fortify

Commit Graph

Author	SHA1	Message	Date
Ophestra Umiker	b291f0b710	app: add nixos-based config test case test / test (push) Successful in 20s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-21 12:13:21 +09:00
Ophestra Umiker	3a20b149ce	update README document test / test (push) Successful in 26s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-21 11:22:34 +09:00
Ophestra Umiker	30b8bce90a	fortify: zsh completion test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-20 01:25:19 +09:00
Ophestra Umiker	de0d78daae	release: 0.2.1 release / release (push) Successful in 1m4s Details test / test (push) Successful in 20s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 21:03:50 +09:00
Ophestra Umiker	6bf33ce507	fortify: use resolved username test / test (push) Successful in 21s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 21:03:09 +09:00
Ophestra Umiker	9faf3b3596	app: validate username test / test (push) Successful in 23s Details This value is used for passwd generation. Bad input can cause very confusing issues. This is not a security issue, however validation will improve user experience. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 21:01:41 +09:00
Ophestra Umiker	d99c8b1fb4	release: 0.2.0 release / release (push) Successful in 44s Details test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 18:15:09 +09:00
Ophestra Umiker	6e4870775f	update README document test / test (push) Successful in 20s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 18:14:06 +09:00
Ophestra Umiker	0a546885e3	nix: update options doc test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 18:12:35 +09:00
Ophestra Umiker	653d69da0a	nix: module descriptions test / test (push) Successful in 24s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 18:10:57 +09:00
Ophestra Umiker	f8256137ae	nix: separate module options from implementation test / test (push) Successful in 25s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-19 17:08:22 +09:00
Ophestra Umiker	54b47b0315	nix: copy pixmaps directory to share package test / test (push) Successful in 21s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 14:46:08 +09:00
Ophestra Umiker	ae2628e57a	cmd/fshim/ipc: install signal handler on shim start test / test (push) Successful in 20s Details Getting killed at this point will result in inconsistent state. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 13:33:46 +09:00
Ophestra Umiker	c026a4b5dc	fortify: permissive defaults resolve home directory from os test / test (push) Successful in 21s Details When starting with the permissive defaults "run" command, attempt to resolve home directory from os by default and fall back to /var/empty. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 13:01:07 +09:00
Ophestra Umiker	748a0ae2c8	nix: wrap program from libexec test / test (push) Successful in 24s Details This avoids renaming the fortify binary. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 12:58:47 +09:00
Ophestra Umiker	8f3f0c7bbf	nix: integrate dynamic users test / test (push) Successful in 21s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 02:49:48 +09:00
Ophestra Umiker	05b7dbf066	app: alternative inner home path test / test (push) Successful in 24s Details Support binding home to an alternative path in the mount namespace. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-18 00:18:21 +09:00
Ophestra Umiker	866270ff05	fmsg: add to wg prior to enqueue test / test (push) Successful in 27s Details Adding after channel write is racy. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:50:02 +09:00
Ophestra Umiker	c1fad649e8	app/start: check for cleanup and abort condition test / test (push) Successful in 21s Details Dirty fix. Will rewrite after fsu integration complete. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:41:52 +09:00
Ophestra Umiker	b5f01ef20b	app: append # for ChangeHosts message with numerical uid test / test (push) Successful in 21s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:40:37 +09:00
Ophestra Umiker	2e23cef7bb	cmd/fuserdb: generate group entries Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 23:31:06 +09:00
Ophestra Umiker	6a6d30af1f	cmd/fuserdb: systemd userdb drop-in entries generator test / test (push) Successful in 20s Details This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-17 02:16:02 +09:00
Ophestra Umiker	df33123bd7	app: integrate fsu test / test (push) Successful in 21s Details This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-16 21:19:45 +09:00
Ophestra Umiker	1a09b55bd4	nix: remove portal paths from default test / test (push) Successful in 27s Details Despite presenting itself as a generic desktop integration interface, xdg-desktop portal is highly flatpak-centric and only supports flatpak and snap in practice. It is a significant attack surface to begin with as it is a privileged process which accepts input from unprivileged processes, and the lack of support for anything other than fortify also introduces various information leaks when exposed to fortify as it treats fortified programs as unsandboxed, privileged programs in many cases. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-10 22:24:17 +09:00
Ophestra Umiker	9a13b311ac	app/config: rename map_real_uid from use_real_uid test / test (push) Successful in 19s Details This option only changes mapped uid in the user namespace. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-09 12:01:34 +09:00
Ophestra Umiker	45fead18c3	cmd/fshim: set no_new_privs flag Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-09 11:50:56 +09:00
Ophestra Umiker	431aa32291	nix: remove absolute Exec paths test / test (push) Successful in 26s Details Absolute paths set for Exec causes the program to be launched as the privileged user. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-08 02:05:47 +09:00
Ophestra Umiker	3962705126	nix: keep fshim and finit names test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 14:59:28 +09:00
Ophestra Umiker	ad80be721b	nix: improve start script test / test (push) Successful in 23s Details Zsh store path in shebang. Replace writeShellScript with writeScript since runtimeShell is not overridable. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 14:09:41 +09:00
Ophestra Umiker	f831948bca	release: 0.1.0 release / release (push) Successful in 28s Details test / test (push) Successful in 21s Details This release significantly changes the command line interface, and updates the NixOS module to finally produce meaningful sandbox configuration. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 04:37:43 +09:00
Ophestra Umiker	2e31b3d3a1	update README document test / test (push) Successful in 32s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 04:35:52 +09:00
Ophestra Umiker	4d90e73366	nix: generate strict sandbox configuration test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 04:25:15 +09:00
Ophestra Umiker	3dfc1fcd56	app: support full /dev access test / test (push) Successful in 22s Details Also moved /dev/fortify to /fortify since it is impossible to create new directories in /dev from the init namespace and bind mounting its contents has undesirable side effects. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-06 03:49:39 +09:00
Ophestra Umiker	89bafd0c22	fortify: root check before command handling test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-05 12:57:03 +09:00
Ophestra Umiker	861bb1274f	fortify: override default usage function test / test (push) Successful in 23s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-05 00:12:31 +09:00
Ophestra Umiker	714818c8aa	fortify: implement cleaner argument structure test / test (push) Successful in 24s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-05 00:07:36 +09:00
Ophestra Umiker	69cc64ef56	linux: provide access to stdout test / test (push) Successful in 22s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 22:55:46 +09:00
Ophestra Umiker	fc25ac2523	app: separate auto etc from permissive defaults test / test (push) Successful in 23s Details Populating /etc with symlinks is quite useful even outside the permissive defaults usage pattern. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 22:18:05 +09:00
Ophestra Umiker	d909b1190a	app/config: UseRealUID as true in template test / test (push) Successful in 24s Details The template is based on a Chromium setup, which this workaround was created for. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 19:45:31 +09:00
Ophestra Umiker	cfd05b10f1	release: 0.0.11 release / release (push) Successful in 28s Details test / test (push) Successful in 19s Details This will be the final release before major command line interface changes. This version is tagged as it contains many fixes that still impacts the permissive defaults usage pattern. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 13:46:47 +09:00
Ophestra Umiker	aa067436a7	workflows: build all packages with full ldflags test / test (push) Successful in 20s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 13:43:57 +09:00
Ophestra Umiker	d7df24c999	fmsg: drop messages when msgbuf is full during withhold test / test (push) Successful in 20s Details Logging functions are not expected to block. This change fixes multiple hangs where more than 64 messages are produced during withhold. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 12:56:19 +09:00
Ophestra Umiker	88abcbe0b2	cmd/fsu: remove import of internal package test / test (push) Successful in 24s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 12:32:14 +09:00
Ophestra Umiker	af15b1c048	app: support mapping target uid as privileged uid in sandbox test / test (push) Successful in 40s Details Chromium's D-Bus client implementation refuses to work when its getuid call returns a different value than what the D-Bus server is running as. The reason behind this is not fully understood, but this workaround is implemented to support chromium and electron apps. This is not used by default since it has many side effects that break many other programs, like SSH on NixOS. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 03:15:39 +09:00
Ophestra Umiker	7962681f4a	app: format mapped uid instead of real uid test / test (push) Successful in 19s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-04 00:49:32 +09:00
Ophestra Umiker	bfcce3ff75	system/dbus: buffer xdg-dbus-proxy messages test / test (push) Successful in 21s Details Pointing xdg-dbus-proxy to stdout/stderr makes a huge mess. This change enables app to neatly print out prefixed xdg-dbus-proxy messages after output is resumed. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-03 03:07:02 +09:00
Ophestra Umiker	8cd3651bb6	cmd/fshim/ipc: friendly setup timeout message test / test (push) Successful in 22s Details This message eventually gets returned by the app's Start method, so they should be wrapped to provide a friendly message. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-03 02:03:30 +09:00
Ophestra Umiker	422d8e00d5	fortify: replace direct syscall with prctl wrapper test / test (push) Successful in 20s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 17:00:25 +09:00
Ophestra Umiker	584732f80a	cmd: shim and init into separate binaries test / test (push) Successful in 19s Details This change also fixes a deadlock when shim fails to connect and complete the setup. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-11-02 03:13:57 +09:00
Ophestra Umiker	4b7b899bb3	add package doc comments test / test (push) Successful in 19s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 20:57:59 +09:00

1 2 3 4 5

247 Commits All Branches Search

247 Commits

All Branches