Commits
- Commit:
7be09703f7d201cafeb2dc434f8d126475d39384- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync landlock shim with gmid
- Commit:
485796a93055f3ab431b76d802404ee1f07f5c5a- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop the no sandbox warning
- Commit:
d35e18b31b0e05c6178a6bfa891dd2e2dadf3db1- From:
- Omar Polo <op@omarpolo.com>
- Date:
first draft of client certificate support
At the moment telescope loads a mapping host:port/path -> certificate
from a file and always uses it, no ways to change it, use a temporary
one, generate a new one, etc are provided yet.
The format of ~/.telescope/certs/certs is
host port path certificate file name
where the certificate file name is the name of a file inside
~/.telescope/certs.
~/.telescope/certs/ is ~/.local/share/telescope/ when using XDG.
- Commit:
5edd158f8dabeeb47c8cc331bdd6a36585df004c- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't include linux/prctl.h
can conflict with sys/prctl.h, spotted while trying to build on alpine
linux.
- Commit:
f63b8f7342aefba6b3dac50d6790981987c8faa8- From:
- Omar Polo <op@omarpolo.com>
- Date:
merge the fs into the ui process
The previous separation between the fs and ui process wasn't that good.
The idea was to have a `ui' process tightly sandboxed, but it was a lie
actually. `ui' was one imsg away from making internet connections and
accessing data on the disk, so it wasn't really limited in (almost) any
way.
Furthermore, having to serialize data to/from the fs proc started to
become not really maneagable.
As a first step to fix this situation, join the fs and ui process.
- Commit:
4cf6ba137fc2ca92f3066c390b89542d88735ef6- From:
- Omar Polo <op@omarpolo.com>
- Date:
remote open: open an url into telescope from outside of it
if telescope is started with an url while there is already another
instance of it running and the -S flag is not provided, the link will be
automagically opened into the running instance of telescope.
Telescope now listens on a UNIX domain socket in ~/.telescope/ctl (or
~/.cache/telescope/ctl if XDG is used) for commands.
- Commit:
35ae81fd7c1505da0adf94dff9c36d9b167c6082- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix landlock usage
cf. gmid 1.8.1 and recent changes in game of trees.
This doesn't warrant an immediate release since every action is
limited to /tmp, ~/Downloads and {config,data,cache}_home.
- Commit:
4ab3b651a90a89e18601e20c34a78f79ff86b268- From:
- Omar Polo <op@omarpolo.com>
- Via:
- omar-polo <op@omarpolo.com>
- Date:
don't fail if landlock is not available at runtime
- Commit:
ed1d237e76633efa58d3dbcb22be64d2a720fa7e- From:
- Omar Polo <op@omarpolo.com>
- Date:
add comment on why don't landlock the net process
- Commit:
7e76e0efa3f677f0a044330b98590f2128789d80- From:
- Omar Polo <op@omarpolo.com>
- Date:
fmt
- Commit:
fced318dae9d565c2f0b870ca309153cadb03b34- From:
- Omar Polo <op@omarpolo.com>
- Date:
missing include
- Commit:
4380c692998ad68d04e11f04f11cc202cc264cff- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't fail if ~/Downloads doesn't exist
- Commit:
e9cb759efd41aed81455fed9fa4911a7ec4974e8- From:
- Omar Polo <op@omarpolo.com>
- Date:
forgot to log the path for a unveil error code path
- Commit:
a9d11f81b94d08e2c75dac892056b1071b182f9e- From:
- Omar Polo <op@omarpolo.com>
- Date:
add landlock support on linux
landlock is applied only to the ui process to drop fs access and in the
fs process to limit where telescope can read/write files.
The network process is more difficult to landlock because while in
theory it doesn't need *any* fs access, in practice it needs to read (at
least) files inside /etc/ for DNS to work.
- Commit:
fd0beb5314ccdf3ae1b4a9ab0b8b5279a6e1dac0- From:
- Omar Polo <op@omarpolo.com>
- Date:
improve unveil' error reporting