCasesNixos = []sealTestCase{ | ||||
| 			0xb4, 0x6e, 0xb5, 0xc1, | ||||
| 		}, | ||||
| 		system.New(1000001). | ||||
| 			Ensure("/tmp/hakurei.1971", 0711). | ||||
| 			Ensure("/tmp/hakurei.1971/runtime", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime", acl.Execute). | ||||
| 			Ensure("/tmp/hakurei.1971/runtime/1", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime/1", acl.Read, acl.Write, acl.Execute). | ||||
| 			Ensure("/tmp/hakurei.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir", acl.Execute). | ||||
| 			Ensure("/tmp/hakurei.1971/tmpdir/1", 01700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir/1", acl.Read, acl.Write, acl.Execute). | ||||
| 			Ensure("/run/user/1971/hakurei", 0700).UpdatePermType(system.User, "/run/user/1971/hakurei", acl.Execute). | ||||
| 			Ensure("/tmp/fortify.1971", 0711). | ||||
| 			Ensure("/tmp/fortify.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir", acl.Execute). | ||||
| 			Ensure("/tmp/fortify.1971/tmpdir/1", 01700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir/1", acl.Read, acl.Write, acl.Execute). | ||||
| 			Ensure("/run/user/1971/fortify", 0700).UpdatePermType(system.User, "/run/user/1971/fortify", acl.Execute). | ||||
| 			Ensure("/run/user/1971", 0700).UpdatePermType(system.User, "/run/user/1971", acl.Execute). // this is ordered as is because the previous Ensure only calls mkdir if XDG_RUNTIME_DIR is unset | ||||
| 			UpdatePermType(system.EWayland, "/run/user/1971/wayland-0", acl.Read, acl.Write, acl.Execute). | ||||
| 			Ephemeral(system.Process, "/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1", 0700).UpdatePermType(system.Process, "/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1", acl.Execute). | ||||
| 			Link("/run/user/1971/pulse/native", "/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1/pulse"). | ||||
| 			Ephemeral(system.Process, "/run/user/1971/fortify/8e2c76b066dabe574cf073bdb46eb5c1", 0700).UpdatePermType(system.Process, "/run/user/1971/fortify/8e2c76b066dabe574cf073bdb46eb5c1", acl.Execute). | ||||
| 			Link("/run/user/1971/pulse/native", "/run/user/1971/fortify/8e2c76b066dabe574cf073bdb46eb5c1/pulse"). | ||||
| 			CopyFile(nil, "/home/ophestra/xdg/config/pulse/cookie", 256, 256). | ||||
| 			Ephemeral(system.Process, "/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1", 0711). | ||||
| 			MustProxyDBus("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", &dbus.Config{ | ||||
| 			Ephemeral(system.Process, "/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1", 0711). | ||||
| 			MustProxyDBus("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", &dbus.Config{ | ||||
| 				Talk: []string{ | ||||
| 					"org.freedesktop.FileManager1", "org.freedesktop.Notifications", | ||||
| 					"org.freedesktop.ScreenSaver", "org.freedesktop.secrets", | ||||
| @ -83,7 +81,7 @@ var testCasesNixos = []sealTestCase{ | ||||
| 				}, | ||||
| 				Call: map[string]string{}, Broadcast: map[string]string{}, | ||||
| 				Filter: true, | ||||
| 			}, "/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", &dbus.Config{ | ||||
| 			}, "/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", &dbus.Config{ | ||||
| 				Talk: []string{ | ||||
| 					"org.bluez", | ||||
| 					"org.freedesktop.Avahi", | ||||
| @ -91,20 +89,20 @@ var testCasesNixos = []sealTestCase{ | ||||
| 				}, | ||||
| 				Filter: true, | ||||
| 			}). | ||||
| 			UpdatePerm("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", acl.Read, acl.Write). | ||||
| 			UpdatePerm("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", acl.Read, acl.Write), | ||||
| 			UpdatePerm("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", acl.Read, acl.Write). | ||||
| 			UpdatePerm("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", acl.Read, acl.Write), | ||||
| 		&sandbox.Params{ | ||||
| 			Uid:   1971, | ||||
| 			Gid:   100, | ||||
| 			Flags: sandbox.FAllowNet | sandbox.FAllowUserns, | ||||
| 			Dir:   "/var/lib/persist/module/hakurei/0/1", | ||||
| 			Dir:   "/var/lib/persist/module/fortify/0/1", | ||||
| 			Path:  "/nix/store/yqivzpzzn7z5x0lq9hmbzygh45d8rhqd-chromium-start", | ||||
| 			Args:  []string{"/nix/store/yqivzpzzn7z5x0lq9hmbzygh45d8rhqd-chromium-start"}, | ||||
| 			Env: []string{ | ||||
| 				"DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1971/bus", | ||||
| 				"DBUS_SYSTEM_BUS_ADDRESS=unix:path=/run/dbus/system_bus_socket", | ||||
| 				"HOME=/var/lib/persist/module/hakurei/0/1", | ||||
| 				"PULSE_COOKIE=" + hst.Tmp + "/pulse-cookie", | ||||
| 				"HOME=/var/lib/persist/module/fortify/0/1", | ||||
| 				"PULSE_COOKIE=" + fst.Tmp + "/pulse-cookie", | ||||
| 				"PULSE_SERVER=unix:/run/user/1971/pulse/native", | ||||
| 				"SHELL=/run/current-system/sw/bin/zsh", | ||||
| 				"TERM=xterm-256color", | ||||
| @ -116,7 +114,7 @@ var testCasesNixos = []sealTestCase{ | ||||
| 			}, | ||||
| 			Ops: new(sandbox.Ops). | ||||
| 				Proc("/proc"). | ||||
| 				Tmpfs(hst.Tmp, 4096, 0755). | ||||
| 				Tmpfs(fst.Tmp, 4096, 0755). | ||||
| 				Dev("/dev").Mqueue("/dev/mqueue"). | ||||
| 				Bind("/bin", "/bin", 0). | ||||
| 				Bind("/usr/bin", "/usr/bin", 0). | ||||
| @ -131,16 +129,16 @@ var testCasesNixos = []sealTestCase{ | ||||
| 				Bind("/dev/dri", "/dev/dri", sandbox.BindDevice|sandbox.BindWritable|sandbox.BindOptional). | ||||
| 				Etc("/etc", "8e2c76b066dabe574cf073bdb46eb5c1"). | ||||
| 				Tmpfs("/run/user", 4096, 0755). | ||||
| 				Bind("/tmp/hakurei.1971/runtime/1", "/run/user/1971", sandbox.BindWritable). | ||||
| 				Bind("/tmp/hakurei.1971/tmpdir/1", "/tmp", sandbox.BindWritable). | ||||
| 				Bind("/var/lib/persist/module/hakurei/0/1", "/var/lib/persist/module/hakurei/0/1", sandbox.BindWritable). | ||||
| 				Place("/etc/passwd", []byte("u0_a1:x:1971:100:Hakurei:/var/lib/persist/module/hakurei/0/1:/run/current-system/sw/bin/zsh\n")). | ||||
| 				Place("/etc/group", []byte("hakurei:x:100:\n")). | ||||
| 				Tmpfs("/run/user/1971", 8388608, 0700). | ||||
| 				Bind("/tmp/fortify.1971/tmpdir/1", "/tmp", sandbox.BindWritable). | ||||
| 				Bind("/var/lib/persist/module/fortify/0/1", "/var/lib/persist/module/fortify/0/1", sandbox.BindWritable). | ||||
| 				Place("/etc/passwd", []byte("u0_a1:x:1971:100:Fortify:/var/lib/persist/module/fortify/0/1:/run/current-system/sw/bin/zsh\n")). | ||||
| 				Place("/etc/group", []byte("fortify:x:100:\n")). | ||||
| 				Bind("/run/user/1971/wayland-0", "/run/user/1971/wayland-0", 0). | ||||
| 				Bind("/run/user/1971/hakurei/8e2c76b066dabe574cf073bdb46eb5c1/pulse", "/run/user/1971/pulse/native", 0). | ||||
| 				Place(hst.Tmp+"/pulse-cookie", nil). | ||||
| 				Bind("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", "/run/user/1971/bus", 0). | ||||
| 				Bind("/tmp/hakurei.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", "/run/dbus/system_bus_socket", 0). | ||||
| 				Bind("/run/user/1971/fortify/8e2c76b066dabe574cf073bdb46eb5c1/pulse", "/run/user/1971/pulse/native", 0). | ||||
| 				Place(fst.Tmp+"/pulse-cookie", nil). | ||||
| 				Bind("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/bus", "/run/user/1971/bus", 0). | ||||
| 				Bind("/tmp/fortify.1971/8e2c76b066dabe574cf073bdb46eb5c1/system_bus_socket", "/run/dbus/system_bus_socket", 0). | ||||
| 				Tmpfs("/var/run/nscd", 8192, 0755), | ||||
| 		}, | ||||
| 	}, | ||||
|  | ||||
| @ -3,18 +3,18 @@ package setuid_test | ||||
| import ( | ||||
| 	"os" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/acl" | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	"git.gensokyo.uk/security/fortify/acl" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| var testCasesPd = []sealTestCase{ | ||||
| 	{ | ||||
| 		"nixos permissive defaults no enablements", new(stubNixOS), | ||||
| 		&hst.Config{Username: "chronos", Data: "/home/chronos"}, | ||||
| 		&fst.Config{Username: "chronos", Data: "/home/chronos"}, | ||||
| 		app.ID{ | ||||
| 			0x4a, 0x45, 0x0b, 0x65, | ||||
| 			0x96, 0xd7, 0xbc, 0x15, | ||||
| @ -22,11 +22,9 @@ var testCasesPd = []sealTestCase{ | ||||
| 			0xb9, 0xa6, 0x07, 0xac, | ||||
| 		}, | ||||
| 		system.New(1000000). | ||||
| 			Ensure("/tmp/hakurei.1971", 0711). | ||||
| 			Ensure("/tmp/hakurei.1971/runtime", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime", acl.Execute). | ||||
| 			Ensure("/tmp/hakurei.1971/runtime/0", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime/0", acl.Read, acl.Write, acl.Execute). | ||||
| 			Ensure("/tmp/hakurei.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir", acl.Execute). | ||||
| 			Ensure("/tmp/hakurei.1971/tmpdir/0", 01700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir/0", acl.Read, acl.Write, acl.Execute), | ||||
| 			Ensure("/tmp/fortify.1971", 0711). | ||||
| 			Ensure("/tmp/fortify.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir", acl.Execute). | ||||
| 			Ensure("/tmp/fortify.1971/tmpdir/0", 01700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir/0", acl.Read, acl.Write, acl.Execute), | ||||
| 		&sandbox.Params{ | ||||
| 			Flags: sandbox.FAllowNet | sandbox.FAllowUserns | sandbox.FAllowTTY, | ||||
| 			Dir:   "/home/chronos", | ||||
| @ -43,7 +41,7 @@ var testCasesPd = []sealTestCase{ | ||||
| 			}, | ||||
| 			Ops: new(sandbox.Ops). | ||||
| 				Proc("/proc"). | ||||
| 				Tmpfs(hst.Tmp, 4096, 0755). | ||||
| 				Tmpfs(fst.Tmp, 4096, 0755). | ||||
| 				Dev("/dev").Mqueue("/dev/mqueue"). | ||||
| 				Bind("/bin", "/bin", sandbox.BindWritable). | ||||
| 				Bind("/boot", "/boot", sandbox.BindWritable). | ||||
| @ -62,17 +60,17 @@ var testCasesPd = []sealTestCase{ | ||||
| 				Tmpfs("/run/dbus", 8192, 0755). | ||||
| 				Etc("/etc", "4a450b6596d7bc15bd01780eb9a607ac"). | ||||
| 				Tmpfs("/run/user", 4096, 0755). | ||||
| 				Bind("/tmp/hakurei.1971/runtime/0", "/run/user/65534", sandbox.BindWritable). | ||||
| 				Bind("/tmp/hakurei.1971/tmpdir/0", "/tmp", sandbox.BindWritable). | ||||
| 				Tmpfs("/run/user/65534", 8388608, 0700). | ||||
| 				Bind("/tmp/fortify.1971/tmpdir/0", "/tmp", sandbox.BindWritable). | ||||
| 				Bind("/home/chronos", "/home/chronos", sandbox.BindWritable). | ||||
| 				Place("/etc/passwd", []byte("chronos:x:65534:65534:Hakurei:/home/chronos:/run/current-system/sw/bin/zsh\n")). | ||||
| 				Place("/etc/group", []byte("hakurei:x:65534:\n")). | ||||
| 				Place("/etc/passwd", []byte("chronos:x:65534:65534:Fortify:/home/chronos:/run/current-system/sw/bin/zsh\n")). | ||||
| 				Place("/etc/group", []byte("fortify:x:65534:\n")). | ||||
| 				Tmpfs("/var/run/nscd", 8192, 0755), | ||||
| 		}, | ||||
| 	}, | ||||
| 	{ | ||||
| 		"nixos permissive defaults chromium", new(stubNixOS), | ||||
| 		&hst.Config{ | ||||
| 		&fst.Config{ | ||||
| 			ID:       "org.chromium.Chromium", | ||||
| 			Args:     []string{"zsh", "-c", "exec chromium "}, | ||||
| 			Identity: 9, | ||||
| @ -119,19 +117,17 @@ var testCasesPd = []sealTestCase{ | ||||
| 			0x9b, 0x64, 0xce, 0x7c, | ||||
| 		}, | ||||
| 		system.New(1000009). | ||||
| 			Ensure("/tmp/hakurei.1971", 0711). | ||||
| 			Ensure("/tmp/hakurei.1971/runtime", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime", acl.Execute). | ||||
| 			Ensure("/tmp/hakurei.1971/runtime/9", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/runtime/9", acl.Read, acl.Write, acl.Execute). | ||||
| 			Ensure("/tmp/hakurei.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir", acl.Execute). | ||||
| 			Ensure("/tmp/hakurei.1971/tmpdir/9", 01700).UpdatePermType(system.User, "/tmp/hakurei.1971/tmpdir/9", acl.Read, acl.Write, acl.Execute). | ||||
| 			Ephemeral(system.Process, "/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c", 0711). | ||||
| 			Wayland(new(*os.File), "/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/wayland", "/run/user/1971/wayland-0", "org.chromium.Chromium", "ebf083d1b175911782d413369b64ce7c"). | ||||
| 			Ensure("/run/user/1971/hakurei", 0700).UpdatePermType(system.User, "/run/user/1971/hakurei", acl.Execute). | ||||
| 			Ensure("/tmp/fortify.1971", 0711). | ||||
| 			Ensure("/tmp/fortify.1971/tmpdir", 0700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir", acl.Execute). | ||||
| 			Ensure("/tmp/fortify.1971/tmpdir/9", 01700).UpdatePermType(system.User, "/tmp/fortify.1971/tmpdir/9", acl.Read, acl.Write, acl.Execute). | ||||
| 			Ephemeral(system.Process, "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c", 0711). | ||||
| 			Wayland(new(*os.File), "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/wayland", "/run/user/1971/wayland-0", "org.chromium.Chromium", "ebf083d1b175911782d413369b64ce7c"). | ||||
| 			Ensure("/run/user/1971/fortify", 0700).UpdatePermType(system.User, "/run/user/1971/fortify", acl.Execute). | ||||
| 			Ensure("/run/user/1971", 0700).UpdatePermType(system.User, "/run/user/1971", acl.Execute). // this is ordered as is because the previous Ensure only calls mkdir if XDG_RUNTIME_DIR is unset | ||||
| 			Ephemeral(system.Process, "/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c", 0700).UpdatePermType(system.Process, "/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c", acl.Execute). | ||||
| 			Link("/run/user/1971/pulse/native", "/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c/pulse"). | ||||
| 			Ephemeral(system.Process, "/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c", 0700).UpdatePermType(system.Process, "/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c", acl.Execute). | ||||
| 			Link("/run/user/1971/pulse/native", "/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c/pulse"). | ||||
| 			CopyFile(new([]byte), "/home/ophestra/xdg/config/pulse/cookie", 256, 256). | ||||
| 			MustProxyDBus("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/bus", &dbus.Config{ | ||||
| 			MustProxyDBus("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/bus", &dbus.Config{ | ||||
| 				Talk: []string{ | ||||
| 					"org.freedesktop.Notifications", | ||||
| 					"org.freedesktop.FileManager1", | ||||
| @ -153,7 +149,7 @@ var testCasesPd = []sealTestCase{ | ||||
| 					"org.freedesktop.portal.*": "@/org/freedesktop/portal/*", | ||||
| 				}, | ||||
| 				Filter: true, | ||||
| 			}, "/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", &dbus.Config{ | ||||
| 			}, "/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", &dbus.Config{ | ||||
| 				Talk: []string{ | ||||
| 					"org.bluez", | ||||
| 					"org.freedesktop.Avahi", | ||||
| @ -161,8 +157,8 @@ var testCasesPd = []sealTestCase{ | ||||
| 				}, | ||||
| 				Filter: true, | ||||
| 			}). | ||||
| 			UpdatePerm("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/bus", acl.Read, acl.Write). | ||||
| 			UpdatePerm("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", acl.Read, acl.Write), | ||||
| 			UpdatePerm("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/bus", acl.Read, acl.Write). | ||||
| 			UpdatePerm("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", acl.Read, acl.Write), | ||||
| 		&sandbox.Params{ | ||||
| 			Flags: sandbox.FAllowNet | sandbox.FAllowUserns | sandbox.FAllowTTY, | ||||
| 			Dir:   "/home/chronos", | ||||
| @ -172,7 +168,7 @@ var testCasesPd = []sealTestCase{ | ||||
| 				"DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/65534/bus", | ||||
| 				"DBUS_SYSTEM_BUS_ADDRESS=unix:path=/run/dbus/system_bus_socket", | ||||
| 				"HOME=/home/chronos", | ||||
| 				"PULSE_COOKIE=" + hst.Tmp + "/pulse-cookie", | ||||
| 				"PULSE_COOKIE=" + fst.Tmp + "/pulse-cookie", | ||||
| 				"PULSE_SERVER=unix:/run/user/65534/pulse/native", | ||||
| 				"SHELL=/run/current-system/sw/bin/zsh", | ||||
| 				"TERM=xterm-256color", | ||||
| @ -184,7 +180,7 @@ var testCasesPd = []sealTestCase{ | ||||
| 			}, | ||||
| 			Ops: new(sandbox.Ops). | ||||
| 				Proc("/proc"). | ||||
| 				Tmpfs(hst.Tmp, 4096, 0755). | ||||
| 				Tmpfs(fst.Tmp, 4096, 0755). | ||||
| 				Dev("/dev").Mqueue("/dev/mqueue"). | ||||
| 				Bind("/bin", "/bin", sandbox.BindWritable). | ||||
| 				Bind("/boot", "/boot", sandbox.BindWritable). | ||||
| @ -204,16 +200,16 @@ var testCasesPd = []sealTestCase{ | ||||
| 				Tmpfs("/run/dbus", 8192, 0755). | ||||
| 				Etc("/etc", "ebf083d1b175911782d413369b64ce7c"). | ||||
| 				Tmpfs("/run/user", 4096, 0755). | ||||
| 				Bind("/tmp/hakurei.1971/runtime/9", "/run/user/65534", sandbox.BindWritable). | ||||
| 				Bind("/tmp/hakurei.1971/tmpdir/9", "/tmp", sandbox.BindWritable). | ||||
| 				Tmpfs("/run/user/65534", 8388608, 0700). | ||||
| 				Bind("/tmp/fortify.1971/tmpdir/9", "/tmp", sandbox.BindWritable). | ||||
| 				Bind("/home/chronos", "/home/chronos", sandbox.BindWritable). | ||||
| 				Place("/etc/passwd", []byte("chronos:x:65534:65534:Hakurei:/home/chronos:/run/current-system/sw/bin/zsh\n")). | ||||
| 				Place("/etc/group", []byte("hakurei:x:65534:\n")). | ||||
| 				Bind("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/wayland", "/run/user/65534/wayland-0", 0). | ||||
| 				Bind("/run/user/1971/hakurei/ebf083d1b175911782d413369b64ce7c/pulse", "/run/user/65534/pulse/native", 0). | ||||
| 				Place(hst.Tmp+"/pulse-cookie", nil). | ||||
| 				Bind("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/bus", "/run/user/65534/bus", 0). | ||||
| 				Bind("/tmp/hakurei.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", "/run/dbus/system_bus_socket", 0). | ||||
| 				Place("/etc/passwd", []byte("chronos:x:65534:65534:Fortify:/home/chronos:/run/current-system/sw/bin/zsh\n")). | ||||
| 				Place("/etc/group", []byte("fortify:x:65534:\n")). | ||||
| 				Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/wayland", "/run/user/65534/wayland-0", 0). | ||||
| 				Bind("/run/user/1971/fortify/ebf083d1b175911782d413369b64ce7c/pulse", "/run/user/65534/pulse/native", 0). | ||||
| 				Place(fst.Tmp+"/pulse-cookie", nil). | ||||
| 				Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/bus", "/run/user/65534/bus", 0). | ||||
| 				Bind("/tmp/fortify.1971/ebf083d1b175911782d413369b64ce7c/system_bus_socket", "/run/dbus/system_bus_socket", 0). | ||||
| 				Tmpfs("/var/run/nscd", 8192, 0755), | ||||
| 		}, | ||||
| 	}, | ||||
|  | ||||
| @ -7,7 +7,7 @@ import ( | ||||
| 	"os/user" | ||||
| 	"strconv" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| ) | ||||
| 
 | ||||
| // fs methods are not implemented using a real FS | ||||
| @ -20,7 +20,7 @@ type stubNixOS struct { | ||||
| func (s *stubNixOS) Getuid() int                              { return 1971 } | ||||
| func (s *stubNixOS) Getgid() int                              { return 100 } | ||||
| func (s *stubNixOS) TempDir() string                          { return "/tmp" } | ||||
| func (s *stubNixOS) MustExecutable() string                   { return "/run/wrappers/bin/hakurei" } | ||||
| func (s *stubNixOS) MustExecutable() string                   { return "/run/wrappers/bin/fortify" } | ||||
| func (s *stubNixOS) Exit(code int)                            { panic("called exit on stub with code " + strconv.Itoa(code)) } | ||||
| func (s *stubNixOS) EvalSymlinks(path string) (string, error) { return path, nil } | ||||
| func (s *stubNixOS) Uid(aid int) (int, error)                 { return 1000000 + 0*10000 + aid, nil } | ||||
| @ -127,8 +127,8 @@ func (s *stubNixOS) Open(name string) (fs.File, error) { | ||||
| 
 | ||||
| func (s *stubNixOS) Paths() app.Paths { | ||||
| 	return app.Paths{ | ||||
| 		SharePath:   "/tmp/hakurei.1971", | ||||
| 		SharePath:   "/tmp/fortify.1971", | ||||
| 		RuntimePath: "/run/user/1971", | ||||
| 		RunDirPath:  "/run/user/1971/hakurei", | ||||
| 		RunDirPath:  "/run/user/1971/fortify", | ||||
| 	} | ||||
| } | ||||
|  | ||||
| @ -7,18 +7,18 @@ import ( | ||||
| 	"testing" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app/internal/setuid" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/sys" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app/internal/setuid" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/sys" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| type sealTestCase struct { | ||||
| 	name          string | ||||
| 	os            sys.State | ||||
| 	config        *hst.Config | ||||
| 	config        *fst.Config | ||||
| 	id            app.ID | ||||
| 	wantSys       *system.I | ||||
| 	wantContainer *sandbox.Params | ||||
| @ -80,25 +80,70 @@ func stubDirEntries(names ...string) (e []fs.DirEntry, err error) { | ||||
| 
 | ||||
| type stubDirEntryPath string | ||||
| 
 | ||||
| func (p stubDirEntryPath) Name() string               { return string(p) } | ||||
| func (p stubDirEntryPath) IsDir() bool                { panic("attempted to call IsDir") } | ||||
| func (p stubDirEntryPath) Type() fs.FileMode          { panic("attempted to call Type") } | ||||
| func (p stubDirEntryPath) Info() (fs.FileInfo, error) { panic("attempted to call Info") } | ||||
| func (p stubDirEntryPath) Name() string { | ||||
| 	return string(p) | ||||
| } | ||||
| 
 | ||||
| func (p stubDirEntryPath) IsDir() bool { | ||||
| 	panic("attempted to call IsDir") | ||||
| } | ||||
| 
 | ||||
| func (p stubDirEntryPath) Type() fs.FileMode { | ||||
| 	panic("attempted to call Type") | ||||
| } | ||||
| 
 | ||||
| func (p stubDirEntryPath) Info() (fs.FileInfo, error) { | ||||
| 	panic("attempted to call Info") | ||||
| } | ||||
| 
 | ||||
| type stubFileInfoMode fs.FileMode | ||||
| 
 | ||||
| func (s stubFileInfoMode) Name() string       { panic("attempted to call Name") } | ||||
| func (s stubFileInfoMode) Size() int64        { panic("attempted to call Size") } | ||||
| func (s stubFileInfoMode) Mode() fs.FileMode  { return fs.FileMode(s) } | ||||
| func (s stubFileInfoMode) ModTime() time.Time { panic("attempted to call ModTime") } | ||||
| func (s stubFileInfoMode) IsDir() bool        { panic("attempted to call IsDir") } | ||||
| func (s stubFileInfoMode) Sys() any           { panic("attempted to call Sys") } | ||||
| func (s stubFileInfoMode) Name() string { | ||||
| 	panic("attempted to call Name") | ||||
| } | ||||
| 
 | ||||
| func (s stubFileInfoMode) Size() int64 { | ||||
| 	panic("attempted to call Size") | ||||
| } | ||||
| 
 | ||||
| func (s stubFileInfoMode) Mode() fs.FileMode { | ||||
| 	return fs.FileMode(s) | ||||
| } | ||||
| 
 | ||||
| func (s stubFileInfoMode) ModTime() time.Time { | ||||
| 	panic("attempted to call ModTime") | ||||
| } | ||||
| 
 | ||||
| func (s stubFileInfoMode) IsDir() bool { | ||||
| 	panic("attempted to call IsDir") | ||||
| } | ||||
| 
 | ||||
| func (s stubFileInfoMode) Sys() any { | ||||
| 	panic("attempted to call Sys") | ||||
| } | ||||
| 
 | ||||
| type stubFileInfoIsDir bool | ||||
| 
 | ||||
| func (s stubFileInfoIsDir) Name() string       { panic("attempted to call Name") } | ||||
| func (s stubFileInfoIsDir) Size() int64        { panic("attempted to call Size") } | ||||
| func (s stubFileInfoIsDir) Mode() fs.FileMode  { panic("attempted to call Mode") } | ||||
| func (s stubFileInfoIsDir) ModTime() time.Time { panic("attempted to call ModTime") } | ||||
| func (s stubFileInfoIsDir) IsDir() bool        { return bool(s) } | ||||
| func (s stubFileInfoIsDir) Sys() any           { panic("attempted to call Sys") } | ||||
| func (s stubFileInfoIsDir) Name() string { | ||||
| 	panic("attempted to call Name") | ||||
| } | ||||
| 
 | ||||
| func (s stubFileInfoIsDir) Size() int64 { | ||||
| 	panic("attempted to call Size") | ||||
| } | ||||
| 
 | ||||
| func (s stubFileInfoIsDir) Mode() fs.FileMode { | ||||
| 	panic("attempted to call Mode") | ||||
| } | ||||
| 
 | ||||
| func (s stubFileInfoIsDir) ModTime() time.Time { | ||||
| 	panic("attempted to call ModTime") | ||||
| } | ||||
| 
 | ||||
| func (s stubFileInfoIsDir) IsDir() bool { | ||||
| 	return bool(s) | ||||
| } | ||||
| 
 | ||||
| func (s stubFileInfoIsDir) Sys() any { | ||||
| 	panic("attempted to call Sys") | ||||
| } | ||||
|  | ||||
| @ -4,8 +4,8 @@ import ( | ||||
| 	"errors" | ||||
| 	"log" | ||||
| 
 | ||||
| 	. "git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	. "git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| ) | ||||
| 
 | ||||
| func PrintRunStateErr(rs *RunState, runErr error) (code int) { | ||||
| @ -13,10 +13,10 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { | ||||
| 
 | ||||
| 	if runErr != nil { | ||||
| 		if rs.Time == nil { | ||||
| 			hlog.PrintBaseError(runErr, "cannot start app:") | ||||
| 			fmsg.PrintBaseError(runErr, "cannot start app:") | ||||
| 		} else { | ||||
| 			var e *hlog.BaseError | ||||
| 			if !hlog.AsBaseError(runErr, &e) { | ||||
| 			var e *fmsg.BaseError | ||||
| 			if !fmsg.AsBaseError(runErr, &e) { | ||||
| 				log.Println("wait failed:", runErr) | ||||
| 			} else { | ||||
| 				// Wait only returns either *app.ProcessError or *app.StateStoreError wrapped in a *app.BaseError | ||||
| @ -37,7 +37,7 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { | ||||
| 
 | ||||
| 						// every error here is wrapped in *app.BaseError | ||||
| 						for _, ei := range errs { | ||||
| 							var eb *hlog.BaseError | ||||
| 							var eb *fmsg.BaseError | ||||
| 							if !errors.As(ei, &eb) { | ||||
| 								// unreachable | ||||
| 								log.Println("invalid error type returned by revert:", ei) | ||||
| @ -59,7 +59,7 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { | ||||
| 	if rs.RevertErr != nil { | ||||
| 		var stateStoreError *StateStoreError | ||||
| 		if !errors.As(rs.RevertErr, &stateStoreError) || stateStoreError == nil { | ||||
| 			hlog.PrintBaseError(rs.RevertErr, "generic fault during cleanup:") | ||||
| 			fmsg.PrintBaseError(rs.RevertErr, "generic fault during cleanup:") | ||||
| 			goto out | ||||
| 		} | ||||
| 
 | ||||
| @ -67,11 +67,11 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { | ||||
| 			if len(stateStoreError.Err) == 2 { | ||||
| 				if stateStoreError.Err[0] != nil { | ||||
| 					if joinedErrs, ok := stateStoreError.Err[0].(interface{ Unwrap() []error }); !ok { | ||||
| 						hlog.PrintBaseError(stateStoreError.Err[0], "generic fault during revert:") | ||||
| 						fmsg.PrintBaseError(stateStoreError.Err[0], "generic fault during revert:") | ||||
| 					} else { | ||||
| 						for _, err := range joinedErrs.Unwrap() { | ||||
| 							if err != nil { | ||||
| 								hlog.PrintBaseError(err, "fault during revert:") | ||||
| 								fmsg.PrintBaseError(err, "fault during revert:") | ||||
| 							} | ||||
| 						} | ||||
| 					} | ||||
| @ -91,11 +91,11 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { | ||||
| 		} | ||||
| 
 | ||||
| 		if stateStoreError.DoErr != nil { | ||||
| 			hlog.PrintBaseError(stateStoreError.DoErr, "state store operation unsuccessful:") | ||||
| 			fmsg.PrintBaseError(stateStoreError.DoErr, "state store operation unsuccessful:") | ||||
| 		} | ||||
| 
 | ||||
| 		if stateStoreError.Inner && stateStoreError.InnerErr != nil { | ||||
| 			hlog.PrintBaseError(stateStoreError.InnerErr, "cannot destroy state entry:") | ||||
| 			fmsg.PrintBaseError(stateStoreError.InnerErr, "cannot destroy state entry:") | ||||
| 		} | ||||
| 
 | ||||
| 	out: | ||||
| @ -104,7 +104,7 @@ func PrintRunStateErr(rs *RunState, runErr error) (code int) { | ||||
| 		} | ||||
| 	} | ||||
| 	if rs.WaitErr != nil { | ||||
| 		hlog.Verbosef("wait: %v", rs.WaitErr) | ||||
| 		fmsg.Verbosef("wait: %v", rs.WaitErr) | ||||
| 	} | ||||
| 	return | ||||
| } | ||||
| @ -135,7 +135,7 @@ func (e *StateStoreError) equiv(a ...any) error { | ||||
| 	if e.Inner && e.InnerErr == nil && e.DoErr == nil && e.OpErr == nil && errors.Join(e.Err...) == nil { | ||||
| 		return nil | ||||
| 	} else { | ||||
| 		return hlog.WrapErrSuffix(e, a...) | ||||
| 		return fmsg.WrapErrorSuffix(e, a...) | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
|  | ||||
| @ -1,10 +1,10 @@ | ||||
| package setuid | ||||
| 
 | ||||
| import ( | ||||
| 	. "git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/sys" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	. "git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/sys" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| func NewWithID(id ID, os sys.State) App { | ||||
|  | ||||
| @ -12,12 +12,12 @@ import ( | ||||
| 	"syscall" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/internal" | ||||
| 	. "git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/state" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	"git.gensokyo.uk/security/fortify/internal" | ||||
| 	. "git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/state" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| const shimWaitTimeout = 5 * time.Second | ||||
| @ -35,7 +35,7 @@ func (seal *outcome) Run(rs *RunState) error { | ||||
| 	} | ||||
| 
 | ||||
| 	// read comp value early to allow for early failure | ||||
| 	hsuPath := internal.MustHsuPath() | ||||
| 	fsuPath := internal.MustFsuPath() | ||||
| 
 | ||||
| 	if err := seal.sys.Commit(seal.ctx); err != nil { | ||||
| 		return err | ||||
| @ -59,7 +59,7 @@ func (seal *outcome) Run(rs *RunState) error { | ||||
| 					if l := len(states); l == 0 { | ||||
| 						ec |= system.User | ||||
| 					} else { | ||||
| 						hlog.Verbosef("found %d instances, cleaning up without user-scoped operations", l) | ||||
| 						fmsg.Verbosef("found %d instances, cleaning up without user-scoped operations", l) | ||||
| 					} | ||||
| 
 | ||||
| 					// accumulate enablements of remaining launchers | ||||
| @ -72,9 +72,9 @@ func (seal *outcome) Run(rs *RunState) error { | ||||
| 					} | ||||
| 				} | ||||
| 				ec |= rt ^ (system.EWayland | system.EX11 | system.EDBus | system.EPulse) | ||||
| 				if hlog.Load() { | ||||
| 				if fmsg.Load() { | ||||
| 					if ec > 0 { | ||||
| 						hlog.Verbose("reverting operations scope", system.TypeString(ec)) | ||||
| 						fmsg.Verbose("reverting operations scope", system.TypeString(ec)) | ||||
| 					} | ||||
| 				} | ||||
| 
 | ||||
| @ -87,7 +87,7 @@ func (seal *outcome) Run(rs *RunState) error { | ||||
| 
 | ||||
| 	ctx, cancel := context.WithCancel(seal.ctx) | ||||
| 	defer cancel() | ||||
| 	cmd := exec.CommandContext(ctx, hsuPath) | ||||
| 	cmd := exec.CommandContext(ctx, fsuPath) | ||||
| 	cmd.Stdin, cmd.Stdout, cmd.Stderr = os.Stdin, os.Stdout, os.Stderr | ||||
| 	cmd.Dir = "/" // container init enters final working directory | ||||
| 	// shim runs in the same session as monitor; see shim.go for behaviour | ||||
| @ -95,28 +95,28 @@ func (seal *outcome) Run(rs *RunState) error { | ||||
| 
 | ||||
| 	var e *gob.Encoder | ||||
| 	if fd, encoder, err := sandbox.Setup(&cmd.ExtraFiles); err != nil { | ||||
| 		return hlog.WrapErrSuffix(err, | ||||
| 		return fmsg.WrapErrorSuffix(err, | ||||
| 			"cannot create shim setup pipe:") | ||||
| 	} else { | ||||
| 		e = encoder | ||||
| 		cmd.Env = []string{ | ||||
| 			// passed through to shim by hsu | ||||
| 			// passed through to shim by fsu | ||||
| 			shimEnv + "=" + strconv.Itoa(fd), | ||||
| 			// interpreted by hsu | ||||
| 			"HAKUREI_APP_ID=" + seal.user.aid.String(), | ||||
| 			// interpreted by fsu | ||||
| 			"FORTIFY_APP_ID=" + seal.user.aid.String(), | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	if len(seal.user.supp) > 0 { | ||||
| 		hlog.Verbosef("attaching supplementary group ids %s", seal.user.supp) | ||||
| 		// interpreted by hsu | ||||
| 		cmd.Env = append(cmd.Env, "HAKUREI_GROUPS="+strings.Join(seal.user.supp, " ")) | ||||
| 		fmsg.Verbosef("attaching supplementary group ids %s", seal.user.supp) | ||||
| 		// interpreted by fsu | ||||
| 		cmd.Env = append(cmd.Env, "FORTIFY_GROUPS="+strings.Join(seal.user.supp, " ")) | ||||
| 	} | ||||
| 
 | ||||
| 	hlog.Verbosef("setuid helper at %s", hsuPath) | ||||
| 	hlog.Suspend() | ||||
| 	fmsg.Verbosef("setuid helper at %s", fsuPath) | ||||
| 	fmsg.Suspend() | ||||
| 	if err := cmd.Start(); err != nil { | ||||
| 		return hlog.WrapErrSuffix(err, | ||||
| 		return fmsg.WrapErrorSuffix(err, | ||||
| 			"cannot start setuid wrapper:") | ||||
| 	} | ||||
| 	rs.SetStart() | ||||
| @ -124,19 +124,19 @@ func (seal *outcome) Run(rs *RunState) error { | ||||
| 	// this prevents blocking forever on an early failure | ||||
| 	waitErr, setupErr := make(chan error, 1), make(chan error, 1) | ||||
| 	go func() { waitErr <- cmd.Wait(); cancel() }() | ||||
| 	go func() { setupErr <- e.Encode(&shimParams{os.Getpid(), seal.container, seal.user.data, hlog.Load()}) }() | ||||
| 	go func() { setupErr <- e.Encode(&shimParams{os.Getpid(), seal.container, seal.user.data, fmsg.Load()}) }() | ||||
| 
 | ||||
| 	select { | ||||
| 	case err := <-setupErr: | ||||
| 		if err != nil { | ||||
| 			hlog.Resume() | ||||
| 			return hlog.WrapErrSuffix(err, | ||||
| 			fmsg.Resume() | ||||
| 			return fmsg.WrapErrorSuffix(err, | ||||
| 				"cannot transmit shim config:") | ||||
| 		} | ||||
| 
 | ||||
| 	case <-ctx.Done(): | ||||
| 		hlog.Resume() | ||||
| 		return hlog.WrapErr(syscall.ECANCELED, | ||||
| 		fmsg.Resume() | ||||
| 		return fmsg.WrapError(syscall.ECANCELED, | ||||
| 			"shim setup canceled") | ||||
| 	} | ||||
| 
 | ||||
| @ -163,25 +163,25 @@ func (seal *outcome) Run(rs *RunState) error { | ||||
| 	select { | ||||
| 	case rs.WaitErr = <-waitErr: | ||||
| 		rs.WaitStatus = cmd.ProcessState.Sys().(syscall.WaitStatus) | ||||
| 		if hlog.Load() { | ||||
| 		if fmsg.Load() { | ||||
| 			switch { | ||||
| 			case rs.Exited(): | ||||
| 				hlog.Verbosef("process %d exited with code %d", cmd.Process.Pid, rs.ExitStatus()) | ||||
| 				fmsg.Verbosef("process %d exited with code %d", cmd.Process.Pid, rs.ExitStatus()) | ||||
| 			case rs.CoreDump(): | ||||
| 				hlog.Verbosef("process %d dumped core", cmd.Process.Pid) | ||||
| 				fmsg.Verbosef("process %d dumped core", cmd.Process.Pid) | ||||
| 			case rs.Signaled(): | ||||
| 				hlog.Verbosef("process %d got %s", cmd.Process.Pid, rs.Signal()) | ||||
| 				fmsg.Verbosef("process %d got %s", cmd.Process.Pid, rs.Signal()) | ||||
| 			default: | ||||
| 				hlog.Verbosef("process %d exited with status %#x", cmd.Process.Pid, rs.WaitStatus) | ||||
| 				fmsg.Verbosef("process %d exited with status %#x", cmd.Process.Pid, rs.WaitStatus) | ||||
| 			} | ||||
| 		} | ||||
| 	case <-waitTimeout: | ||||
| 		rs.WaitErr = syscall.ETIMEDOUT | ||||
| 		hlog.Resume() | ||||
| 		fmsg.Resume() | ||||
| 		log.Printf("process %d did not terminate", cmd.Process.Pid) | ||||
| 	} | ||||
| 
 | ||||
| 	hlog.Resume() | ||||
| 	fmsg.Resume() | ||||
| 	if seal.sync != nil { | ||||
| 		if err := seal.sync.Close(); err != nil { | ||||
| 			log.Printf("cannot close wayland security context: %v", err) | ||||
|  | ||||
| @ -16,17 +16,17 @@ import ( | ||||
| 	"sync/atomic" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/acl" | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal" | ||||
| 	. "git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app/instance/common" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/sys" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/wl" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	"git.gensokyo.uk/security/fortify/acl" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal" | ||||
| 	. "git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app/instance/common" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/sys" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/wl" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| const ( | ||||
| @ -63,20 +63,20 @@ var ( | ||||
| 
 | ||||
| var posixUsername = regexp.MustCompilePOSIX("^[a-z_]([A-Za-z0-9_-]{0,31}|[A-Za-z0-9_-]{0,30}\\$)$") | ||||
| 
 | ||||
| // outcome stores copies of various parts of [hst.Config] | ||||
| // outcome stores copies of various parts of [fst.Config] | ||||
| type outcome struct { | ||||
| 	// copied from initialising [app] | ||||
| 	id *stringPair[ID] | ||||
| 	// copied from [sys.State] response | ||||
| 	runDirPath string | ||||
| 
 | ||||
| 	// initial [hst.Config] gob stream for state data; | ||||
| 	// initial [fst.Config] gob stream for state data; | ||||
| 	// this is prepared ahead of time as config is clobbered during seal creation | ||||
| 	ct io.WriterTo | ||||
| 	// dump dbus proxy message buffer | ||||
| 	dbusMsg func() | ||||
| 
 | ||||
| 	user hsuUser | ||||
| 	user fsuUser | ||||
| 	sys  *system.I | ||||
| 	ctx  context.Context | ||||
| 
 | ||||
| @ -89,7 +89,7 @@ type outcome struct { | ||||
| 
 | ||||
| // shareHost holds optional share directory state that must not be accessed directly | ||||
| type shareHost struct { | ||||
| 	// whether XDG_RUNTIME_DIR is used post hsu | ||||
| 	// whether XDG_RUNTIME_DIR is used post fsu | ||||
| 	useRuntimeDir bool | ||||
| 	// process-specific directory in tmpdir, empty if unused | ||||
| 	sharePath string | ||||
| @ -134,8 +134,8 @@ func (share *shareHost) runtime() string { | ||||
| 	return share.runtimeSharePath | ||||
| } | ||||
| 
 | ||||
| // hsuUser stores post-hsu credentials and metadata | ||||
| type hsuUser struct { | ||||
| // fsuUser stores post-fsu credentials and metadata | ||||
| type fsuUser struct { | ||||
| 	// application id | ||||
| 	aid *stringPair[int] | ||||
| 	// target uid resolved by fid:aid | ||||
| @ -152,7 +152,7 @@ type hsuUser struct { | ||||
| 	username string | ||||
| } | ||||
| 
 | ||||
| func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Config) error { | ||||
| func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *fst.Config) error { | ||||
| 	if seal.ctx != nil { | ||||
| 		panic("finalise called twice") | ||||
| 	} | ||||
| @ -162,19 +162,19 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 		// encode initial configuration for state tracking | ||||
| 		ct := new(bytes.Buffer) | ||||
| 		if err := gob.NewEncoder(ct).Encode(config); err != nil { | ||||
| 			return hlog.WrapErrSuffix(err, | ||||
| 			return fmsg.WrapErrorSuffix(err, | ||||
| 				"cannot encode initial config:") | ||||
| 		} | ||||
| 		seal.ct = ct | ||||
| 	} | ||||
| 
 | ||||
| 	// allowed aid range 0 to 9999, this is checked again in hsu | ||||
| 	// allowed aid range 0 to 9999, this is checked again in fsu | ||||
| 	if config.Identity < 0 || config.Identity > 9999 { | ||||
| 		return hlog.WrapErr(ErrUser, | ||||
| 		return fmsg.WrapError(ErrUser, | ||||
| 			fmt.Sprintf("identity %d out of range", config.Identity)) | ||||
| 	} | ||||
| 
 | ||||
| 	seal.user = hsuUser{ | ||||
| 	seal.user = fsuUser{ | ||||
| 		aid:      newInt(config.Identity), | ||||
| 		data:     config.Data, | ||||
| 		home:     config.Dir, | ||||
| @ -184,11 +184,11 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 		seal.user.username = "chronos" | ||||
| 	} else if !posixUsername.MatchString(seal.user.username) || | ||||
| 		len(seal.user.username) >= internal.Sysconf_SC_LOGIN_NAME_MAX() { | ||||
| 		return hlog.WrapErr(ErrName, | ||||
| 		return fmsg.WrapError(ErrName, | ||||
| 			fmt.Sprintf("invalid user name %q", seal.user.username)) | ||||
| 	} | ||||
| 	if seal.user.data == "" || !path.IsAbs(seal.user.data) { | ||||
| 		return hlog.WrapErr(ErrHome, | ||||
| 		return fmsg.WrapError(ErrHome, | ||||
| 			fmt.Sprintf("invalid home directory %q", seal.user.data)) | ||||
| 	} | ||||
| 	if seal.user.home == "" { | ||||
| @ -202,7 +202,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 	seal.user.supp = make([]string, len(config.Groups)) | ||||
| 	for i, name := range config.Groups { | ||||
| 		if g, err := sys.LookupGroup(name); err != nil { | ||||
| 			return hlog.WrapErr(err, | ||||
| 			return fmsg.WrapError(err, | ||||
| 				fmt.Sprintf("unknown group %q", name)) | ||||
| 		} else { | ||||
| 			seal.user.supp[i] = g.Gid | ||||
| @ -220,13 +220,13 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 
 | ||||
| 	// permissive defaults | ||||
| 	if config.Container == nil { | ||||
| 		hlog.Verbose("container configuration not supplied, PROCEED WITH CAUTION") | ||||
| 		fmsg.Verbose("container configuration not supplied, PROCEED WITH CAUTION") | ||||
| 
 | ||||
| 		// hsu clears the environment so resolve paths early | ||||
| 		// fsu clears the environment so resolve paths early | ||||
| 		if !path.IsAbs(config.Path) { | ||||
| 			if len(config.Args) > 0 { | ||||
| 				if p, err := sys.LookPath(config.Args[0]); err != nil { | ||||
| 					return hlog.WrapErr(err, err.Error()) | ||||
| 					return fmsg.WrapError(err, err.Error()) | ||||
| 				} else { | ||||
| 					config.Path = p | ||||
| 				} | ||||
| @ -235,7 +235,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 			} | ||||
| 		} | ||||
| 
 | ||||
| 		conf := &hst.ContainerConfig{ | ||||
| 		conf := &fst.ContainerConfig{ | ||||
| 			Userns:  true, | ||||
| 			Net:     true, | ||||
| 			Tty:     true, | ||||
| @ -245,7 +245,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 		if d, err := sys.ReadDir("/"); err != nil { | ||||
| 			return err | ||||
| 		} else { | ||||
| 			b := make([]*hst.FilesystemConfig, 0, len(d)) | ||||
| 			b := make([]*fst.FilesystemConfig, 0, len(d)) | ||||
| 			for _, ent := range d { | ||||
| 				p := "/" + ent.Name() | ||||
| 				switch p { | ||||
| @ -256,7 +256,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 				case "/etc": | ||||
| 
 | ||||
| 				default: | ||||
| 					b = append(b, &hst.FilesystemConfig{Src: p, Write: true, Must: true}) | ||||
| 					b = append(b, &fst.FilesystemConfig{Src: p, Write: true, Must: true}) | ||||
| 				} | ||||
| 			} | ||||
| 			conf.Filesystem = append(conf.Filesystem, b...) | ||||
| @ -269,10 +269,10 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 		} | ||||
| 		// bind GPU stuff | ||||
| 		if config.Enablements&(system.EX11|system.EWayland) != 0 { | ||||
| 			conf.Filesystem = append(conf.Filesystem, &hst.FilesystemConfig{Src: "/dev/dri", Device: true}) | ||||
| 			conf.Filesystem = append(conf.Filesystem, &fst.FilesystemConfig{Src: "/dev/dri", Device: true}) | ||||
| 		} | ||||
| 		// opportunistically bind kvm | ||||
| 		conf.Filesystem = append(conf.Filesystem, &hst.FilesystemConfig{Src: "/dev/kvm", Device: true}) | ||||
| 		conf.Filesystem = append(conf.Filesystem, &fst.FilesystemConfig{Src: "/dev/kvm", Device: true}) | ||||
| 
 | ||||
| 		config.Container = conf | ||||
| 	} | ||||
| @ -283,11 +283,11 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 		var err error | ||||
| 		seal.container, seal.env, err = common.NewContainer(config.Container, sys, &uid, &gid) | ||||
| 		if err != nil { | ||||
| 			return hlog.WrapErrSuffix(err, | ||||
| 			return fmsg.WrapErrorSuffix(err, | ||||
| 				"cannot initialise container configuration:") | ||||
| 		} | ||||
| 		if !path.IsAbs(config.Path) { | ||||
| 			return hlog.WrapErr(syscall.EINVAL, | ||||
| 			return fmsg.WrapError(syscall.EINVAL, | ||||
| 				"invalid program path") | ||||
| 		} | ||||
| 		if len(config.Args) == 0 { | ||||
| @ -317,6 +317,8 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 
 | ||||
| 	// inner XDG_RUNTIME_DIR default formatting of `/run/user/%d` as mapped uid | ||||
| 	innerRuntimeDir := path.Join("/run/user", mapuid.String()) | ||||
| 	seal.container.Tmpfs("/run/user", 1<<12, 0755) | ||||
| 	seal.container.Tmpfs(innerRuntimeDir, 1<<23, 0700) | ||||
| 	seal.env[xdgRuntimeDir] = innerRuntimeDir | ||||
| 	seal.env[xdgSessionClass] = "user" | ||||
| 	seal.env[xdgSessionType] = "tty" | ||||
| @ -324,20 +326,9 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 	share := &shareHost{seal: seal, sc: sys.Paths()} | ||||
| 	seal.runDirPath = share.sc.RunDirPath | ||||
| 	seal.sys = system.New(seal.user.uid.unwrap()) | ||||
| 	seal.sys.Ensure(share.sc.SharePath, 0711) | ||||
| 
 | ||||
| 	{ | ||||
| 		runtimeDir := path.Join(share.sc.SharePath, "runtime") | ||||
| 		seal.sys.Ensure(runtimeDir, 0700) | ||||
| 		seal.sys.UpdatePermType(system.User, runtimeDir, acl.Execute) | ||||
| 		runtimeDirInst := path.Join(runtimeDir, seal.user.aid.String()) | ||||
| 		seal.sys.Ensure(runtimeDirInst, 0700) | ||||
| 		seal.sys.UpdatePermType(system.User, runtimeDirInst, acl.Read, acl.Write, acl.Execute) | ||||
| 		seal.container.Tmpfs("/run/user", 1<<12, 0755) | ||||
| 		seal.container.Bind(runtimeDirInst, innerRuntimeDir, sandbox.BindWritable) | ||||
| 	} | ||||
| 
 | ||||
| 	{ | ||||
| 		seal.sys.Ensure(share.sc.SharePath, 0711) | ||||
| 		tmpdir := path.Join(share.sc.SharePath, "tmpdir") | ||||
| 		seal.sys.Ensure(tmpdir, 0700) | ||||
| 		seal.sys.UpdatePermType(system.User, tmpdir, acl.Execute) | ||||
| @ -364,9 +355,9 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 		seal.env[shell] = config.Shell | ||||
| 
 | ||||
| 		seal.container.Place("/etc/passwd", | ||||
| 			[]byte(username+":x:"+mapuid.String()+":"+mapgid.String()+":Hakurei:"+homeDir+":"+config.Shell+"\n")) | ||||
| 			[]byte(username+":x:"+mapuid.String()+":"+mapgid.String()+":Fortify:"+homeDir+":"+config.Shell+"\n")) | ||||
| 		seal.container.Place("/etc/group", | ||||
| 			[]byte("hakurei:x:"+mapgid.String()+":\n")) | ||||
| 			[]byte("fortify:x:"+mapgid.String()+":\n")) | ||||
| 	} | ||||
| 
 | ||||
| 	// pass TERM for proper terminal I/O in initial process | ||||
| @ -378,7 +369,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 		// outer wayland socket (usually `/run/user/%d/wayland-%d`) | ||||
| 		var socketPath string | ||||
| 		if name, ok := sys.LookupEnv(wl.WaylandDisplay); !ok { | ||||
| 			hlog.Verbose(wl.WaylandDisplay + " is not set, assuming " + wl.FallbackName) | ||||
| 			fmsg.Verbose(wl.WaylandDisplay + " is not set, assuming " + wl.FallbackName) | ||||
| 			socketPath = path.Join(share.sc.RuntimePath, wl.FallbackName) | ||||
| 		} else if !path.IsAbs(name) { | ||||
| 			socketPath = path.Join(share.sc.RuntimePath, name) | ||||
| @ -393,14 +384,14 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 			appID := config.ID | ||||
| 			if appID == "" { | ||||
| 				// use instance ID in case app id is not set | ||||
| 				appID = "uk.gensokyo.hakurei." + seal.id.String() | ||||
| 				appID = "uk.gensokyo.fortify." + seal.id.String() | ||||
| 			} | ||||
| 			// downstream socket paths | ||||
| 			outerPath := path.Join(share.instance(), "wayland") | ||||
| 			seal.sys.Wayland(&seal.sync, outerPath, socketPath, appID, seal.id.String()) | ||||
| 			seal.container.Bind(outerPath, innerPath, 0) | ||||
| 		} else { // bind mount wayland socket (insecure) | ||||
| 			hlog.Verbose("direct wayland access, PROCEED WITH CAUTION") | ||||
| 			fmsg.Verbose("direct wayland access, PROCEED WITH CAUTION") | ||||
| 			share.ensureRuntimeDir() | ||||
| 			seal.container.Bind(socketPath, innerPath, 0) | ||||
| 			seal.sys.UpdatePermType(system.EWayland, socketPath, acl.Read, acl.Write, acl.Execute) | ||||
| @ -409,7 +400,7 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 
 | ||||
| 	if config.Enablements&system.EX11 != 0 { | ||||
| 		if d, ok := sys.LookupEnv(display); !ok { | ||||
| 			return hlog.WrapErr(ErrXDisplay, | ||||
| 			return fmsg.WrapError(ErrXDisplay, | ||||
| 				"DISPLAY is not set") | ||||
| 		} else { | ||||
| 			seal.sys.ChangeHosts("#" + seal.user.uid.String()) | ||||
| @ -426,23 +417,23 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 
 | ||||
| 		if _, err := sys.Stat(pulseRuntimeDir); err != nil { | ||||
| 			if !errors.Is(err, fs.ErrNotExist) { | ||||
| 				return hlog.WrapErrSuffix(err, | ||||
| 				return fmsg.WrapErrorSuffix(err, | ||||
| 					fmt.Sprintf("cannot access PulseAudio directory %q:", pulseRuntimeDir)) | ||||
| 			} | ||||
| 			return hlog.WrapErr(ErrPulseSocket, | ||||
| 			return fmsg.WrapError(ErrPulseSocket, | ||||
| 				fmt.Sprintf("PulseAudio directory %q not found", pulseRuntimeDir)) | ||||
| 		} | ||||
| 
 | ||||
| 		if s, err := sys.Stat(pulseSocket); err != nil { | ||||
| 			if !errors.Is(err, fs.ErrNotExist) { | ||||
| 				return hlog.WrapErrSuffix(err, | ||||
| 				return fmsg.WrapErrorSuffix(err, | ||||
| 					fmt.Sprintf("cannot access PulseAudio socket %q:", pulseSocket)) | ||||
| 			} | ||||
| 			return hlog.WrapErr(ErrPulseSocket, | ||||
| 			return fmsg.WrapError(ErrPulseSocket, | ||||
| 				fmt.Sprintf("PulseAudio directory %q found but socket does not exist", pulseRuntimeDir)) | ||||
| 		} else { | ||||
| 			if m := s.Mode(); m&0o006 != 0o006 { | ||||
| 				return hlog.WrapErr(ErrPulseMode, | ||||
| 				return fmsg.WrapError(ErrPulseMode, | ||||
| 					fmt.Sprintf("unexpected permissions on %q:", pulseSocket), m) | ||||
| 			} | ||||
| 		} | ||||
| @ -457,9 +448,9 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 		// publish current user's pulse cookie for target user | ||||
| 		if src, err := discoverPulseCookie(sys); err != nil { | ||||
| 			// not fatal | ||||
| 			hlog.Verbose(strings.TrimSpace(err.(*hlog.BaseError).Message())) | ||||
| 			fmsg.Verbose(strings.TrimSpace(err.(*fmsg.BaseError).Message())) | ||||
| 		} else { | ||||
| 			innerDst := hst.Tmp + "/pulse-cookie" | ||||
| 			innerDst := fst.Tmp + "/pulse-cookie" | ||||
| 			seal.env[pulseCookie] = innerDst | ||||
| 			var payload *[]byte | ||||
| 			seal.container.PlaceP(innerDst, &payload) | ||||
| @ -531,15 +522,15 @@ func (seal *outcome) finalise(ctx context.Context, sys sys.State, config *hst.Co | ||||
| 	seal.container.Env = make([]string, 0, len(seal.env)) | ||||
| 	for k, v := range seal.env { | ||||
| 		if strings.IndexByte(k, '=') != -1 { | ||||
| 			return hlog.WrapErr(syscall.EINVAL, | ||||
| 			return fmsg.WrapError(syscall.EINVAL, | ||||
| 				fmt.Sprintf("invalid environment variable %s", k)) | ||||
| 		} | ||||
| 		seal.container.Env = append(seal.container.Env, k+"="+v) | ||||
| 	} | ||||
| 	slices.Sort(seal.container.Env) | ||||
| 
 | ||||
| 	if hlog.Load() { | ||||
| 		hlog.Verbosef("created application seal for uid %s (%s) groups: %v, argv: %s, ops: %d", | ||||
| 	if fmsg.Load() { | ||||
| 		fmsg.Verbosef("created application seal for uid %s (%s) groups: %v, argv: %s, ops: %d", | ||||
| 			seal.user.uid, seal.user.username, config.Groups, seal.container.Args, len(*seal.container.Ops)) | ||||
| 	} | ||||
| 
 | ||||
| @ -557,7 +548,7 @@ func discoverPulseCookie(sys sys.State) (string, error) { | ||||
| 		p = path.Join(p, ".pulse-cookie") | ||||
| 		if s, err := sys.Stat(p); err != nil { | ||||
| 			if !errors.Is(err, fs.ErrNotExist) { | ||||
| 				return p, hlog.WrapErrSuffix(err, | ||||
| 				return p, fmsg.WrapErrorSuffix(err, | ||||
| 					fmt.Sprintf("cannot access PulseAudio cookie %q:", p)) | ||||
| 			} | ||||
| 			// not found, try next method | ||||
| @ -571,7 +562,7 @@ func discoverPulseCookie(sys sys.State) (string, error) { | ||||
| 		p = path.Join(p, "pulse", "cookie") | ||||
| 		if s, err := sys.Stat(p); err != nil { | ||||
| 			if !errors.Is(err, fs.ErrNotExist) { | ||||
| 				return p, hlog.WrapErrSuffix(err, | ||||
| 				return p, fmsg.WrapErrorSuffix(err, | ||||
| 					fmt.Sprintf("cannot access PulseAudio cookie %q:", p)) | ||||
| 			} | ||||
| 			// not found, try next method | ||||
| @ -580,7 +571,7 @@ func discoverPulseCookie(sys sys.State) (string, error) { | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	return "", hlog.WrapErr(ErrPulseCookie, | ||||
| 	return "", fmsg.WrapError(ErrPulseCookie, | ||||
| 		fmt.Sprintf("cannot locate PulseAudio cookie (tried $%s, $%s/pulse/cookie, $%s/.pulse-cookie)", | ||||
| 			pulseCookie, xdgConfigHome, home)) | ||||
| } | ||||
|  | ||||
| @ -10,10 +10,10 @@ import ( | ||||
| 	"syscall" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/internal" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/internal" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| ) | ||||
| 
 | ||||
| /* | ||||
| @ -23,10 +23,10 @@ import ( | ||||
| #include <errno.h> | ||||
| #include <signal.h> | ||||
| 
 | ||||
| static pid_t hakurei_shim_param_ppid = -1; | ||||
| static pid_t f_shim_param_ppid = -1; | ||||
| 
 | ||||
| // this cannot unblock hlog since Go code is not async-signal-safe | ||||
| static void hakurei_shim_sigaction(int sig, siginfo_t *si, void *ucontext) { | ||||
| // this cannot unblock fmsg since Go code is not async-signal-safe | ||||
| static void f_shim_sigaction(int sig, siginfo_t *si, void *ucontext) { | ||||
|   if (sig != SIGCONT || si == NULL) { | ||||
|     // unreachable | ||||
|     fprintf(stderr, "sigaction: sa_sigaction got invalid siginfo\n"); | ||||
| @ -34,17 +34,17 @@ static void hakurei_shim_sigaction(int sig, siginfo_t *si, void *ucontext) { | ||||
|   } | ||||
| 
 | ||||
|   // monitor requests shim exit | ||||
|   if (si->si_pid == hakurei_shim_param_ppid) | ||||
|   if (si->si_pid == f_shim_param_ppid) | ||||
|     exit(254); | ||||
| 
 | ||||
|   fprintf(stderr, "sigaction: got SIGCONT from process %d\n", si->si_pid); | ||||
| 
 | ||||
|   // shim orphaned before monitor delivers a signal | ||||
|   if (getppid() != hakurei_shim_param_ppid) | ||||
|   if (getppid() != f_shim_param_ppid) | ||||
|     exit(3); | ||||
| } | ||||
| 
 | ||||
| void hakurei_shim_setup_cont_signal(pid_t ppid) { | ||||
| void f_shim_setup_cont_signal(pid_t ppid) { | ||||
|   struct sigaction new_action = {0}, old_action = {0}; | ||||
|   if (sigaction(SIGCONT, NULL, &old_action) != 0) | ||||
|     return; | ||||
| @ -53,7 +53,7 @@ void hakurei_shim_setup_cont_signal(pid_t ppid) { | ||||
|     return; | ||||
|   } | ||||
| 
 | ||||
|   new_action.sa_sigaction = hakurei_shim_sigaction; | ||||
|   new_action.sa_sigaction = f_shim_sigaction; | ||||
|   if (sigemptyset(&new_action.sa_mask) != 0) | ||||
|     return; | ||||
|   new_action.sa_flags = SA_ONSTACK | SA_SIGINFO; | ||||
| @ -62,12 +62,12 @@ void hakurei_shim_setup_cont_signal(pid_t ppid) { | ||||
|     return; | ||||
| 
 | ||||
|   errno = 0; | ||||
|   hakurei_shim_param_ppid = ppid; | ||||
|   f_shim_param_ppid = ppid; | ||||
| } | ||||
| */ | ||||
| import "C" | ||||
| 
 | ||||
| const shimEnv = "HAKUREI_SHIM" | ||||
| const shimEnv = "FORTIFY_SHIM" | ||||
| 
 | ||||
| type shimParams struct { | ||||
| 	// monitor pid, checked against ppid in signal handler | ||||
| @ -84,7 +84,7 @@ type shimParams struct { | ||||
| 
 | ||||
| // ShimMain is the main function of the shim process and runs as the unconstrained target user. | ||||
| func ShimMain() { | ||||
| 	hlog.Prepare("shim") | ||||
| 	fmsg.Prepare("shim") | ||||
| 
 | ||||
| 	if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil { | ||||
| 		log.Fatalf("cannot set SUID_DUMP_DISABLE: %s", err) | ||||
| @ -99,7 +99,7 @@ func ShimMain() { | ||||
| 			log.Fatal("invalid config descriptor") | ||||
| 		} | ||||
| 		if errors.Is(err, sandbox.ErrNotSet) { | ||||
| 			log.Fatal("HAKUREI_SHIM not set") | ||||
| 			log.Fatal("FORTIFY_SHIM not set") | ||||
| 		} | ||||
| 
 | ||||
| 		log.Fatalf("cannot receive shim setup params: %v", err) | ||||
| @ -108,7 +108,7 @@ func ShimMain() { | ||||
| 		closeSetup = f | ||||
| 
 | ||||
| 		// the Go runtime does not expose siginfo_t so SIGCONT is handled in C to check si_pid | ||||
| 		if _, err = C.hakurei_shim_setup_cont_signal(C.pid_t(params.Monitor)); err != nil { | ||||
| 		if _, err = C.f_shim_setup_cont_signal(C.pid_t(params.Monitor)); err != nil { | ||||
| 			log.Fatalf("cannot install SIGCONT handler: %v", err) | ||||
| 		} | ||||
| 
 | ||||
| @ -156,11 +156,11 @@ func ShimMain() { | ||||
| 	container.WaitDelay = 2 * time.Second | ||||
| 
 | ||||
| 	if err := container.Start(); err != nil { | ||||
| 		hlog.PrintBaseError(err, "cannot start container:") | ||||
| 		fmsg.PrintBaseError(err, "cannot start container:") | ||||
| 		os.Exit(1) | ||||
| 	} | ||||
| 	if err := container.Serve(); err != nil { | ||||
| 		hlog.PrintBaseError(err, "cannot configure container:") | ||||
| 		fmsg.PrintBaseError(err, "cannot configure container:") | ||||
| 	} | ||||
| 
 | ||||
| 	if err := seccomp.Load(seccomp.PresetCommon); err != nil { | ||||
|  | ||||
| @ -3,7 +3,7 @@ package setuid | ||||
| import ( | ||||
| 	"strconv" | ||||
| 
 | ||||
| 	. "git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	. "git.gensokyo.uk/security/fortify/internal/app" | ||||
| ) | ||||
| 
 | ||||
| func newInt(v int) *stringPair[int] { return &stringPair[int]{v, strconv.Itoa(v)} } | ||||
|  | ||||
| @ -3,7 +3,7 @@ package internal | ||||
| import ( | ||||
| 	"os" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| ) | ||||
| 
 | ||||
| func Exit(code int) { hlog.BeforeExit(); os.Exit(code) } | ||||
| func Exit(code int) { fmsg.BeforeExit(); os.Exit(code) } | ||||
|  | ||||
| @ -1,4 +1,4 @@ | ||||
| package hlog | ||||
| package fmsg | ||||
| 
 | ||||
| import ( | ||||
| 	"fmt" | ||||
| @ -12,8 +12,13 @@ type baseError struct { | ||||
| 	Err error | ||||
| } | ||||
| 
 | ||||
| func (e *baseError) Error() string { return e.Err.Error() } | ||||
| func (e *baseError) Unwrap() error { return e.Err } | ||||
| func (e *baseError) Error() string { | ||||
| 	return e.Err.Error() | ||||
| } | ||||
| 
 | ||||
| func (e *baseError) Unwrap() error { | ||||
| 	return e.Err | ||||
| } | ||||
| 
 | ||||
| // BaseError implements an error container with a user-facing message | ||||
| type BaseError struct { | ||||
| @ -22,33 +27,35 @@ type BaseError struct { | ||||
| } | ||||
| 
 | ||||
| // Message returns a user-facing error message | ||||
| func (e *BaseError) Message() string { return e.message } | ||||
| func (e *BaseError) Message() string { | ||||
| 	return e.message | ||||
| } | ||||
| 
 | ||||
| // WrapErr wraps an error with a corresponding message. | ||||
| func WrapErr(err error, a ...any) error { | ||||
| // WrapError wraps an error with a corresponding message. | ||||
| func WrapError(err error, a ...any) error { | ||||
| 	if err == nil { | ||||
| 		return nil | ||||
| 	} | ||||
| 	return wrapErr(err, fmt.Sprintln(a...)) | ||||
| 	return wrapError(err, fmt.Sprintln(a...)) | ||||
| } | ||||
| 
 | ||||
| // WrapErrSuffix wraps an error with a corresponding message with err at the end of the message. | ||||
| func WrapErrSuffix(err error, a ...any) error { | ||||
| // WrapErrorSuffix wraps an error with a corresponding message with err at the end of the message. | ||||
| func WrapErrorSuffix(err error, a ...any) error { | ||||
| 	if err == nil { | ||||
| 		return nil | ||||
| 	} | ||||
| 	return wrapErr(err, fmt.Sprintln(append(a, err)...)) | ||||
| 	return wrapError(err, fmt.Sprintln(append(a, err)...)) | ||||
| } | ||||
| 
 | ||||
| // WrapErrFunc wraps an error with a corresponding message returned by f. | ||||
| func WrapErrFunc(err error, f func(err error) string) error { | ||||
| // WrapErrorFunc wraps an error with a corresponding message returned by f. | ||||
| func WrapErrorFunc(err error, f func(err error) string) error { | ||||
| 	if err == nil { | ||||
| 		return nil | ||||
| 	} | ||||
| 	return wrapErr(err, f(err)) | ||||
| 	return wrapError(err, f(err)) | ||||
| } | ||||
| 
 | ||||
| func wrapErr(err error, message string) *BaseError { | ||||
| func wrapError(err error, message string) *BaseError { | ||||
| 	return &BaseError{message, baseError{err}} | ||||
| } | ||||
| 
 | ||||
| @ -1,5 +1,5 @@ | ||||
| // Package hlog provides various functions for output messages. | ||||
| package hlog | ||||
| // Package fmsg provides various functions for output messages. | ||||
| package fmsg | ||||
| 
 | ||||
| import ( | ||||
| 	"bytes" | ||||
| @ -1,11 +1,11 @@ | ||||
| package hlog | ||||
| package fmsg | ||||
| 
 | ||||
| type Output struct{} | ||||
| 
 | ||||
| func (Output) IsVerbose() bool                         { return Load() } | ||||
| func (Output) Verbose(v ...any)                        { Verbose(v...) } | ||||
| func (Output) Verbosef(format string, v ...any)        { Verbosef(format, v...) } | ||||
| func (Output) WrapErr(err error, a ...any) error       { return WrapErr(err, a...) } | ||||
| func (Output) WrapErr(err error, a ...any) error       { return WrapError(err, a...) } | ||||
| func (Output) PrintBaseErr(err error, fallback string) { PrintBaseError(err, fallback) } | ||||
| func (Output) Suspend()                                { Suspend() } | ||||
| func (Output) Resume() bool                            { return Resume() } | ||||
| @ -1,4 +1,4 @@ | ||||
| package hlog | ||||
| package fmsg | ||||
| 
 | ||||
| import ( | ||||
| 	"log" | ||||
| @ -1,17 +1,17 @@ | ||||
| package internal | ||||
| 
 | ||||
| import ( | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| func InstallFmsg(verbose bool) { | ||||
| 	hlog.Store(verbose) | ||||
| 	sandbox.SetOutput(hlog.Output{}) | ||||
| 	system.SetOutput(hlog.Output{}) | ||||
| 	fmsg.Store(verbose) | ||||
| 	sandbox.SetOutput(fmsg.Output{}) | ||||
| 	system.SetOutput(fmsg.Output{}) | ||||
| 	if verbose { | ||||
| 		seccomp.SetOutput(hlog.Verbose) | ||||
| 		seccomp.SetOutput(fmsg.Verbose) | ||||
| 	} | ||||
| } | ||||
|  | ||||
| @ -4,19 +4,19 @@ import ( | ||||
| 	"log" | ||||
| 	"path" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| ) | ||||
| 
 | ||||
| var ( | ||||
| 	hsu = compPoison | ||||
| 	fsu = compPoison | ||||
| ) | ||||
| 
 | ||||
| func MustHsuPath() string { | ||||
| 	if name, ok := checkPath(hsu); ok { | ||||
| func MustFsuPath() string { | ||||
| 	if name, ok := checkPath(fsu); ok { | ||||
| 		return name | ||||
| 	} | ||||
| 	hlog.BeforeExit() | ||||
| 	log.Fatal("invalid hsu path, this program is compiled incorrectly") | ||||
| 	fmsg.BeforeExit() | ||||
| 	log.Fatal("invalid fsu path, this program is compiled incorrectly") | ||||
| 	return compPoison | ||||
| } | ||||
| 
 | ||||
|  | ||||
| @ -13,9 +13,9 @@ import ( | ||||
| 	"sync" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| ) | ||||
| 
 | ||||
| // fine-grained locking and access | ||||
| @ -86,17 +86,17 @@ func (s *multiStore) List() ([]int, error) { | ||||
| 	for _, e := range entries { | ||||
| 		// skip non-directories | ||||
| 		if !e.IsDir() { | ||||
| 			hlog.Verbosef("skipped non-directory entry %q", e.Name()) | ||||
| 			fmsg.Verbosef("skipped non-directory entry %q", e.Name()) | ||||
| 			continue | ||||
| 		} | ||||
| 
 | ||||
| 		// skip non-numerical names | ||||
| 		if v, err := strconv.Atoi(e.Name()); err != nil { | ||||
| 			hlog.Verbosef("skipped non-aid entry %q", e.Name()) | ||||
| 			fmsg.Verbosef("skipped non-aid entry %q", e.Name()) | ||||
| 			continue | ||||
| 		} else { | ||||
| 			if v < 0 || v > 9999 { | ||||
| 				hlog.Verbosef("skipped out of bounds entry %q", e.Name()) | ||||
| 				fmsg.Verbosef("skipped out of bounds entry %q", e.Name()) | ||||
| 				continue | ||||
| 			} | ||||
| 
 | ||||
| @ -232,7 +232,7 @@ func (b *multiBackend) load(decode bool) (Entries, error) { | ||||
| } | ||||
| 
 | ||||
| // state file consists of an eight byte header, followed by concatenated gobs | ||||
| // of [hst.Config] and [State], if [State.Config] is not nil or offset < 0, | ||||
| // of [fst.Config] and [State], if [State.Config] is not nil or offset < 0, | ||||
| // the first gob is skipped | ||||
| func (b *multiBackend) decodeState(r io.ReadSeeker, state *State) error { | ||||
| 	offset := make([]byte, 8) | ||||
| @ -269,7 +269,7 @@ func (b *multiBackend) decodeState(r io.ReadSeeker, state *State) error { | ||||
| 			return ErrNoConfig | ||||
| 		} | ||||
| 
 | ||||
| 		state.Config = new(hst.Config) | ||||
| 		state.Config = new(fst.Config) | ||||
| 		if _, err := r.Seek(8, io.SeekStart); err != nil { | ||||
| 			return err | ||||
| 		} | ||||
|  | ||||
| @ -3,7 +3,7 @@ package state_test | ||||
| import ( | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/state" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/state" | ||||
| ) | ||||
| 
 | ||||
| func TestMulti(t *testing.T) { | ||||
|  | ||||
| @ -5,8 +5,8 @@ import ( | ||||
| 	"io" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| ) | ||||
| 
 | ||||
| var ErrNoConfig = errors.New("state does not contain config") | ||||
| @ -35,14 +35,14 @@ type Cursor interface { | ||||
| 	Len() (int, error) | ||||
| } | ||||
| 
 | ||||
| // State is an instance state | ||||
| // State is a fortify process's state | ||||
| type State struct { | ||||
| 	// hakurei instance id | ||||
| 	// fortify instance id | ||||
| 	ID app.ID `json:"instance"` | ||||
| 	// child process PID value | ||||
| 	PID int `json:"pid"` | ||||
| 	// sealed app configuration | ||||
| 	Config *hst.Config `json:"config"` | ||||
| 	Config *fst.Config `json:"config"` | ||||
| 
 | ||||
| 	// process start time | ||||
| 	Time time.Time `json:"time"` | ||||
|  | ||||
| @ -10,9 +10,9 @@ import ( | ||||
| 	"testing" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/state" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/state" | ||||
| ) | ||||
| 
 | ||||
| func testStore(t *testing.T, s state.Store) { | ||||
| @ -63,7 +63,7 @@ func testStore(t *testing.T, s state.Store) { | ||||
| 					&tc[i].state.ID) | ||||
| 			} else { | ||||
| 				got.Time = tc[i].state.Time | ||||
| 				tc[i].state.Config = hst.Template() | ||||
| 				tc[i].state.Config = fst.Template() | ||||
| 				if !reflect.DeepEqual(got, &tc[i].state) { | ||||
| 					t.Fatalf("Load: entry %s got %#v, want %#v", | ||||
| 						&tc[i].state.ID, got, &tc[i].state) | ||||
| @ -137,7 +137,7 @@ func makeState(t *testing.T, s *state.State, ct io.Writer) { | ||||
| 	if err := app.NewAppID(&s.ID); err != nil { | ||||
| 		t.Fatalf("cannot create dummy state: %v", err) | ||||
| 	} | ||||
| 	if err := gob.NewEncoder(ct).Encode(hst.Template()); err != nil { | ||||
| 	if err := gob.NewEncoder(ct).Encode(fst.Template()); err != nil { | ||||
| 		t.Fatalf("cannot encode dummy config: %v", err) | ||||
| 	} | ||||
| 	s.PID = rand.Int() | ||||
|  | ||||
| @ -6,8 +6,8 @@ import ( | ||||
| 	"path" | ||||
| 	"strconv" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| ) | ||||
| 
 | ||||
| // State provides safe interaction with operating system state. | ||||
| @ -42,25 +42,25 @@ type State interface { | ||||
| 
 | ||||
| 	// Paths returns a populated [Paths] struct. | ||||
| 	Paths() app.Paths | ||||
| 	// Uid invokes hsu and returns target uid. | ||||
| 	// Uid invokes fsu and returns target uid. | ||||
| 	// Any errors returned by Uid is already wrapped [fmsg.BaseError]. | ||||
| 	Uid(aid int) (int, error) | ||||
| } | ||||
| 
 | ||||
| // CopyPaths is a generic implementation of [hst.Paths]. | ||||
| // CopyPaths is a generic implementation of [fst.Paths]. | ||||
| func CopyPaths(os State, v *app.Paths) { | ||||
| 	v.SharePath = path.Join(os.TempDir(), "hakurei."+strconv.Itoa(os.Getuid())) | ||||
| 	v.SharePath = path.Join(os.TempDir(), "fortify."+strconv.Itoa(os.Getuid())) | ||||
| 
 | ||||
| 	hlog.Verbosef("process share directory at %q", v.SharePath) | ||||
| 	fmsg.Verbosef("process share directory at %q", v.SharePath) | ||||
| 
 | ||||
| 	if r, ok := os.LookupEnv(xdgRuntimeDir); !ok || r == "" || !path.IsAbs(r) { | ||||
| 		// fall back to path in share since hakurei has no hard XDG dependency | ||||
| 		// fall back to path in share since fortify has no hard XDG dependency | ||||
| 		v.RunDirPath = path.Join(v.SharePath, "run") | ||||
| 		v.RuntimePath = path.Join(v.RunDirPath, "compat") | ||||
| 	} else { | ||||
| 		v.RuntimePath = r | ||||
| 		v.RunDirPath = path.Join(v.RuntimePath, "hakurei") | ||||
| 		v.RunDirPath = path.Join(v.RuntimePath, "fortify") | ||||
| 	} | ||||
| 
 | ||||
| 	hlog.Verbosef("runtime directory at %q", v.RunDirPath) | ||||
| 	fmsg.Verbosef("runtime directory at %q", v.RunDirPath) | ||||
| } | ||||
|  | ||||
| @ -12,10 +12,10 @@ import ( | ||||
| 	"sync" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/internal" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/internal" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| ) | ||||
| 
 | ||||
| // Std implements System using the standard library. | ||||
| @ -43,8 +43,8 @@ func (s *Std) Stat(name string) (fs.FileInfo, error)        { return os.Stat(nam | ||||
| func (s *Std) Open(name string) (fs.File, error)            { return os.Open(name) } | ||||
| func (s *Std) EvalSymlinks(path string) (string, error)     { return filepath.EvalSymlinks(path) } | ||||
| func (s *Std) Exit(code int)                                { internal.Exit(code) } | ||||
| func (s *Std) Println(v ...any)                             { hlog.Verbose(v...) } | ||||
| func (s *Std) Printf(format string, v ...any)               { hlog.Verbosef(format, v...) } | ||||
| func (s *Std) Println(v ...any)                             { fmsg.Verbose(v...) } | ||||
| func (s *Std) Printf(format string, v ...any)               { fmsg.Verbosef(format, v...) } | ||||
| 
 | ||||
| const xdgRuntimeDir = "XDG_RUNTIME_DIR" | ||||
| 
 | ||||
| @ -80,12 +80,12 @@ func (s *Std) Uid(aid int) (int, error) { | ||||
| 	defer func() { s.uidCopy[aid] = u }() | ||||
| 
 | ||||
| 	u.uid = -1 | ||||
| 	hsuPath := internal.MustHsuPath() | ||||
| 	fsuPath := internal.MustFsuPath() | ||||
| 
 | ||||
| 	cmd := exec.Command(hsuPath) | ||||
| 	cmd.Path = hsuPath | ||||
| 	cmd := exec.Command(fsuPath) | ||||
| 	cmd.Path = fsuPath | ||||
| 	cmd.Stderr = os.Stderr // pass through fatal messages | ||||
| 	cmd.Env = []string{"HAKUREI_APP_ID=" + strconv.Itoa(aid)} | ||||
| 	cmd.Env = []string{"FORTIFY_APP_ID=" + strconv.Itoa(aid)} | ||||
| 	cmd.Dir = "/" | ||||
| 	var ( | ||||
| 		p         []byte | ||||
| @ -95,12 +95,12 @@ func (s *Std) Uid(aid int) (int, error) { | ||||
| 	if p, u.err = cmd.Output(); u.err == nil { | ||||
| 		u.uid, u.err = strconv.Atoi(string(p)) | ||||
| 		if u.err != nil { | ||||
| 			u.err = hlog.WrapErrSuffix(u.err, "cannot parse uid from hsu:") | ||||
| 			u.err = fmsg.WrapErrorSuffix(u.err, "cannot parse uid from fsu:") | ||||
| 		} | ||||
| 	} else if errors.As(u.err, &exitError) && exitError != nil && exitError.ExitCode() == 1 { | ||||
| 		u.err = hlog.WrapErr(syscall.EACCES, "") // hsu prints to stderr in this case | ||||
| 		u.err = fmsg.WrapError(syscall.EACCES, "") // fsu prints to stderr in this case | ||||
| 	} else if os.IsNotExist(u.err) { | ||||
| 		u.err = hlog.WrapErr(os.ErrNotExist, fmt.Sprintf("the setuid helper is missing: %s", hsuPath)) | ||||
| 		u.err = fmsg.WrapError(os.ErrNotExist, fmt.Sprintf("the setuid helper is missing: %s", fsuPath)) | ||||
| 	} | ||||
| 	return u.uid, u.err | ||||
| } | ||||
|  | ||||
| @ -8,7 +8,7 @@ import ( | ||||
| 	"os/exec" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| ) | ||||
| 
 | ||||
| const lddTimeout = 2 * time.Second | ||||
| @ -28,7 +28,7 @@ func ExecFilter(ctx context.Context, | ||||
| 	defer cancel() | ||||
| 	container := sandbox.New(c, "ldd", p) | ||||
| 	container.CommandContext = commandContext | ||||
| 	container.Hostname = "hakurei-ldd" | ||||
| 	container.Hostname = "fortify-ldd" | ||||
| 	stdout, stderr := new(bytes.Buffer), new(bytes.Buffer) | ||||
| 	container.Stdout = stdout | ||||
| 	container.Stderr = stderr | ||||
|  | ||||
| @ -5,7 +5,7 @@ import ( | ||||
| 	"reflect" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/ldd" | ||||
| 	"git.gensokyo.uk/security/fortify/ldd" | ||||
| ) | ||||
| 
 | ||||
| func TestParseError(t *testing.T) { | ||||
|  | ||||
							
								
								
									
										59
									
								
								main.go
									
									
									
									
									
								
							
							
						
						
									
										59
									
								
								main.go
									
									
									
									
									
								
							| @ -15,17 +15,17 @@ import ( | ||||
| 	"syscall" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/command" | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app/instance" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/state" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/sys" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/system" | ||||
| 	"git.gensokyo.uk/security/fortify/command" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app/instance" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/state" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/sys" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/system" | ||||
| ) | ||||
| 
 | ||||
| var ( | ||||
| @ -35,13 +35,13 @@ var ( | ||||
| 	license string | ||||
| ) | ||||
| 
 | ||||
| func init() { hlog.Prepare("hakurei") } | ||||
| func init() { fmsg.Prepare("fortify") } | ||||
| 
 | ||||
| var std sys.State = new(sys.Std) | ||||
| 
 | ||||
| func main() { | ||||
| 	// early init path, skips root check and duplicate PR_SET_DUMPABLE | ||||
| 	sandbox.TryArgv0(hlog.Output{}, hlog.Prepare, internal.InstallFmsg) | ||||
| 	sandbox.TryArgv0(fmsg.Output{}, fmsg.Prepare, internal.InstallFmsg) | ||||
| 
 | ||||
| 	if err := sandbox.SetDumpable(sandbox.SUID_DUMP_DISABLE); err != nil { | ||||
| 		log.Printf("cannot set SUID_DUMP_DISABLE: %s", err) | ||||
| @ -53,9 +53,9 @@ func main() { | ||||
| 	} | ||||
| 
 | ||||
| 	buildCommand(os.Stderr).MustParse(os.Args[1:], func(err error) { | ||||
| 		hlog.Verbosef("command returned %v", err) | ||||
| 		fmsg.Verbosef("command returned %v", err) | ||||
| 		if errors.Is(err, errSuccess) { | ||||
| 			hlog.BeforeExit() | ||||
| 			fmsg.BeforeExit() | ||||
| 			os.Exit(0) | ||||
| 		} | ||||
| 	}) | ||||
| @ -67,13 +67,16 @@ func buildCommand(out io.Writer) command.Command { | ||||
| 		flagVerbose bool | ||||
| 		flagJSON    bool | ||||
| 	) | ||||
| 	c := command.New(out, log.Printf, "hakurei", func([]string) error { internal.InstallFmsg(flagVerbose); return nil }). | ||||
| 		Flag(&flagVerbose, "v", command.BoolFlag(false), "Increase log verbosity"). | ||||
| 	c := command.New(out, log.Printf, "fortify", func([]string) error { | ||||
| 		internal.InstallFmsg(flagVerbose) | ||||
| 		return nil | ||||
| 	}). | ||||
| 		Flag(&flagVerbose, "v", command.BoolFlag(false), "Print debug messages to the console"). | ||||
| 		Flag(&flagJSON, "json", command.BoolFlag(false), "Serialise output in JSON when applicable") | ||||
| 
 | ||||
| 	c.Command("shim", command.UsageInternal, func([]string) error { instance.ShimMain(); return errSuccess }) | ||||
| 
 | ||||
| 	c.Command("app", "Load app from configuration file", func(args []string) error { | ||||
| 	c.Command("app", "Launch app defined by the specified config file", func(args []string) error { | ||||
| 		if len(args) < 1 { | ||||
| 			log.Fatal("app requires at least 1 argument") | ||||
| 		} | ||||
| @ -104,7 +107,7 @@ func buildCommand(out io.Writer) command.Command { | ||||
| 
 | ||||
| 		c.NewCommand("run", "Configure and start a permissive default sandbox", func(args []string) error { | ||||
| 			// initialise config from flags | ||||
| 			config := &hst.Config{ | ||||
| 			config := &fst.Config{ | ||||
| 				ID:   fid, | ||||
| 				Args: args, | ||||
| 			} | ||||
| @ -120,19 +123,19 @@ func buildCommand(out io.Writer) command.Command { | ||||
| 				passwdFunc = func() { | ||||
| 					var us string | ||||
| 					if uid, err := std.Uid(aid); err != nil { | ||||
| 						hlog.PrintBaseError(err, "cannot obtain uid from setuid wrapper:") | ||||
| 						fmsg.PrintBaseError(err, "cannot obtain uid from fsu:") | ||||
| 						os.Exit(1) | ||||
| 					} else { | ||||
| 						us = strconv.Itoa(uid) | ||||
| 					} | ||||
| 
 | ||||
| 					if u, err := user.LookupId(us); err != nil { | ||||
| 						hlog.Verbosef("cannot look up uid %s", us) | ||||
| 						fmsg.Verbosef("cannot look up uid %s", us) | ||||
| 						passwd = &user.User{ | ||||
| 							Uid:      us, | ||||
| 							Gid:      us, | ||||
| 							Username: "chronos", | ||||
| 							Name:     "Hakurei Permissive Default", | ||||
| 							Name:     "Fortify", | ||||
| 							HomeDir:  "/var/empty", | ||||
| 						} | ||||
| 					} else { | ||||
| @ -230,7 +233,7 @@ func buildCommand(out io.Writer) command.Command { | ||||
| 	} | ||||
| 
 | ||||
| 	var showFlagShort bool | ||||
| 	c.NewCommand("show", "Show live or local app configuration", func(args []string) error { | ||||
| 	c.NewCommand("show", "Show the contents of an app configuration", func(args []string) error { | ||||
| 		switch len(args) { | ||||
| 		case 0: // system | ||||
| 			printShowSystem(os.Stdout, showFlagShort, flagJSON) | ||||
| @ -250,12 +253,12 @@ func buildCommand(out io.Writer) command.Command { | ||||
| 	}).Flag(&showFlagShort, "short", command.BoolFlag(false), "Omit filesystem information") | ||||
| 
 | ||||
| 	var psFlagShort bool | ||||
| 	c.NewCommand("ps", "List active instances", func(args []string) error { | ||||
| 	c.NewCommand("ps", "List active apps and their state", func(args []string) error { | ||||
| 		printPs(os.Stdout, time.Now().UTC(), state.NewMulti(std.Paths().RunDirPath), psFlagShort, flagJSON) | ||||
| 		return errSuccess | ||||
| 	}).Flag(&psFlagShort, "short", command.BoolFlag(false), "Print instance id") | ||||
| 
 | ||||
| 	c.Command("version", "Display version information", func(args []string) error { | ||||
| 	c.Command("version", "Show fortify version", func(args []string) error { | ||||
| 		fmt.Println(internal.Version()) | ||||
| 		return errSuccess | ||||
| 	}) | ||||
| @ -266,7 +269,7 @@ func buildCommand(out io.Writer) command.Command { | ||||
| 	}) | ||||
| 
 | ||||
| 	c.Command("template", "Produce a config template", func(args []string) error { | ||||
| 		printJSON(os.Stdout, false, hst.Template()) | ||||
| 		printJSON(os.Stdout, false, fst.Template()) | ||||
| 		return errSuccess | ||||
| 	}) | ||||
| 
 | ||||
| @ -278,7 +281,7 @@ func buildCommand(out io.Writer) command.Command { | ||||
| 	return c | ||||
| } | ||||
| 
 | ||||
| func runApp(config *hst.Config) { | ||||
| func runApp(config *fst.Config) { | ||||
| 	ctx, stop := signal.NotifyContext(context.Background(), | ||||
| 		syscall.SIGINT, syscall.SIGTERM) | ||||
| 	defer stop() // unreachable | ||||
| @ -286,7 +289,7 @@ func runApp(config *hst.Config) { | ||||
| 
 | ||||
| 	rs := new(app.RunState) | ||||
| 	if sa, err := a.Seal(config); err != nil { | ||||
| 		hlog.PrintBaseError(err, "cannot seal app:") | ||||
| 		fmsg.PrintBaseError(err, "cannot seal app:") | ||||
| 		internal.Exit(1) | ||||
| 	} else { | ||||
| 		internal.Exit(instance.PrintRunStateErr(instance.ISetuid, rs, sa.Run(rs))) | ||||
|  | ||||
							
								
								
									
										14
									
								
								main_test.go
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								main_test.go
									
									
									
									
									
								
							| @ -6,7 +6,7 @@ import ( | ||||
| 	"flag" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/command" | ||||
| 	"git.gensokyo.uk/security/fortify/command" | ||||
| ) | ||||
| 
 | ||||
| func TestHelp(t *testing.T) { | ||||
| @ -17,14 +17,14 @@ func TestHelp(t *testing.T) { | ||||
| 	}{ | ||||
| 		{ | ||||
| 			"main", []string{}, ` | ||||
| Usage:	hakurei [-h | --help] [-v] [--json] COMMAND [OPTIONS] | ||||
| Usage:	fortify [-h | --help] [-v] [--json] COMMAND [OPTIONS] | ||||
| 
 | ||||
| Commands: | ||||
|     app         Load app from configuration file | ||||
|     app         Launch app defined by the specified config file | ||||
|     run         Configure and start a permissive default sandbox | ||||
|     show        Show live or local app configuration | ||||
|     ps          List active instances | ||||
|     version     Display version information | ||||
|     show        Show the contents of an app configuration | ||||
|     ps          List active apps and their state | ||||
|     version     Show fortify version | ||||
|     license     Show full license text | ||||
|     template    Produce a config template | ||||
|     help        Show this help message | ||||
| @ -33,7 +33,7 @@ Commands: | ||||
| 		}, | ||||
| 		{ | ||||
| 			"run", []string{"run", "-h"}, ` | ||||
| Usage:	hakurei run [-h | --help] [--dbus-config <value>] [--dbus-system <value>] [--mpris] [--dbus-log] [--id <value>] [-a <int>] [-g <value>] [-d <value>] [-u <value>] [--wayland] [-X] [--dbus] [--pulse] COMMAND [OPTIONS] | ||||
| Usage:	fortify run [-h | --help] [--dbus-config <value>] [--dbus-system <value>] [--mpris] [--dbus-log] [--id <value>] [-a <int>] [-g <value>] [-d <value>] [-u <value>] [--wayland] [-X] [--dbus] [--pulse] COMMAND [OPTIONS] | ||||
| 
 | ||||
| Flags: | ||||
|   -X	Enable direct connection to X11 | ||||
|  | ||||
							
								
								
									
										77
									
								
								nixos.nix
									
									
									
									
									
								
							
							
						
						
									
										77
									
								
								nixos.nix
									
									
									
									
									
								
							| @ -9,7 +9,6 @@ packages: | ||||
| let | ||||
|   inherit (lib) | ||||
|     lists | ||||
|     attrsets | ||||
|     mkMerge | ||||
|     mkIf | ||||
|     mapAttrs | ||||
| @ -18,7 +17,7 @@ let | ||||
|     optionals | ||||
|     ; | ||||
| 
 | ||||
|   cfg = config.environment.hakurei; | ||||
|   cfg = config.environment.fortify; | ||||
| 
 | ||||
|   getsubuid = fid: aid: 1000000 + fid * 10000 + aid; | ||||
|   getsubname = fid: aid: "u${toString fid}_a${toString aid}"; | ||||
| @ -45,21 +44,20 @@ in | ||||
|         in | ||||
|         { | ||||
|           assertion = (lists.length conflictingApps) == 0; | ||||
|           message = "the following hakurei apps have conflicting identities: " + (builtins.concatStringsSep ", " conflictingApps); | ||||
|           message = "the following fortify apps have conflicting identities: " + (builtins.concatStringsSep ", " conflictingApps); | ||||
|         } | ||||
|       ) | ||||
|     ]; | ||||
| 
 | ||||
|     security.wrappers.hsu = { | ||||
| 
 | ||||
|       source = "${cfg.hsuPackage}/bin/hsu"; | ||||
|     security.wrappers.fsu = { | ||||
|       source = "${cfg.fsuPackage}/bin/fsu"; | ||||
|       setuid = true; | ||||
|       owner = "root"; | ||||
|       setgid = true; | ||||
|       group = "root"; | ||||
|     }; | ||||
| 
 | ||||
|     environment.etc.hsurc = { | ||||
|     environment.etc.fsurc = { | ||||
|       mode = "0400"; | ||||
|       text = foldlAttrs ( | ||||
|         acc: username: fid: | ||||
| @ -201,7 +199,7 @@ in | ||||
|                   }; | ||||
|                 in | ||||
|                 pkgs.writeShellScriptBin app.name '' | ||||
|                   exec hakurei${if app.verbose then " -v" else ""} app ${pkgs.writeText "hakurei-app-${app.name}.json" (builtins.toJSON conf)} $@ | ||||
|                   exec fortify${if app.verbose then " -v" else ""} app ${pkgs.writeText "fortify-${app.name}.json" (builtins.toJSON conf)} $@ | ||||
|                 '' | ||||
|               ) | ||||
|             ] | ||||
| @ -233,48 +231,25 @@ in | ||||
|       { | ||||
|         useUserPackages = false; # prevent users.users entries from being added | ||||
| 
 | ||||
|         users = | ||||
|           mkMerge | ||||
|             (foldlAttrs | ||||
|               ( | ||||
|                 acc: _: fid: | ||||
|                 foldlAttrs | ||||
|                   ( | ||||
|                     acc: _: app: | ||||
|                     ( | ||||
|                       let | ||||
|                         key = getsubname fid app.identity; | ||||
|                       in | ||||
|                       { | ||||
|                         usernames = acc.usernames // { | ||||
|                           ${key} = true; | ||||
|                         }; | ||||
|                         merge = acc.merge ++ [ | ||||
|                           { | ||||
|                             ${key} = mkMerge ( | ||||
|                               [ | ||||
|                                 app.extraConfig | ||||
|                                 { home.packages = app.packages; } | ||||
|                               ] | ||||
|                               ++ lib.optional (!attrsets.hasAttrByPath [ key ] acc.usernames) cfg.extraHomeConfig | ||||
|                             ); | ||||
|                           } | ||||
|                         ]; | ||||
|                       } | ||||
|                     ) | ||||
|                   ) | ||||
|                   { | ||||
|                     inherit (acc) usernames; | ||||
|                     merge = acc.merge ++ [ { ${getsubname fid 0} = cfg.extraHomeConfig; } ]; | ||||
|                   } | ||||
|                   cfg.apps | ||||
|               ) | ||||
|               { | ||||
|                 usernames = { }; | ||||
|                 merge = [ privPackages ]; | ||||
|               } | ||||
|               cfg.users | ||||
|             ).merge; | ||||
|         users = mkMerge ( | ||||
|           foldlAttrs ( | ||||
|             acc: _: fid: | ||||
|             acc | ||||
|             ++ foldlAttrs ( | ||||
|               acc': _: app: | ||||
|               acc' | ||||
|               ++ [ | ||||
|                 { | ||||
|                   ${getsubname fid app.identity} = mkMerge [ | ||||
|                     cfg.extraHomeConfig | ||||
|                     app.extraConfig | ||||
|                     { home.packages = app.packages; } | ||||
|                   ]; | ||||
|                 } | ||||
|               ] | ||||
|             ) [ { ${getsubname fid 0} = cfg.extraHomeConfig; } ] cfg.apps | ||||
|           ) [ privPackages ] cfg.users | ||||
|         ); | ||||
|       }; | ||||
| 
 | ||||
|     users = | ||||
| @ -282,7 +257,7 @@ in | ||||
|         getuser = fid: aid: { | ||||
|           isSystemUser = true; | ||||
|           createHome = true; | ||||
|           description = "Hakurei subordinate user ${toString aid} (u${toString fid})"; | ||||
|           description = "Fortify subordinate user ${toString aid} (u${toString fid})"; | ||||
|           group = getsubname fid aid; | ||||
|           home = getsubhome fid aid; | ||||
|           uid = getsubuid fid aid; | ||||
|  | ||||
							
								
								
									
										112
									
								
								options.md
									
									
									
									
									
								
							
							
						
						
									
										112
									
								
								options.md
									
									
									
									
									
								
							| @ -1,8 +1,8 @@ | ||||
| ## environment\.hakurei\.enable | ||||
| ## environment\.fortify\.enable | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| Whether to enable hakurei\. | ||||
| Whether to enable fortify\. | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -21,11 +21,11 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.package | ||||
| ## environment\.fortify\.package | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| The hakurei package to use\. | ||||
| The fortify package to use\. | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -35,13 +35,13 @@ package | ||||
| 
 | ||||
| 
 | ||||
| *Default:* | ||||
| ` <derivation hakurei-static-x86_64-unknown-linux-musl-0.4.1> ` | ||||
| ` <derivation fortify-static-x86_64-unknown-linux-musl-0.4.1> ` | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps | ||||
| ## environment\.fortify\.apps | ||||
| 
 | ||||
| Declaratively configured hakurei apps\. | ||||
| Declaratively configured fortify apps\. | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -55,7 +55,7 @@ attribute set of (submodule) | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.packages | ||||
| ## environment\.fortify\.apps\.\<name>\.packages | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -73,7 +73,7 @@ list of package | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.args | ||||
| ## environment\.fortify\.apps\.\<name>\.args | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -92,7 +92,7 @@ null or (list of string) | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.capability\.dbus | ||||
| ## environment\.fortify\.apps\.\<name>\.capability\.dbus | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -110,7 +110,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.capability\.pulse | ||||
| ## environment\.fortify\.apps\.\<name>\.capability\.pulse | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -128,7 +128,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.capability\.wayland | ||||
| ## environment\.fortify\.apps\.\<name>\.capability\.wayland | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -146,7 +146,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.capability\.x11 | ||||
| ## environment\.fortify\.apps\.\<name>\.capability\.x11 | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -164,7 +164,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.command | ||||
| ## environment\.fortify\.apps\.\<name>\.command | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -184,7 +184,7 @@ null or string | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.dbus\.session | ||||
| ## environment\.fortify\.apps\.\<name>\.dbus\.session | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -203,7 +203,7 @@ null or (function that evaluates to a(n) anything) | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.dbus\.system | ||||
| ## environment\.fortify\.apps\.\<name>\.dbus\.system | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -222,7 +222,7 @@ null or anything | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.devel | ||||
| ## environment\.fortify\.apps\.\<name>\.devel | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -245,7 +245,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.device | ||||
| ## environment\.fortify\.apps\.\<name>\.device | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -268,7 +268,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.env | ||||
| ## environment\.fortify\.apps\.\<name>\.env | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -286,7 +286,7 @@ null or (attribute set of string) | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.extraConfig | ||||
| ## environment\.fortify\.apps\.\<name>\.extraConfig | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -304,7 +304,7 @@ anything | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.extraPaths | ||||
| ## environment\.fortify\.apps\.\<name>\.extraPaths | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -322,7 +322,7 @@ list of (submodule) | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.extraPaths\.\*\.dev | ||||
| ## environment\.fortify\.apps\.\<name>\.extraPaths\.\*\.dev | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -345,7 +345,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.extraPaths\.\*\.dst | ||||
| ## environment\.fortify\.apps\.\<name>\.extraPaths\.\*\.dst | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -363,7 +363,7 @@ null or string | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.extraPaths\.\*\.require | ||||
| ## environment\.fortify\.apps\.\<name>\.extraPaths\.\*\.require | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -386,7 +386,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.extraPaths\.\*\.src | ||||
| ## environment\.fortify\.apps\.\<name>\.extraPaths\.\*\.src | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -399,7 +399,7 @@ string | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.extraPaths\.\*\.write | ||||
| ## environment\.fortify\.apps\.\<name>\.extraPaths\.\*\.write | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -422,7 +422,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.gpu | ||||
| ## environment\.fortify\.apps\.\<name>\.gpu | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -441,7 +441,7 @@ null or boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.groups | ||||
| ## environment\.fortify\.apps\.\<name>\.groups | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -459,7 +459,7 @@ list of string | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.identity | ||||
| ## environment\.fortify\.apps\.\<name>\.identity | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -472,7 +472,7 @@ integer between 1 and 9999 (both inclusive) | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.insecureWayland | ||||
| ## environment\.fortify\.apps\.\<name>\.insecureWayland | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -495,7 +495,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.mapRealUid | ||||
| ## environment\.fortify\.apps\.\<name>\.mapRealUid | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -518,7 +518,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.multiarch | ||||
| ## environment\.fortify\.apps\.\<name>\.multiarch | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -541,7 +541,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.name | ||||
| ## environment\.fortify\.apps\.\<name>\.name | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -554,7 +554,7 @@ string | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.net | ||||
| ## environment\.fortify\.apps\.\<name>\.net | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -577,7 +577,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.nix | ||||
| ## environment\.fortify\.apps\.\<name>\.nix | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -600,7 +600,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.path | ||||
| ## environment\.fortify\.apps\.\<name>\.path | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -619,7 +619,7 @@ null or string | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.script | ||||
| ## environment\.fortify\.apps\.\<name>\.script | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -637,7 +637,7 @@ null or string | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.share | ||||
| ## environment\.fortify\.apps\.\<name>\.share | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -656,7 +656,7 @@ null or package | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.shareUid | ||||
| ## environment\.fortify\.apps\.\<name>\.shareUid | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -679,7 +679,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.tty | ||||
| ## environment\.fortify\.apps\.\<name>\.tty | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -702,7 +702,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.useCommonPaths | ||||
| ## environment\.fortify\.apps\.\<name>\.useCommonPaths | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -725,7 +725,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.userns | ||||
| ## environment\.fortify\.apps\.\<name>\.userns | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -748,7 +748,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.apps\.\<name>\.verbose | ||||
| ## environment\.fortify\.apps\.\<name>\.verbose | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -771,7 +771,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.commonPaths | ||||
| ## environment\.fortify\.commonPaths | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -789,7 +789,7 @@ list of (submodule) | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.commonPaths\.\*\.dev | ||||
| ## environment\.fortify\.commonPaths\.\*\.dev | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -812,7 +812,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.commonPaths\.\*\.dst | ||||
| ## environment\.fortify\.commonPaths\.\*\.dst | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -830,7 +830,7 @@ null or string | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.commonPaths\.\*\.require | ||||
| ## environment\.fortify\.commonPaths\.\*\.require | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -853,7 +853,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.commonPaths\.\*\.src | ||||
| ## environment\.fortify\.commonPaths\.\*\.src | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -866,7 +866,7 @@ string | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.commonPaths\.\*\.write | ||||
| ## environment\.fortify\.commonPaths\.\*\.write | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -889,7 +889,7 @@ boolean | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.extraHomeConfig | ||||
| ## environment\.fortify\.extraHomeConfig | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -902,11 +902,11 @@ anything | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.hsuPackage | ||||
| ## environment\.fortify\.fsuPackage | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| The hsu package to use\. | ||||
| The fsu package to use\. | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -916,11 +916,11 @@ package | ||||
| 
 | ||||
| 
 | ||||
| *Default:* | ||||
| ` <derivation hakurei-hsu-0.4.1> ` | ||||
| ` <derivation fortify-fsu-0.4.1> ` | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.stateDir | ||||
| ## environment\.fortify\.stateDir | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| @ -933,11 +933,11 @@ string | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| ## environment\.hakurei\.users | ||||
| ## environment\.fortify\.users | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| Users allowed to spawn hakurei apps and their corresponding hakurei identity\. | ||||
| Users allowed to spawn fortify apps and their corresponding fortify fid\. | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
|  | ||||
							
								
								
									
										18
									
								
								options.nix
									
									
									
									
									
								
							
							
						
						
									
										18
									
								
								options.nix
									
									
									
									
									
								
							| @ -39,19 +39,19 @@ in | ||||
| 
 | ||||
| { | ||||
|   options = { | ||||
|     environment.hakurei = { | ||||
|       enable = mkEnableOption "hakurei"; | ||||
|     environment.fortify = { | ||||
|       enable = mkEnableOption "fortify"; | ||||
| 
 | ||||
|       package = mkOption { | ||||
|         type = types.package; | ||||
|         default = packages.${pkgs.system}.hakurei; | ||||
|         description = "The hakurei package to use."; | ||||
|         default = packages.${pkgs.system}.fortify; | ||||
|         description = "The fortify package to use."; | ||||
|       }; | ||||
| 
 | ||||
|       hsuPackage = mkOption { | ||||
|       fsuPackage = mkOption { | ||||
|         type = types.package; | ||||
|         default = packages.${pkgs.system}.hsu; | ||||
|         description = "The hsu package to use."; | ||||
|         default = packages.${pkgs.system}.fsu; | ||||
|         description = "The fsu package to use."; | ||||
|       }; | ||||
| 
 | ||||
|       users = mkOption { | ||||
| @ -61,7 +61,7 @@ in | ||||
|           in | ||||
|           attrsOf (ints.between 0 99); | ||||
|         description = '' | ||||
|           Users allowed to spawn hakurei apps and their corresponding hakurei identity. | ||||
|           Users allowed to spawn fortify apps and their corresponding fortify fid. | ||||
|         ''; | ||||
|       }; | ||||
| 
 | ||||
| @ -276,7 +276,7 @@ in | ||||
|           }); | ||||
|         default = { }; | ||||
|         description = '' | ||||
|           Declaratively configured hakurei apps. | ||||
|           Declaratively configured fortify apps. | ||||
|         ''; | ||||
|       }; | ||||
| 
 | ||||
|  | ||||
							
								
								
									
										47
									
								
								package.nix
									
									
									
									
									
								
							
							
						
						
									
										47
									
								
								package.nix
									
									
									
									
									
								
							| @ -30,42 +30,21 @@ | ||||
| }: | ||||
| 
 | ||||
| buildGoModule rec { | ||||
|   pname = "hakurei"; | ||||
|   version = "0.0.1"; | ||||
|   pname = "fortify"; | ||||
|   version = "0.4.1"; | ||||
| 
 | ||||
|   srcFiltered = builtins.path { | ||||
|   src = builtins.path { | ||||
|     name = "${pname}-src"; | ||||
|     path = lib.cleanSource ./.; | ||||
|     filter = path: type: !(type == "regular" && (lib.hasSuffix ".nix" path || lib.hasSuffix ".py" path)) && !(type == "directory" && lib.hasSuffix "/test" path) && !(type == "directory" && lib.hasSuffix "/cmd/hsu" path); | ||||
|     filter = path: type: !(type == "regular" && (lib.hasSuffix ".nix" path || lib.hasSuffix ".py" path)) && !(type == "directory" && lib.hasSuffix "/test" path) && !(type == "directory" && lib.hasSuffix "/cmd/fsu" path); | ||||
|   }; | ||||
|   vendorHash = null; | ||||
| 
 | ||||
|   src = stdenv.mkDerivation { | ||||
|     name = "${pname}-src-full"; | ||||
|     inherit version; | ||||
|     enableParallelBuilding = true; | ||||
|     src = srcFiltered; | ||||
| 
 | ||||
|     buildInputs = [ | ||||
|       wayland | ||||
|       wayland-protocols | ||||
|     ]; | ||||
| 
 | ||||
|     nativeBuildInputs = [ | ||||
|       go | ||||
|       pkg-config | ||||
|       wayland-scanner | ||||
|     ]; | ||||
| 
 | ||||
|     buildPhase = "GOCACHE=$(mktemp -d) go generate ./..."; | ||||
|     installPhase = "cp -r . $out"; | ||||
|   }; | ||||
| 
 | ||||
|   ldflags = | ||||
|     lib.attrsets.foldlAttrs | ||||
|       ( | ||||
|         ldflags: name: value: | ||||
|         ldflags ++ [ "-X git.gensokyo.uk/security/hakurei/internal.${name}=${value}" ] | ||||
|         ldflags ++ [ "-X git.gensokyo.uk/security/fortify/internal.${name}=${value}" ] | ||||
|       ) | ||||
|       ( | ||||
|         [ "-s -w" ] | ||||
| @ -76,7 +55,7 @@ buildGoModule rec { | ||||
|       ) | ||||
|       { | ||||
|         version = "v${version}"; | ||||
|         hsu = "/run/wrappers/bin/hsu"; | ||||
|         fsu = "/run/wrappers/bin/fsu"; | ||||
|       }; | ||||
| 
 | ||||
|   # nix build environment does not allow acls | ||||
| @ -88,6 +67,7 @@ buildGoModule rec { | ||||
|       libseccomp | ||||
|       acl | ||||
|       wayland | ||||
|       wayland-protocols | ||||
|     ] | ||||
|     ++ (with xorg; [ | ||||
|       libxcb | ||||
| @ -97,9 +77,14 @@ buildGoModule rec { | ||||
| 
 | ||||
|   nativeBuildInputs = [ | ||||
|     pkg-config | ||||
|     wayland-scanner | ||||
|     makeBinaryWrapper | ||||
|   ]; | ||||
| 
 | ||||
|   preBuild = '' | ||||
|     HOME="$(mktemp -d)" PATH="${pkg-config}/bin:$PATH" go generate ./... | ||||
|   ''; | ||||
| 
 | ||||
|   postInstall = | ||||
|     let | ||||
|       appPackages = [ | ||||
| @ -108,12 +93,12 @@ buildGoModule rec { | ||||
|       ]; | ||||
|     in | ||||
|     '' | ||||
|       install -D --target-directory=$out/share/zsh/site-functions dist/comp/* | ||||
|       install -D --target-directory=$out/share/zsh/site-functions comp/* | ||||
| 
 | ||||
|       mkdir "$out/libexec" | ||||
|       mv "$out"/bin/* "$out/libexec/" | ||||
| 
 | ||||
|       makeBinaryWrapper "$out/libexec/hakurei" "$out/bin/hakurei" \ | ||||
|       makeBinaryWrapper "$out/libexec/fortify" "$out/bin/fortify" \ | ||||
|         --inherit-argv0 --prefix PATH : ${lib.makeBinPath appPackages} | ||||
| 
 | ||||
|       makeBinaryWrapper "$out/libexec/fpkg" "$out/bin/fpkg" \ | ||||
| @ -135,10 +120,6 @@ buildGoModule rec { | ||||
|       gcc | ||||
|       xorg.xorgproto | ||||
|       util-linux | ||||
| 
 | ||||
|       # for go generate | ||||
|       wayland-protocols | ||||
|       wayland-scanner | ||||
|     ] | ||||
|     ++ buildInputs | ||||
|     ++ nativeBuildInputs; | ||||
|  | ||||
							
								
								
									
										22
									
								
								parse.go
									
									
									
									
									
								
							
							
						
						
									
										22
									
								
								parse.go
									
									
									
									
									
								
							| @ -10,19 +10,19 @@ import ( | ||||
| 	"strings" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/state" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/state" | ||||
| ) | ||||
| 
 | ||||
| func tryPath(name string) (config *hst.Config) { | ||||
| func tryPath(name string) (config *fst.Config) { | ||||
| 	var r io.Reader | ||||
| 	config = new(hst.Config) | ||||
| 	config = new(fst.Config) | ||||
| 
 | ||||
| 	if name != "-" { | ||||
| 		r = tryFd(name) | ||||
| 		if r == nil { | ||||
| 			hlog.Verbose("load configuration from file") | ||||
| 			fmsg.Verbose("load configuration from file") | ||||
| 
 | ||||
| 			if f, err := os.Open(name); err != nil { | ||||
| 				log.Fatalf("cannot access configuration file %q: %s", name, err) | ||||
| @ -51,11 +51,11 @@ func tryPath(name string) (config *hst.Config) { | ||||
| func tryFd(name string) io.ReadCloser { | ||||
| 	if v, err := strconv.Atoi(name); err != nil { | ||||
| 		if !errors.Is(err, strconv.ErrSyntax) { | ||||
| 			hlog.Verbosef("name cannot be interpreted as int64: %v", err) | ||||
| 			fmsg.Verbosef("name cannot be interpreted as int64: %v", err) | ||||
| 		} | ||||
| 		return nil | ||||
| 	} else { | ||||
| 		hlog.Verbosef("trying config stream from %d", v) | ||||
| 		fmsg.Verbosef("trying config stream from %d", v) | ||||
| 		fd := uintptr(v) | ||||
| 		if _, _, errno := syscall.Syscall(syscall.SYS_FCNTL, fd, syscall.F_GETFD, 0); errno != 0 { | ||||
| 			if errors.Is(errno, syscall.EBADF) { | ||||
| @ -67,7 +67,7 @@ func tryFd(name string) io.ReadCloser { | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| func tryShort(name string) (config *hst.Config, entry *state.State) { | ||||
| func tryShort(name string) (config *fst.Config, entry *state.State) { | ||||
| 	likePrefix := false | ||||
| 	if len(name) <= 32 { | ||||
| 		likePrefix = true | ||||
| @ -85,7 +85,7 @@ func tryShort(name string) (config *hst.Config, entry *state.State) { | ||||
| 
 | ||||
| 	// try to match from state store | ||||
| 	if likePrefix && len(name) >= 8 { | ||||
| 		hlog.Verbose("argument looks like prefix") | ||||
| 		fmsg.Verbose("argument looks like prefix") | ||||
| 
 | ||||
| 		s := state.NewMulti(std.Paths().RunDirPath) | ||||
| 		if entries, err := state.Join(s); err != nil { | ||||
| @ -101,7 +101,7 @@ func tryShort(name string) (config *hst.Config, entry *state.State) { | ||||
| 					break | ||||
| 				} | ||||
| 
 | ||||
| 				hlog.Verbosef("instance %s skipped", v) | ||||
| 				fmsg.Verbosef("instance %s skipped", v) | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
							
								
								
									
										20
									
								
								print.go
									
									
									
									
									
								
							
							
						
						
									
										20
									
								
								print.go
									
									
									
									
									
								
							| @ -12,21 +12,21 @@ import ( | ||||
| 	"text/tabwriter" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/state" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/state" | ||||
| ) | ||||
| 
 | ||||
| func printShowSystem(output io.Writer, short, flagJSON bool) { | ||||
| 	t := newPrinter(output) | ||||
| 	defer t.MustFlush() | ||||
| 
 | ||||
| 	info := new(hst.Info) | ||||
| 	info := new(fst.Info) | ||||
| 
 | ||||
| 	// get fid by querying uid of aid 0 | ||||
| 	if uid, err := std.Uid(0); err != nil { | ||||
| 		hlog.PrintBaseError(err, "cannot obtain uid from setuid wrapper:") | ||||
| 		fmsg.PrintBaseError(err, "cannot obtain uid from fsu:") | ||||
| 		os.Exit(1) | ||||
| 	} else { | ||||
| 		info.User = (uid / 10000) - 100 | ||||
| @ -42,7 +42,7 @@ func printShowSystem(output io.Writer, short, flagJSON bool) { | ||||
| 
 | ||||
| func printShowInstance( | ||||
| 	output io.Writer, now time.Time, | ||||
| 	instance *state.State, config *hst.Config, | ||||
| 	instance *state.State, config *fst.Config, | ||||
| 	short, flagJSON bool) { | ||||
| 	if flagJSON { | ||||
| 		if instance != nil { | ||||
| @ -69,9 +69,9 @@ func printShowInstance( | ||||
| 
 | ||||
| 	t.Printf("App\n") | ||||
| 	if config.ID != "" { | ||||
| 		t.Printf(" Identity:\t%d (%s)\n", config.Identity, config.ID) | ||||
| 		t.Printf(" ID:\t%d (%s)\n", config.Identity, config.ID) | ||||
| 	} else { | ||||
| 		t.Printf(" Identity:\t%d\n", config.Identity) | ||||
| 		t.Printf(" ID:\t%d\n", config.Identity) | ||||
| 	} | ||||
| 	t.Printf(" Enablements:\t%s\n", config.Enablements.String()) | ||||
| 	if len(config.Groups) > 0 { | ||||
| @ -264,7 +264,7 @@ func printPs(output io.Writer, now time.Time, s state.Store, short, flagJSON boo | ||||
| 			as = strconv.Itoa(e.Config.Identity) | ||||
| 			id := e.Config.ID | ||||
| 			if id == "" { | ||||
| 				id = "uk.gensokyo.hakurei." + e.s[:8] | ||||
| 				id = "uk.gensokyo.fortify." + e.s[:8] | ||||
| 			} | ||||
| 			as += " (" + id + ")" | ||||
| 		} | ||||
|  | ||||
| @ -5,10 +5,10 @@ import ( | ||||
| 	"testing" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/dbus" | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/app" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/state" | ||||
| 	"git.gensokyo.uk/security/fortify/dbus" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/app" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/state" | ||||
| ) | ||||
| 
 | ||||
| var ( | ||||
| @ -21,7 +21,7 @@ var ( | ||||
| 	testState = &state.State{ | ||||
| 		ID:     testID, | ||||
| 		PID:    0xDEADBEEF, | ||||
| 		Config: hst.Template(), | ||||
| 		Config: fst.Template(), | ||||
| 		Time:   testAppTime, | ||||
| 	} | ||||
| 	testTime    = time.Unix(3752, 1).UTC() | ||||
| @ -32,15 +32,15 @@ func Test_printShowInstance(t *testing.T) { | ||||
| 	testCases := []struct { | ||||
| 		name        string | ||||
| 		instance    *state.State | ||||
| 		config      *hst.Config | ||||
| 		config      *fst.Config | ||||
| 		short, json bool | ||||
| 		want        string | ||||
| 	}{ | ||||
| 		{"config", nil, hst.Template(), false, false, `App | ||||
|  Identity:       9 (org.chromium.Chromium) | ||||
| 		{"config", nil, fst.Template(), false, false, `App | ||||
|  ID:             9 (org.chromium.Chromium) | ||||
|  Enablements:    wayland, dbus, pulseaudio | ||||
|  Groups:         video, dialout, plugdev | ||||
|  Data:           /var/lib/hakurei/u0/org.chromium.Chromium | ||||
|  Data:           /var/lib/fortify/u0/org.chromium.Chromium | ||||
|  Hostname:       localhost | ||||
|  Flags:          userns devel net device tty mapuid autoetc | ||||
|  Etc:            /etc | ||||
| @ -53,12 +53,12 @@ Filesystem | ||||
|  +/run/current-system | ||||
|  +/run/opengl-driver | ||||
|  +/var/db/nix-channels | ||||
|  w*/var/lib/hakurei/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium | ||||
|  w*/var/lib/fortify/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium | ||||
|  d+/dev/dri | ||||
| 
 | ||||
| Extra ACL | ||||
|  --x+:/var/lib/hakurei/u0 | ||||
|  rwx:/var/lib/hakurei/u0/org.chromium.Chromium | ||||
|  --x+:/var/lib/fortify/u0 | ||||
|  rwx:/var/lib/fortify/u0/org.chromium.Chromium | ||||
| 
 | ||||
| Session bus | ||||
|  Filter:       true | ||||
| @ -72,23 +72,23 @@ System bus | ||||
|  Talk:      ["org.bluez" "org.freedesktop.Avahi" "org.freedesktop.UPower"] | ||||
| 
 | ||||
| `}, | ||||
| 		{"config pd", nil, new(hst.Config), false, false, `Warning: this configuration uses permissive defaults! | ||||
| 		{"config pd", nil, new(fst.Config), false, false, `Warning: this configuration uses permissive defaults! | ||||
| 
 | ||||
| App | ||||
|  Identity:       0 | ||||
|  ID:             0 | ||||
|  Enablements:    (no enablements) | ||||
| 
 | ||||
| `}, | ||||
| 		{"config flag none", nil, &hst.Config{Container: new(hst.ContainerConfig)}, false, false, `App | ||||
|  Identity:       0 | ||||
| 		{"config flag none", nil, &fst.Config{Container: new(fst.ContainerConfig)}, false, false, `App | ||||
|  ID:             0 | ||||
|  Enablements:    (no enablements) | ||||
|  Flags:          none | ||||
|  Etc:            /etc | ||||
|  Path:            | ||||
| 
 | ||||
| `}, | ||||
| 		{"config nil entries", nil, &hst.Config{Container: &hst.ContainerConfig{Filesystem: make([]*hst.FilesystemConfig, 1)}, ExtraPerms: make([]*hst.ExtraPermConfig, 1)}, false, false, `App | ||||
|  Identity:       0 | ||||
| 		{"config nil entries", nil, &fst.Config{Container: &fst.ContainerConfig{Filesystem: make([]*fst.FilesystemConfig, 1)}, ExtraPerms: make([]*fst.ExtraPermConfig, 1)}, false, false, `App | ||||
|  ID:             0 | ||||
|  Enablements:    (no enablements) | ||||
|  Flags:          none | ||||
|  Etc:            /etc | ||||
| @ -99,10 +99,10 @@ Filesystem | ||||
| Extra ACL | ||||
| 
 | ||||
| `}, | ||||
| 		{"config pd dbus see", nil, &hst.Config{SessionBus: &dbus.Config{See: []string{"org.example.test"}}}, false, false, `Warning: this configuration uses permissive defaults! | ||||
| 		{"config pd dbus see", nil, &fst.Config{SessionBus: &dbus.Config{See: []string{"org.example.test"}}}, false, false, `Warning: this configuration uses permissive defaults! | ||||
| 
 | ||||
| App | ||||
|  Identity:       0 | ||||
|  ID:             0 | ||||
|  Enablements:    (no enablements) | ||||
| 
 | ||||
| Session bus | ||||
| @ -111,15 +111,15 @@ Session bus | ||||
| 
 | ||||
| `}, | ||||
| 
 | ||||
| 		{"instance", testState, hst.Template(), false, false, `State | ||||
| 		{"instance", testState, fst.Template(), false, false, `State | ||||
|  Instance:    8e2c76b066dabe574cf073bdb46eb5c1 (3735928559) | ||||
|  Uptime:      1h2m32s | ||||
| 
 | ||||
| App | ||||
|  Identity:       9 (org.chromium.Chromium) | ||||
|  ID:             9 (org.chromium.Chromium) | ||||
|  Enablements:    wayland, dbus, pulseaudio | ||||
|  Groups:         video, dialout, plugdev | ||||
|  Data:           /var/lib/hakurei/u0/org.chromium.Chromium | ||||
|  Data:           /var/lib/fortify/u0/org.chromium.Chromium | ||||
|  Hostname:       localhost | ||||
|  Flags:          userns devel net device tty mapuid autoetc | ||||
|  Etc:            /etc | ||||
| @ -132,12 +132,12 @@ Filesystem | ||||
|  +/run/current-system | ||||
|  +/run/opengl-driver | ||||
|  +/var/db/nix-channels | ||||
|  w*/var/lib/hakurei/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium | ||||
|  w*/var/lib/fortify/u0/org.chromium.Chromium:/data/data/org.chromium.Chromium | ||||
|  d+/dev/dri | ||||
| 
 | ||||
| Extra ACL | ||||
|  --x+:/var/lib/hakurei/u0 | ||||
|  rwx:/var/lib/hakurei/u0/org.chromium.Chromium | ||||
|  --x+:/var/lib/fortify/u0 | ||||
|  rwx:/var/lib/fortify/u0/org.chromium.Chromium | ||||
| 
 | ||||
| Session bus | ||||
|  Filter:       true | ||||
| @ -151,14 +151,14 @@ System bus | ||||
|  Talk:      ["org.bluez" "org.freedesktop.Avahi" "org.freedesktop.UPower"] | ||||
| 
 | ||||
| `}, | ||||
| 		{"instance pd", testState, new(hst.Config), false, false, `Warning: this configuration uses permissive defaults! | ||||
| 		{"instance pd", testState, new(fst.Config), false, false, `Warning: this configuration uses permissive defaults! | ||||
| 
 | ||||
| State | ||||
|  Instance:    8e2c76b066dabe574cf073bdb46eb5c1 (3735928559) | ||||
|  Uptime:      1h2m32s | ||||
| 
 | ||||
| App | ||||
|  Identity:       0 | ||||
|  ID:             0 | ||||
|  Enablements:    (no enablements) | ||||
| 
 | ||||
| `}, | ||||
| @ -234,16 +234,16 @@ App | ||||
|     }, | ||||
|     "username": "chronos", | ||||
|     "shell": "/run/current-system/sw/bin/zsh", | ||||
|     "data": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
|     "data": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
|     "dir": "/data/data/org.chromium.Chromium", | ||||
|     "extra_perms": [ | ||||
|       { | ||||
|         "ensure": true, | ||||
|         "path": "/var/lib/hakurei/u0", | ||||
|         "path": "/var/lib/fortify/u0", | ||||
|         "x": true | ||||
|       }, | ||||
|       { | ||||
|         "path": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
|         "path": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
|         "r": true, | ||||
|         "w": true, | ||||
|         "x": true | ||||
| @ -285,7 +285,7 @@ App | ||||
|         }, | ||||
|         { | ||||
|           "dst": "/data/data/org.chromium.Chromium", | ||||
|           "src": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
|           "src": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
|           "write": true, | ||||
|           "require": true | ||||
|         }, | ||||
| @ -310,7 +310,7 @@ App | ||||
|   "time": "1970-01-01T00:00:00.000000009Z" | ||||
| } | ||||
| `}, | ||||
| 		{"json config", nil, hst.Template(), false, true, `{ | ||||
| 		{"json config", nil, fst.Template(), false, true, `{ | ||||
|   "id": "org.chromium.Chromium", | ||||
|   "path": "/run/current-system/sw/bin/chromium", | ||||
|   "args": [ | ||||
| @ -359,16 +359,16 @@ App | ||||
|   }, | ||||
|   "username": "chronos", | ||||
|   "shell": "/run/current-system/sw/bin/zsh", | ||||
|   "data": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
|   "data": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
|   "dir": "/data/data/org.chromium.Chromium", | ||||
|   "extra_perms": [ | ||||
|     { | ||||
|       "ensure": true, | ||||
|       "path": "/var/lib/hakurei/u0", | ||||
|       "path": "/var/lib/fortify/u0", | ||||
|       "x": true | ||||
|     }, | ||||
|     { | ||||
|       "path": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
|       "path": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
|       "r": true, | ||||
|       "w": true, | ||||
|       "x": true | ||||
| @ -410,7 +410,7 @@ App | ||||
|       }, | ||||
|       { | ||||
|         "dst": "/data/data/org.chromium.Chromium", | ||||
|         "src": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
|         "src": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
|         "write": true, | ||||
|         "require": true | ||||
|       }, | ||||
| @ -460,8 +460,8 @@ func Test_printPs(t *testing.T) { | ||||
| 		{"nil instance", state.Entries{testID: nil}, false, false, "    Instance    PID    Application    Uptime\n"}, | ||||
| 		{"state corruption", state.Entries{app.ID{}: testState}, false, false, "    Instance    PID    Application    Uptime\n"}, | ||||
| 
 | ||||
| 		{"valid pd", state.Entries{testID: &state.State{ID: testID, PID: 1 << 8, Config: new(hst.Config), Time: testAppTime}}, false, false, `    Instance    PID    Application                         Uptime | ||||
|     8e2c76b0    256    0 (uk.gensokyo.hakurei.8e2c76b0)    1h2m32s | ||||
| 		{"valid pd", state.Entries{testID: &state.State{ID: testID, PID: 1 << 8, Config: new(fst.Config), Time: testAppTime}}, false, false, `    Instance    PID    Application                         Uptime | ||||
|     8e2c76b0    256    0 (uk.gensokyo.fortify.8e2c76b0)    1h2m32s | ||||
| `}, | ||||
| 
 | ||||
| 		{"valid", state.Entries{testID: testState}, false, false, `    Instance    PID           Application                  Uptime | ||||
| @ -538,16 +538,16 @@ func Test_printPs(t *testing.T) { | ||||
|       }, | ||||
|       "username": "chronos", | ||||
|       "shell": "/run/current-system/sw/bin/zsh", | ||||
|       "data": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
|       "data": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
|       "dir": "/data/data/org.chromium.Chromium", | ||||
|       "extra_perms": [ | ||||
|         { | ||||
|           "ensure": true, | ||||
|           "path": "/var/lib/hakurei/u0", | ||||
|           "path": "/var/lib/fortify/u0", | ||||
|           "x": true | ||||
|         }, | ||||
|         { | ||||
|           "path": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
|           "path": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
|           "r": true, | ||||
|           "w": true, | ||||
|           "x": true | ||||
| @ -589,7 +589,7 @@ func Test_printPs(t *testing.T) { | ||||
|           }, | ||||
|           { | ||||
|             "dst": "/data/data/org.chromium.Chromium", | ||||
|             "src": "/var/lib/hakurei/u0/org.chromium.Chromium", | ||||
|             "src": "/var/lib/fortify/u0/org.chromium.Chromium", | ||||
|             "write": true, | ||||
|             "require": true | ||||
|           }, | ||||
|  | ||||
| @ -14,7 +14,7 @@ import ( | ||||
| 	"syscall" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| ) | ||||
| 
 | ||||
| type HardeningFlags uintptr | ||||
|  | ||||
| @ -12,13 +12,13 @@ import ( | ||||
| 	"testing" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/hst" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal" | ||||
| 	"git.gensokyo.uk/security/hakurei/internal/hlog" | ||||
| 	"git.gensokyo.uk/security/hakurei/ldd" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/vfs" | ||||
| 	"git.gensokyo.uk/security/fortify/fst" | ||||
| 	"git.gensokyo.uk/security/fortify/internal" | ||||
| 	"git.gensokyo.uk/security/fortify/internal/fmsg" | ||||
| 	"git.gensokyo.uk/security/fortify/ldd" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/vfs" | ||||
| ) | ||||
| 
 | ||||
| const ( | ||||
| @ -28,10 +28,10 @@ const ( | ||||
| 
 | ||||
| func TestContainer(t *testing.T) { | ||||
| 	{ | ||||
| 		oldVerbose := hlog.Load() | ||||
| 		oldVerbose := fmsg.Load() | ||||
| 		oldOutput := sandbox.GetOutput() | ||||
| 		internal.InstallFmsg(true) | ||||
| 		t.Cleanup(func() { hlog.Store(oldVerbose) }) | ||||
| 		t.Cleanup(func() { fmsg.Store(oldVerbose) }) | ||||
| 		t.Cleanup(func() { sandbox.SetOutput(oldOutput) }) | ||||
| 	} | ||||
| 
 | ||||
| @ -47,9 +47,9 @@ func TestContainer(t *testing.T) { | ||||
| 			new(sandbox.Ops), nil, "test-minimal"}, | ||||
| 		{"tmpfs", 0, | ||||
| 			new(sandbox.Ops). | ||||
| 				Tmpfs(hst.Tmp, 0, 0755), | ||||
| 				Tmpfs(fst.Tmp, 0, 0755), | ||||
| 			[]*vfs.MountInfoEntry{ | ||||
| 				e("/", hst.Tmp, "rw,nosuid,nodev,relatime", "tmpfs", "tmpfs", ignore), | ||||
| 				e("/", fst.Tmp, "rw,nosuid,nodev,relatime", "tmpfs", "tmpfs", ignore), | ||||
| 			}, "test-tmpfs"}, | ||||
| 		{"dev", sandbox.FAllowTTY, // go test output is not a tty | ||||
| 			new(sandbox.Ops). | ||||
| @ -70,7 +70,7 @@ func TestContainer(t *testing.T) { | ||||
| 
 | ||||
| 	for _, tc := range testCases { | ||||
| 		t.Run(tc.name, func(t *testing.T) { | ||||
| 			ctx, cancel := context.WithTimeout(t.Context(), 5*time.Second) | ||||
| 			ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) | ||||
| 			defer cancel() | ||||
| 
 | ||||
| 			container := sandbox.New(ctx, "/usr/bin/sandbox.test", "-test.v", | ||||
| @ -132,14 +132,14 @@ func TestContainer(t *testing.T) { | ||||
| 			container.Stdin = want | ||||
| 
 | ||||
| 			if err := container.Start(); err != nil { | ||||
| 				hlog.PrintBaseError(err, "start:") | ||||
| 				fmsg.PrintBaseError(err, "start:") | ||||
| 				t.Fatalf("cannot start container: %v", err) | ||||
| 			} else if err = container.Serve(); err != nil { | ||||
| 				hlog.PrintBaseError(err, "serve:") | ||||
| 				fmsg.PrintBaseError(err, "serve:") | ||||
| 				t.Errorf("cannot serve setup params: %v", err) | ||||
| 			} | ||||
| 			if err := container.Wait(); err != nil { | ||||
| 				hlog.PrintBaseError(err, "wait:") | ||||
| 				fmsg.PrintBaseError(err, "wait:") | ||||
| 				t.Fatalf("wait: %v", err) | ||||
| 			} | ||||
| 		}) | ||||
| @ -162,7 +162,7 @@ func e(root, target, vfsOptstr, fsType, source, fsOptstr string) *vfs.MountInfoE | ||||
| } | ||||
| 
 | ||||
| func TestContainerString(t *testing.T) { | ||||
| 	container := sandbox.New(t.Context(), "ldd", "/usr/bin/env") | ||||
| 	container := sandbox.New(context.TODO(), "ldd", "/usr/bin/env") | ||||
| 	container.Flags |= sandbox.FAllowDevel | ||||
| 	container.Seccomp |= seccomp.FilterMultiarch | ||||
| 	want := `argv: ["ldd" "/usr/bin/env"], flags: 0x2, seccomp: 0x2e` | ||||
| @ -175,8 +175,8 @@ func TestHelperInit(t *testing.T) { | ||||
| 	if len(os.Args) != 5 || os.Args[4] != "init" { | ||||
| 		return | ||||
| 	} | ||||
| 	sandbox.SetOutput(hlog.Output{}) | ||||
| 	sandbox.Init(hlog.Prepare, internal.InstallFmsg) | ||||
| 	sandbox.SetOutput(fmsg.Output{}) | ||||
| 	sandbox.Init(fmsg.Prepare, internal.InstallFmsg) | ||||
| } | ||||
| 
 | ||||
| func TestHelperCheckContainer(t *testing.T) { | ||||
|  | ||||
| @ -4,7 +4,7 @@ import ( | ||||
| 	"os" | ||||
| 	"testing" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox" | ||||
| ) | ||||
| 
 | ||||
| func TestExecutable(t *testing.T) { | ||||
|  | ||||
| @ -13,7 +13,7 @@ import ( | ||||
| 	"syscall" | ||||
| 	"time" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/seccomp" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/seccomp" | ||||
| ) | ||||
| 
 | ||||
| const ( | ||||
| @ -24,7 +24,7 @@ const ( | ||||
| 	basePath = "/tmp" | ||||
| 
 | ||||
| 	// setup params file descriptor | ||||
| 	setupEnv = "HAKUREI_SETUP" | ||||
| 	setupEnv = "FORTIFY_SETUP" | ||||
| ) | ||||
| 
 | ||||
| type initParams struct { | ||||
| @ -56,7 +56,7 @@ func Init(prepare func(prefix string), setVerbose func(verbose bool)) { | ||||
| 			log.Fatal("invalid setup descriptor") | ||||
| 		} | ||||
| 		if errors.Is(err, ErrNotSet) { | ||||
| 			log.Fatal("HAKUREI_SETUP not set") | ||||
| 			log.Fatal("FORTIFY_SETUP not set") | ||||
| 		} | ||||
| 
 | ||||
| 		log.Fatalf("cannot decode init setup payload: %v", err) | ||||
|  | ||||
| @ -7,7 +7,7 @@ import ( | ||||
| 	"path/filepath" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/vfs" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/vfs" | ||||
| ) | ||||
| 
 | ||||
| func (p *procPaths) bindMount(source, target string, flags uintptr, eq bool) error { | ||||
|  | ||||
| @ -10,7 +10,7 @@ import ( | ||||
| 	"strings" | ||||
| 	"syscall" | ||||
| 
 | ||||
| 	"git.gensokyo.uk/security/hakurei/sandbox/vfs" | ||||
| 	"git.gensokyo.uk/security/fortify/sandbox/vfs" | ||||
| ) | ||||
| 
 | ||||
| const ( | ||||
|  | ||||
Some files were not shown because too many files have changed in this diff Show More
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user