Commit Graph

11 Commits

Author SHA1 Message Date
Ophestra Umiker 40d0550ad3
flag: move method flag from main
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-13 11:49:10 +09:00
Ophestra Umiker da6d238d8a
verbose: remove system package interaction
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-12 21:07:05 +09:00
Ophestra Umiker b0aff89166
app: handle launch method in New function
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-12 20:53:33 +09:00
Ophestra Umiker 44301cd979
app/dbus: accept system bus config
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-09 21:19:12 +09:00
Ophestra Umiker 38ef2b4d0c
app/dbus: manage dbus proxy and pass address to child
This commit adds code that starts and registers the D-Bus proxy, as well as cleanup code that tracks and closes the daemon once our child exits. A few more flags were added to pass D-Bus config to xdg-dbus-proxy.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-09 03:16:54 +09:00
Ophestra Umiker 1906853382
clean up setup/launcher code and enable better control over shares
In the past Wayland, X and PulseAudio are shared unconditionally. This can unnecessarily increase attack surface as some of these resources might not be needed at all. This commit moves all environment preparation code to the internal app package and selectively call them based on flags.

An "enablements" bitfield is introduced tracking all enabled shares. This value is registered after successful child process launch and stored in launcher states.

Code responsible for running the child process is isolated to its own app/run file and cleaned up. Launch method selection is also extensively cleaned up.

The internal state/track readLaunchers function now takes uid as an argument. Launcher state is now printed using text/tabwriter and argv is only emitted when verbose.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-08 02:24:01 +09:00
Ophestra Umiker d8f76f3b25
rename to fortify and restructure
More sandbox features will be added and this will no longer track ego's features and behaviour.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-09-04 01:20:12 +09:00
Ophestra Umiker 7e6eb82195
license: embed license in executable
Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-07-16 22:07:40 +09:00
Ophestra Umiker a3c2916c1a
state: track launcher states in runDir and clean up before exit
X11 hosts and ACL rules are no longer necessary after all launcher processes exit. This reverts all changes to the system made during setup when no launchers remain. State information is also saved in runDir which can be tracked externally.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-07-16 14:19:43 +09:00
Ophestra Umiker da7e404bcf
main: implement sudo and machinectl launcher methods
This does almost exactly what github:intgr/ego does, with some minor optimisations and corrections.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-07-15 23:29:21 +09:00
Ophestra Umiker 491cc16d53
cli: parse and resolve flags
Copy all flags from upstream. The machinectl flag is dropped as it does nothing. the flag package is used to reduce complexity since we do not care about compatibility with upstream.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
2024-07-09 15:39:40 +09:00