fortify

Commit Graph

Author	SHA1	Message	Date
Ophestra Umiker	743b6afbbb	workflows: rename binary to fortify release / release (push) Has been cancelled Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-04 01:27:04 +09:00
Ophestra Umiker	d8f76f3b25	rename to fortify and restructure release / release (push) Has been cancelled Details More sandbox features will be added and this will no longer track ego's features and behaviour. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-04 01:20:12 +09:00
Ophestra Umiker	7e6eb82195	license: embed license in executable release / release (push) Successful in 54s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-16 22:07:40 +09:00
Ophestra Umiker	09507a541b	nix: build directly with buildGoModules Since we have no dependencies, we don't need a vendor hash, so doing this actually makes sense. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-16 21:54:44 +09:00
Ophestra Umiker	1f72c30033	adapt README document Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-16 21:33:31 +09:00
Ophestra Umiker	e1a96ded34	apply MIT license Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-16 20:49:00 +09:00
Ophestra Umiker	18db464bd5	apply X11 license release / release (push) Successful in 35s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-16 14:20:17 +09:00
Ophestra Umiker	a3c2916c1a	state: track launcher states in runDir and clean up before exit X11 hosts and ACL rules are no longer necessary after all launcher processes exit. This reverts all changes to the system made during setup when no launchers remain. State information is also saved in runDir which can be tracked externally. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-16 14:19:43 +09:00
Ophestra Umiker	392717c6dc	workflows: add release workflow release / release (push) Successful in 28s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-15 23:47:08 +09:00
Ophestra Umiker	da7e404bcf	main: implement sudo and machinectl launcher methods This does almost exactly what github:intgr/ego does, with some minor optimisations and corrections. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-15 23:29:21 +09:00
Ophestra Umiker	1cd0846dc9	launcher: implement launcher wrapper There is no way to have machinectl pass part of its argv to the child, and formatting the string for a shell is highly error-prone and complex, so the argv slice is encoded and passed to a launcher process launched by machinectl which then calls execve(2) to start the final process. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-15 22:56:50 +09:00
Ophestra Umiker	0bd452ad9b	util: PulseAudio cookie discovery This appears to be how a regular PulseAudio client discovers the PulseAudio cookie. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-15 16:25:44 +09:00
Ophestra Umiker	7d96b0bf35	acl: fix memory leak in removeEntry According to manpage acl_get_qualifier(3) the void * returned by this function could be allocated on the heap. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-15 12:40:29 +09:00
Ophestra Umiker	289e681c41	util: file copy and exec.LookPath wrapper Add convenience functions for copying files to owner readable targets and LookPath comma ok wrapper. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-15 01:20:52 +09:00
Ophestra Umiker	190eb088bc	nix: add libxcb package to dev shell Since we link libxcb as well now this is needed in the dev shell for it to build properly without impure. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-15 00:38:11 +09:00
Ophestra Umiker	518fd54ff3	x11: wrap libxcb ChangeHosts request Even though many pure Go libxcb implementations exist, it is at least as complex and unreadable as libxcb, if not more. Since well known libraries like SDL, qt and gtk uses libxcb, and they somehow understand how to use it, I can only assume these people have read enough code to make sure it's correct enough. Call it wishful thinking. I don't care anymore. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-14 18:31:53 +09:00
Ophestra Umiker	65c02b540d	util: port sd_booted function Manpage provided by systemd states that the sd_booted function internally "checks whether the directory /run/systemd/system/ exists", as well as that "a simple check like this can also be implemented trivially in shell or any other language". This implies the behaviour of this function can be expected to be stable. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-11 01:13:41 +09:00
Ophestra Umiker	94c69806ef	nix: set up devShell Since we're using cgo to call into libacl a few dependencies other than go are required to build. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-11 01:10:35 +09:00
Ophestra Umiker	2ef29ab52e	acl: implement acl utils via libacl The library is simple and should be easy to port to Go, however correctness matters more in this case and overhead from cgo is negligible for our usage scenario. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-11 00:38:21 +09:00
Ophestra Umiker	491cc16d53	cli: parse and resolve flags Copy all flags from upstream. The machinectl flag is dropped as it does nothing. the flag package is used to reduce complexity since we do not care about compatibility with upstream. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-07-09 15:39:40 +09:00

20 Commits All Branches Search

20 Commits

All Branches