security
/
fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity
247 Commits 3 Branches 14 Tags 896 KiB
Commit Graph

11 Commits

Author SHA1 Message Date
Ophestra Umiker b291f0b710
app: add nixos-based config test case
test / test (push) Successful in 20s Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-21 12:13:21 +09:00
Ophestra Umiker 05b7dbf066
app: alternative inner home path
test / test (push) Successful in 24s Details 
Support binding home to an alternative path in the mount namespace.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-18 00:18:21 +09:00
Ophestra Umiker df33123bd7
app: integrate fsu
test / test (push) Successful in 21s Details 
This removes the dependency on external user switchers like sudo/machinectl and decouples fortify user ids from the passwd database.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-16 21:19:45 +09:00
Ophestra Umiker 3dfc1fcd56
app: support full /dev access
test / test (push) Successful in 22s Details 
Also moved /dev/fortify to /fortify since it is impossible to create new directories in /dev from the init namespace and bind mounting its contents has undesirable side effects.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-06 03:49:39 +09:00
Ophestra Umiker 69cc64ef56
linux: provide access to stdout
test / test (push) Successful in 22s Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-04 22:55:46 +09:00
Ophestra Umiker fc25ac2523
app: separate auto etc from permissive defaults
test / test (push) Successful in 23s Details 
Populating /etc with symlinks is quite useful even outside the permissive defaults usage pattern.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-04 22:18:05 +09:00
Ophestra Umiker 7962681f4a
app: format mapped uid instead of real uid
test / test (push) Successful in 19s Details 
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-04 00:49:32 +09:00
Ophestra Umiker 584732f80a
cmd: shim and init into separate binaries
test / test (push) Successful in 19s Details 
This change also fixes a deadlock when shim fails to connect and complete the setup.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-11-02 03:13:57 +09:00
Ophestra Umiker 51e84ba8a5
system/dbus: compare sealed value by string
test / test (push) Successful in 19s Details 
Stringer method of dbus.Proxy returns a string representation of its args stream when sealed.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-27 12:09:34 +09:00
Ophestra Umiker 7df9d8d01d
system: move sd_booted implementation to os abstraction 
This implements lazy loading of the systemd marker (they are not accessed in init and shim) and ensures consistent behaviour when running with a stub.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-27 12:09:34 +09:00
Ophestra Umiker 093e99d062
app: separate nixos test cases from tests
test / test (push) Successful in 20s Details 
Test cases are very long, separating them improves editor performance.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
 2024-10-25 17:44:29 +09:00