7 Commits

Author	SHA1	Message	Date
Ophestra Umiker	1d6ea81205	shim: user switcher process management struct ... This change moves all user switcher and shim management to the shim package and withholds output while shim is alive. This also eliminated all exit scenarios where revert is skipped. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-27 00:46:15 +09:00
Ophestra Umiker	65af1684e3	migrate to git.ophivana.moe/security/fortify ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-20 19:50:13 +09:00
Ophestra Umiker	1302bcede0	init: custom init process inside sandbox ... Bubblewrap as init is a bit awkward and don't support a few setup actions fortify will need, such as starting/supervising nscd. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-14 02:27:02 +09:00
Ophestra Umiker	3739b56504	shim: update payload comment ... Generating permissive default no longer happens in shim. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-13 17:19:50 +09:00
Ophestra Umiker	e4536b87ad	app: generate and replace passwd and group files ... This ensures libc functions get correct user information. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-13 02:43:00 +09:00
Ophestra Umiker	3ddfd76cdf	shim: use bwrap config as it is ... Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-11 04:13:56 +09:00
Ophestra Umiker	b86fa6b4c9	shim: new shim implementation ... This implementation of shim accepts configuration as a gob stream over a unix socket, with support for mediating access to wayland via WAYLAND_SOCKET fd. All configuration is now included in the payload, and child is started inside bwrap configured with supplied bwrap.Config. Signed-off-by: Ophestra Umiker <cat@ophivana.moe>	2024-10-11 01:55:33 +09:00