Ophestra Umiker
101e49a48b
helper/bwrap: proc, dev and mqueue as string arguments
...
These flags do not support --chmod.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-11 01:30:11 +09:00
Ophestra Umiker
a3aadd4146
app: tag ACL operations for revert
...
ACL operations are now tagged with the enablement causing them. At the end of child process's life, enablements of all remaining launchers are resolved and inverted. This allows Wait to only revert operations targeting resources no longer required by other launchers.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-10 14:33:58 +09:00
Ophestra Umiker
86cb5ac1db
app: hardlink sockets to process-specific share local to XDG_RUNTIME_DIR
...
This avoids adding ACLs to the PulseAudio directory.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-10 12:44:08 +09:00
Ophestra Umiker
2220055e26
state/simple: prefix store path
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-10 11:03:31 +09:00
Ophestra Umiker
f4c44a9441
release: 0.0.2
...
release / release (push) Successful in 2m15s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-10 00:13:06 +09:00
Ophestra Umiker
8f03ddc3fa
app: remove bubblewrap launch method
...
Launch methods serve the primary purpose of setting UID in the init namespace, which bubblewrap does not do. Furthermore, all applications will start within a bubblewrap sandbox once it has been implemented.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-10 00:11:04 +09:00
Ophestra Umiker
d41b9d2d9c
ldd: separate Parse from Exec and trim space
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-09 23:51:15 +09:00
Ophestra Umiker
22dfa73efe
release: 0.0.1
...
release / release (push) Successful in 1m51s
Details
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-09 20:48:38 +09:00
Ophestra Umiker
753c5191b1
dbus/run: support running xdg-dbus-proxy in a restrictive bubblewrap sandbox
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-09 20:41:42 +09:00
Ophestra Umiker
6232291cae
ldd: implement strict ldd output parser
...
Fortify needs to internally resolve helper program sandbox config. They are considered trusted and runs under the privileged UID so ldd output is used to determine libraries they need inside the sandbox environment.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-09 20:39:27 +09:00
Ophestra Umiker
b99ed94386
helper/bwrap: pass --unshare-user when unshare everything
...
Bubblewrap apparently requires --unshare-user even when --unshare-all is set to apply --disable-userns. This behaviour is not clearly documented.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-09 00:22:48 +09:00
Ophestra Umiker
c201c30c7f
helper/bwrap: check args only for internal tests
...
Tests internal to the helper package sets crash-test-dummy as the command whenever a launch is expected to go through, and the hardcoded args are only valid for internal tests, so this characteristic is used here to exclude external tests that pass real program names and custom bwrap configurations.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-09 00:21:31 +09:00
Ophestra Umiker
7c7999e9e5
helper: implementation of helper.Helper using bwrap
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-08 18:02:38 +09:00
Ophestra Umiker
c6223771db
helper: generalise helper.Helper test
...
For testing the upcoming bwrap implementation of helper.Helper as it must have identical behaviour.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-08 14:02:54 +09:00
Ophestra Umiker
3c5185d770
helper: move test sample data out of direct
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-07 22:51:08 +09:00
Ophestra Umiker
55a5b6f242
dbus: use name resolved by exec.Command
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-07 16:55:27 +09:00
Ophestra Umiker
85407dd3c0
helper: helper.Helper interface
...
For upcoming bwrap implementation of helper.Helper
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-07 15:37:52 +09:00
Ophestra Umiker
6a2802cf30
helper: move bwrap into helper
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-07 14:40:35 +09:00
Ophestra Umiker
0fb9e40191
helper/args: MustNewCheckedArgs for cleaner hardcoded args
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-07 13:33:18 +09:00
Ophestra Umiker
9647eb6a6b
helper: separate pipes from Helper
...
Upcoming bwrap helper implementation requires two sets of pipes to be managed, fd will also no longer be constant.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-07 12:48:20 +09:00
Ophestra Umiker
18d9ce733e
helper: test non-existent helpers
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-10-06 16:00:59 +09:00
Ophestra Umiker
ba76e2919b
bwrap: implement argument builder
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-30 00:25:15 +09:00
Ophestra Umiker
df29068d16
verbose: test verbose behaviour
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-29 16:36:59 +09:00
Ophestra Umiker
d1415305ae
dbus: test child process handling behaviour via helper stub
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-29 15:49:32 +09:00
Ophestra Umiker
98f9fdb7cc
dbus: configurable xdg-dbus-proxy output
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-29 15:27:29 +09:00
Ophestra Umiker
dc59f20d7b
dbus: toggleable xdg-dbus-proxy output
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-29 15:24:54 +09:00
Ophestra Umiker
7e7327ebf8
helper: export internal stub functions for cross-package testing
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-29 15:22:35 +09:00
Ophestra Umiker
3bf456da65
helper: test child process handling
...
The stub child process simulates reading from the argument fd and copies the entire payload unmodified to stdout. If status pipe is enabled it will simulate sync fd behaviour as well.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-29 14:59:39 +09:00
Ophestra Umiker
61ba841c88
helper: remove unreachable check
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-29 14:48:38 +09:00
Ophestra Umiker
d530a9e9f9
helper: stub helper for tests
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-29 14:40:01 +09:00
Ophestra Umiker
0e7849fac2
dbus: add more test cases
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-28 19:19:31 +09:00
Ophestra Umiker
342c66aae8
dbus: replace test suffix * with +
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-28 17:47:15 +09:00
Ophestra Umiker
cf182d1fbe
dbus: seal test error check for correct error returned
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-28 17:00:20 +09:00
Ophestra Umiker
996bf67ac2
release: 0.0.0-beta.5
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-28 00:25:16 +09:00
Ophestra Umiker
1038af98f0
dbus: add tests
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-28 00:06:16 +09:00
Ophestra Umiker
aa2be18f47
dbus/config: implement file loading functions
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-27 23:53:08 +09:00
Ophestra Umiker
84d8c27b5f
dbus: return exported error for nil config
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-27 23:52:38 +09:00
Ophestra Umiker
ee2f5ed6ac
dbus/config: remove unused method
...
Null checking is replaced by helper/args while string building is no longer required.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-27 12:04:28 +09:00
Ophestra Umiker
8492239cba
helper/args: simplify argument parsing and eliminate excess memory copies
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-25 14:00:30 +09:00
Ophestra Umiker
a8b4b3634b
dbus: use generalised helper.Helper for xdg-dbus-proxy
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-25 01:17:38 +09:00
Ophestra Umiker
97bab6c406
helper: clean up and separate helper process management from dbus
...
The previous code was poorly documented and made little sense in some parts. This is a generalised and cleaned up implementation in the helper package making use of the Args interface.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-25 01:16:06 +09:00
Ophestra Umiker
831b1aad6f
helper/args: hold a read lock in WriteTo
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-24 20:22:37 +09:00
Ophestra Umiker
be83ad838c
dbus: assert fmt.Stringer instead of helper.Args on argument seal
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-24 19:37:50 +09:00
Ophestra Umiker
b722adc4dd
dbus: seal as io.WriterTo interface
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-24 18:03:05 +09:00
Ophestra Umiker
000607da5f
helper: separate helper args fd builder from dbus
...
This method of passing arguments is used in bubblewrap as well as other tools, this commit separates the argument builder/writer to the helper package and generalise it as an interface.
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-24 16:11:08 +09:00
Ophestra Umiker
1cb90c0840
app: improve dbus proxy verbose messages
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-24 13:44:42 +09:00
Ophestra Umiker
a75229991c
nix: make bubblewrap available in PATH
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-23 18:21:12 +09:00
Ophestra Umiker
ced31a7257
state: round printed uptime to the second
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-22 16:15:21 +09:00
Ophestra Umiker
61628dabb7
nix: remove obnoxious shell hook
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-22 16:08:11 +09:00
Ophestra Umiker
9a9fcdb9ec
release: 0.0.0-beta.4
...
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-22 01:18:47 +09:00