Ophestra Umiker
6a6d30af1f
cmd/fuserdb: systemd userdb drop-in entries generator
...
test / test (push) Successful in 20s
Details
This provides user records via nss-systemd. Static drop-in entries are generated to reduce complexity and attack surface.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-17 02:16:02 +09:00
Ophestra Umiker
df33123bd7
app: integrate fsu
...
test / test (push) Successful in 21s
Details
This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-16 21:19:45 +09:00
Ophestra Umiker
3962705126
nix: keep fshim and finit names
...
test / test (push) Successful in 22s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-06 14:59:28 +09:00
Ophestra Umiker
f831948bca
release: 0.1.0
...
release / release (push) Successful in 28s
Details
test / test (push) Successful in 21s
Details
This release significantly changes the command line interface, and updates the NixOS module to finally produce meaningful sandbox configuration.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-06 04:37:43 +09:00
Ophestra Umiker
cfd05b10f1
release: 0.0.11
...
release / release (push) Successful in 28s
Details
test / test (push) Successful in 19s
Details
This will be the final release before major command line interface changes. This version is tagged as it contains many fixes that still impacts the permissive defaults usage pattern.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-04 13:46:47 +09:00
Ophestra Umiker
88abcbe0b2
cmd/fsu: remove import of internal package
...
test / test (push) Successful in 24s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-04 12:32:14 +09:00
Ophestra Umiker
584732f80a
cmd: shim and init into separate binaries
...
test / test (push) Successful in 19s
Details
This change also fixes a deadlock when shim fails to connect and complete the setup.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-11-02 03:13:57 +09:00
Ophestra Umiker
563c39c2d9
release: 0.0.10
...
release / release (push) Successful in 24s
Details
test / test (push) Successful in 19s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-28 20:38:10 +09:00
Ophestra Umiker
aa1f96eeeb
fsu: check parent executable path
...
test / test (push) Successful in 19s
Details
Only allow main program to launch fsu. This change and further checks in the main program reduces attack surface.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-28 18:52:23 +09:00
Ophestra Umiker
d9cb2a9f2b
fsu: implement simple setuid user switcher
...
Contains path to fortify, set at compile time, authenticates based on a simple uid range assignment file which also acts as the allow list.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-28 00:02:34 +09:00
Ophestra Umiker
6d8bcb63f2
release: 0.0.9
...
release / release (push) Successful in 27s
Details
test / test (push) Successful in 22s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-27 01:25:24 +09:00
Ophestra Umiker
2f34627d37
release: 0.0.8
...
release / release (push) Successful in 31s
Details
test / test (push) Successful in 20s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-27 00:49:50 +09:00
Ophestra Umiker
133f23e0de
release: 0.0.7
...
release / release (push) Successful in 21s
Details
test / test (push) Successful in 11s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-20 19:50:59 +09:00
Ophestra Umiker
ecce832d93
release: 0.0.6
...
release / release (push) Successful in 1m46s
Details
test / test (push) Successful in 1m39s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-18 01:26:42 +09:00
Ophestra Umiker
4ebb98649e
release: 0.0.5
...
release / release (push) Successful in 1m26s
Details
test / test (push) Successful in 3m6s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-17 20:48:41 +09:00
Ophestra Umiker
689f5bed57
release: 0.0.4
...
release / release (push) Successful in 1m32s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-15 02:56:49 +09:00
Ophestra Umiker
41a7eb567e
release: 0.0.3
...
release / release (push) Successful in 2m38s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-14 02:31:11 +09:00
Ophestra Umiker
f4c44a9441
release: 0.0.2
...
release / release (push) Successful in 2m15s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-10 00:13:06 +09:00
Ophestra Umiker
22dfa73efe
release: 0.0.1
...
release / release (push) Successful in 1m51s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-09 20:48:38 +09:00
Ophestra Umiker
996bf67ac2
release: 0.0.0-beta.5
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-28 00:25:16 +09:00
Ophestra Umiker
a75229991c
nix: make bubblewrap available in PATH
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-23 18:21:12 +09:00
Ophestra Umiker
9a9fcdb9ec
release: 0.0.0-beta.4
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-22 01:18:47 +09:00
Ophestra Umiker
2763ec730e
release: 0.0.0-beta.3
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-17 23:17:39 +09:00
Ophestra Umiker
6a6f62efa6
release: 0.0.0-beta.2
...
This project started as a Go implementation of https://github.com/intgr/ego . That is clearly no longer what it is anymore and the tagged releases no longer made sense, so we're going back to v0.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-16 20:41:02 +09:00
Ophestra Umiker
c1bfe2cd74
release: 1.1.0
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-09 05:14:53 +09:00
Ophestra Umiker
cdc08817a7
nix: add xdg-dbus-proxy to PATH via wrapProgram
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-09 04:37:12 +09:00
Ophestra Umiker
58d3a1fbc7
release: 1.0.4
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-04 19:57:47 +09:00
Ophestra Umiker
945cce2f5e
nix: implement nixos module
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-04 17:03:21 +09:00