security
/
fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity
223 Commits 3 Branches 14 Tags 896 KiB
Commit Graph

13 Commits

Author SHA1 Message Date
Ophestra Umiker 9a13b311ac
app/config: rename map_real_uid from use_real_uid
test / test (push) Successful in 19s Details 
This option only changes mapped uid in the user namespace.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-09 12:01:34 +09:00
Ophestra Umiker 431aa32291
nix: remove absolute Exec paths
test / test (push) Successful in 26s Details 
Absolute paths set for Exec causes the program to be launched as the privileged user.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-08 02:05:47 +09:00
Ophestra Umiker ad80be721b
nix: improve start script
test / test (push) Successful in 23s Details 
Zsh store path in shebang. Replace writeShellScript with writeScript since runtimeShell is not overridable.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 14:09:41 +09:00
Ophestra Umiker 4d90e73366
nix: generate strict sandbox configuration
test / test (push) Successful in 22s Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 04:25:15 +09:00
Ophestra Umiker b9d5fe49cb
nix: pass $SHELL for shell interpreter 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-12 23:01:06 +09:00
Ophestra Umiker 8f03ddc3fa
app: remove bubblewrap launch method 
Launch methods serve the primary purpose of setting UID in the init namespace, which bubblewrap does not do. Furthermore, all applications will start within a bubblewrap sandbox once it has been implemented.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-10 00:11:04 +09:00
Ophestra Umiker 3d963b9f67
nix: include package buildInputs in devShells 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-17 23:15:33 +09:00
Ophestra Umiker d49b97b1d4
nix: pass method string directly 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-13 11:58:45 +09:00
Ophestra Umiker 88ac05be6d
nix: fix typo in nixos module implementation previously missed due to lazy eval 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-09 23:29:16 +09:00
Ophestra Umiker 396066de7b
nix: implement dbus-system option in nixos module 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-09 21:26:14 +09:00
Ophestra Umiker 0e5b85fd42
nix: implement new dbus options in nixos module 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-09 04:58:25 +09:00
Ophestra Umiker 60e4846542
nix: provide options for capability flags 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-08 02:45:00 +09:00
Ophestra Umiker 945cce2f5e
nix: implement nixos module 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-09-04 17:03:21 +09:00