fortify

Commit Graph

Author	SHA1	Message	Date
Ophestra Umiker	4b7b899bb3	add package doc comments test / test (push) Successful in 19s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-28 20:57:59 +09:00
Ophestra Umiker	ae1a102882	fmsg: support temporarily withholding output test / test (push) Successful in 31s Details Trying to print to a shared stdout is a terrible idea. This change makes it possible to withhold output for the lifetime of the sandbox. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-26 23:09:32 +09:00
Ophestra Umiker	050ffceb27	helper/bwrap: register generic PermConfig types with gob test / test (push) Successful in 21s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-25 13:26:01 +09:00
Ophestra Umiker	65af1684e3	migrate to git.ophivana.moe/security/fortify test / test (push) Successful in 14s Details Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-20 19:50:13 +09:00
Ophestra Umiker	184a5f29fa	helper/bwrap: add fortify permissive default test case Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-15 02:56:13 +09:00
Ophestra Umiker	3015266e5a	helper/bwrap: sort SetEnv arguments This guarantees consistency of resulting args. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-15 02:55:48 +09:00
Ophestra Umiker	2faf510146	helper/bwrap: ordered filesystem args The argument builder was written based on the incorrect assumption that bwrap arguments are unordered. The argument builder is replaced in this commit to correct that mistake. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-15 02:15:55 +09:00
Ophestra Umiker	a0db19b9ad	helper/bwrap: format mode in octal Bubblewrap expects an octal representation of mode. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-14 13:47:50 +09:00
Ophestra Umiker	aee96b0fdf	helper/bwrap: allow pushing generic arguments to the end of argument stream Bwrap argument order determines the order their corresponding actions are performed. This allows generic arguments like tmpfs to the end of the stream to override bind mounts. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-13 02:26:01 +09:00
Ophestra Umiker	8d82446d97	helper: remove unused bwrap config field This configuration is not saved anywhere, and does not need to be saved. Bwrap configuration information is already saved into p. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-12 00:55:14 +09:00
Ophestra Umiker	713872a5cd	helper/bwrap: move interfaceArgs before stringArgs Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-11 04:12:47 +09:00
Ophestra Umiker	101e49a48b	helper/bwrap: proc, dev and mqueue as string arguments These flags do not support --chmod. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-11 01:30:11 +09:00
Ophestra Umiker	b99ed94386	helper/bwrap: pass --unshare-user when unshare everything Bubblewrap apparently requires --unshare-user even when --unshare-all is set to apply --disable-userns. This behaviour is not clearly documented. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 00:22:48 +09:00
Ophestra Umiker	c201c30c7f	helper/bwrap: check args only for internal tests Tests internal to the helper package sets crash-test-dummy as the command whenever a launch is expected to go through, and the hardcoded args are only valid for internal tests, so this characteristic is used here to exclude external tests that pass real program names and custom bwrap configurations. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-09 00:21:31 +09:00
Ophestra Umiker	7c7999e9e5	helper: implementation of helper.Helper using bwrap Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-08 18:02:38 +09:00
Ophestra Umiker	c6223771db	helper: generalise helper.Helper test For testing the upcoming bwrap implementation of helper.Helper as it must have identical behaviour. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-08 14:02:54 +09:00
Ophestra Umiker	3c5185d770	helper: move test sample data out of direct Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-07 22:51:08 +09:00
Ophestra Umiker	85407dd3c0	helper: helper.Helper interface For upcoming bwrap implementation of helper.Helper Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-07 15:37:52 +09:00
Ophestra Umiker	6a2802cf30	helper: move bwrap into helper Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-07 14:40:35 +09:00
Ophestra Umiker	0fb9e40191	helper/args: MustNewCheckedArgs for cleaner hardcoded args Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-07 13:33:18 +09:00
Ophestra Umiker	9647eb6a6b	helper: separate pipes from Helper Upcoming bwrap helper implementation requires two sets of pipes to be managed, fd will also no longer be constant. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-07 12:48:20 +09:00
Ophestra Umiker	18d9ce733e	helper: test non-existent helpers Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-06 16:00:59 +09:00
Ophestra Umiker	7e7327ebf8	helper: export internal stub functions for cross-package testing Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-29 15:22:35 +09:00
Ophestra Umiker	3bf456da65	helper: test child process handling The stub child process simulates reading from the argument fd and copies the entire payload unmodified to stdout. If status pipe is enabled it will simulate sync fd behaviour as well. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-29 14:59:39 +09:00
Ophestra Umiker	61ba841c88	helper: remove unreachable check Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-29 14:48:38 +09:00
Ophestra Umiker	d530a9e9f9	helper: stub helper for tests Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-29 14:40:01 +09:00
Ophestra Umiker	8492239cba	helper/args: simplify argument parsing and eliminate excess memory copies Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-25 14:00:30 +09:00
Ophestra Umiker	97bab6c406	helper: clean up and separate helper process management from dbus The previous code was poorly documented and made little sense in some parts. This is a generalised and cleaned up implementation in the helper package making use of the Args interface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-25 01:16:06 +09:00
Ophestra Umiker	831b1aad6f	helper/args: hold a read lock in WriteTo Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-24 20:22:37 +09:00
Ophestra Umiker	000607da5f	helper: separate helper args fd builder from dbus This method of passing arguments is used in bubblewrap as well as other tools, this commit separates the argument builder/writer to the helper package and generalise it as an interface. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-09-24 16:11:08 +09:00

30 Commits