{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":405435247,"defaultBranch":"main","name":"libiris","ownerLogin":"mtth-bfft","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2021-09-11T17:01:25.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/6692914?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1698653343.0","currentOid":""},"activityList":{"items":[{"before":"ea435aa76a6823ad1098f87b580ca1eb07149f01","after":"04fba93657070dd29719b15e435042f621c05920","ref":"refs/heads/main","pushedAt":"2024-08-02T21:56:07.000Z","pushType":"push","commitsCount":13,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"windows: broker: Enable missing winapi features\n\nThey are used but weren't enabled:\n```\n$ rg accctrl broker\nbroker/src/windows/process.rs:\n20:use winapi::um::accctrl::{\n\n$ rg aclapi broker\nbroker/src/windows/process.rs:\n24:use winapi::um::aclapi::{GetNamedSecurityInfoA, SetEntriesInAclW, SetNamedSecurityInfoA};\n```","shortMessageHtmlLink":"windows: broker: Enable missing winapi features"}},{"before":"79594f252d29d21ead48bfa1e64f60622e81ed19","after":null,"ref":"refs/heads/feat/appcontainerdeleg","pushedAt":"2023-10-30T08:09:03.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"}},{"before":"673fa3db2bebcedeb09bc2cd89024a0906e81922","after":"ea435aa76a6823ad1098f87b580ca1eb07149f01","ref":"refs/heads/main","pushedAt":"2023-10-30T08:09:03.000Z","pushType":"push","commitsCount":6,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Merge branch 'feat/appcontainerdeleg' into 'main'\n\nAutomatically delegate AppContainers read access to possible DLL dependencies\n\nSee merge request libiris/libiris!15","shortMessageHtmlLink":"Merge branch 'feat/appcontainerdeleg' into 'main'"}},{"before":"d0392de6db5d541d2baf433361c4827eeb90cd6c","after":"79594f252d29d21ead48bfa1e64f60622e81ed19","ref":"refs/heads/feat/appcontainerdeleg","pushedAt":"2023-10-30T07:55:55.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Replace test copy script","shortMessageHtmlLink":"Replace test copy script"}},{"before":"b553bb372707d8352b6a76933bf9010317ab93b1","after":"d0392de6db5d541d2baf433361c4827eeb90cd6c","ref":"refs/heads/feat/appcontainerdeleg","pushedAt":"2023-10-30T07:49:55.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Replace test copy script","shortMessageHtmlLink":"Replace test copy script"}},{"before":"fd815dd672bf7e783f99a6982a6af86b49c8d0b4","after":"b553bb372707d8352b6a76933bf9010317ab93b1","ref":"refs/heads/feat/appcontainerdeleg","pushedAt":"2023-10-30T00:38:04.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Replace test copy script","shortMessageHtmlLink":"Replace test copy script"}},{"before":"fe0e295158ef225b1b39a1a578675f37753cdf73","after":"fd815dd672bf7e783f99a6982a6af86b49c8d0b4","ref":"refs/heads/feat/appcontainerdeleg","pushedAt":"2023-10-30T00:23:39.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Replace test copy script","shortMessageHtmlLink":"Replace test copy script"}},{"before":"38425dea0e8e4b3c962782f34b1f22542ad23909","after":"fe0e295158ef225b1b39a1a578675f37753cdf73","ref":"refs/heads/feat/appcontainerdeleg","pushedAt":"2023-10-30T00:08:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Replace test copy script","shortMessageHtmlLink":"Replace test copy script"}},{"before":"519baf23d4f5d78a46cf8c719dabf4620a5151cd","after":"38425dea0e8e4b3c962782f34b1f22542ad23909","ref":"refs/heads/feat/appcontainerdeleg","pushedAt":"2023-10-29T23:36:29.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Automatically delegate AppContainers read access to possible DLL dependencies\n\nAppContainers will fail to start if the worker executable has a direct\ndependency on a DLL that is not readable with its token, or if a DLL\nit depends on has a transitive dependency on such a DLL.\n\nThings went well without this patch, because system DLLs are in C:\\Windows\nsubdirectories, and the entire C:\\Windows is readable by all appcontainers\n(even LPACs). But direct dependencies of worker EXEs might be anywhere:\nWindows will look for them in the CWD and next to the EXE.\n\nEmbedding a PE parser to enumerate dependencies without false-positives\nseems overkill, so we simply add a read delegation on DLLs in the CWD\nand next to the EXE.","shortMessageHtmlLink":"Automatically delegate AppContainers read access to possible DLL depe…"}},{"before":"8462c192d4dea894494e62281b28b8d30db930ad","after":"519baf23d4f5d78a46cf8c719dabf4620a5151cd","ref":"refs/heads/feat/appcontainerdeleg","pushedAt":"2023-10-29T23:10:15.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Automatically delegate AppContainers read access to possible DLL dependencies\n\nAppContainers will fail to start if the worker executable has a direct\ndependency on a DLL that is not readable with its token, or if a DLL\nit depends on has a transitive dependency on such a DLL.\n\nThings went well without this patch, because system DLLs are in C:\\Windows\nsubdirectories, and the entire C:\\Windows is readable by all appcontainers\n(even LPACs). But direct dependencies of worker EXEs might be anywhere:\nWindows will look for them in the CWD and next to the EXE.\n\nEmbedding a PE parser to enumerate dependencies without false-positives\nseems overkill, so we simply add a read delegation on DLLs in the CWD\nand next to the EXE.","shortMessageHtmlLink":"Automatically delegate AppContainers read access to possible DLL depe…"}},{"before":null,"after":"8462c192d4dea894494e62281b28b8d30db930ad","ref":"refs/heads/feat/appcontainerdeleg","pushedAt":"2023-10-29T23:00:09.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Automatically delegate AppContainers read access to possible DLL dependencies\n\nAppContainers will fail to start if the worker executable has a direct\ndependency on a DLL that is not readable with its token, or if a DLL\nit depends on has a transitive dependency on such a DLL.\n\nThings went well without this patch, because system DLLs are in C:\\Windows\nsubdirectories, and the entire C:\\Windows is readable by all appcontainers\n(even LPACs). But direct dependencies of worker EXEs might be anywhere:\nWindows will look for them in the CWD and next to the EXE.\n\nEmbedding a PE parser to enumerate dependencies without false-positives\nseems overkill, so we simply add a read delegation on DLLs in the CWD\nand next to the EXE.","shortMessageHtmlLink":"Automatically delegate AppContainers read access to possible DLL depe…"}},{"before":"b9313bcf64a0c7ae22b83b2d8bbea2cf05f2d629","after":null,"ref":"refs/heads/feat/nostdipc2","pushedAt":"2023-10-29T22:34:04.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"}},{"before":"cd9a8e9781927c1a2e4c0472c8bab64a7d3a3751","after":"673fa3db2bebcedeb09bc2cd89024a0906e81922","ref":"refs/heads/main","pushedAt":"2023-10-29T22:34:04.000Z","pushType":"push","commitsCount":8,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Merge branch 'feat/nostdipc2' into 'main'\n\n[ipc] Finish making crate no_std, isolate reusable parts\n\nSee merge request libiris/libiris!14","shortMessageHtmlLink":"Merge branch 'feat/nostdipc2' into 'main'"}},{"before":"5e2964474eb4df40e50e33455b72b3ea980c15b9","after":"b9313bcf64a0c7ae22b83b2d8bbea2cf05f2d629","ref":"refs/heads/feat/nostdipc2","pushedAt":"2023-10-10T18:10:20.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Apply rustfmt and fix clippy lint warnings","shortMessageHtmlLink":"Apply rustfmt and fix clippy lint warnings"}},{"before":null,"after":"5e2964474eb4df40e50e33455b72b3ea980c15b9","ref":"refs/heads/feat/nostdipc2","pushedAt":"2023-10-10T17:49:41.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Apply rustfmt and fix clippy lint warnings","shortMessageHtmlLink":"Apply rustfmt and fix clippy lint warnings"}},{"before":"fe73af62f9ba98a903d348aa05fd6fe83a666d0e","after":null,"ref":"refs/heads/feat/mb/makeipcgeneric","pushedAt":"2023-09-30T18:52:49.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"}},{"before":"5015bfb97237fbe69fd6f4d6ab954804a00058f8","after":"cd9a8e9781927c1a2e4c0472c8bab64a7d3a3751","ref":"refs/heads/main","pushedAt":"2023-09-30T18:52:49.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Merge branch 'feat/mb/makeipcgeneric' into 'main'\n\n[ipc] Move sandboxing specifics into other crates\n\nSee merge request libiris/libiris!13","shortMessageHtmlLink":"Merge branch 'feat/mb/makeipcgeneric' into 'main'"}},{"before":null,"after":"fe73af62f9ba98a903d348aa05fd6fe83a666d0e","ref":"refs/heads/feat/mb/makeipcgeneric","pushedAt":"2023-09-30T18:36:54.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"[ipc] Move sandboxing specifics into other crates\n\nThis commit reduces the IPC crate to its bare functionnalities:\npass serialized messages and handles between processes. All\nsandboxing specifics are now in policy/broker crates, and\nthe Handle type is now in IPC (so that IPC is self-contained).","shortMessageHtmlLink":"[ipc] Move sandboxing specifics into other crates"}},{"before":"000c3d0dd01177cf9e3e316d85e4d1cddc73ac02","after":null,"ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-05T07:39:35.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"}},{"before":"79bb44f880283b44b0fd33a59bac3c8a3673fadd","after":"5015bfb97237fbe69fd6f4d6ab954804a00058f8","ref":"refs/heads/main","pushedAt":"2023-09-05T07:39:35.000Z","pushType":"push","commitsCount":10,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Merge branch 'feat/nostdipc' into 'main'\n\n[ipc] Make crate no_std\n\nSee merge request libiris/libiris!12","shortMessageHtmlLink":"Merge branch 'feat/nostdipc' into 'main'"}},{"before":"1ebb22f0ea3faca7d773e6322ba261d42e415015","after":"000c3d0dd01177cf9e3e316d85e4d1cddc73ac02","ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-05T00:31:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"[ci] Fix lint warnings","shortMessageHtmlLink":"[ci] Fix lint warnings"}},{"before":"51a8b63812896b01114e43665192465649653a10","after":"1ebb22f0ea3faca7d773e6322ba261d42e415015","ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-05T00:18:29.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Make tests OS-version-specific\n\nDebian 12 now ships with glibc GLIBC_2.34 which makes binaries\nlinked on a Debian 12 unable to run on Debian 11.","shortMessageHtmlLink":"Make tests OS-version-specific"}},{"before":"c5e601d3e9629922c366131696a7f5a012310fa3","after":"51a8b63812896b01114e43665192465649653a10","ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-05T00:11:36.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Make tests OS-version-specific\n\nDebian 12 now ships with glibc GLIBC_2.34 which makes binaries\nlinked on a Debian 12 unable to run on Debian 11.","shortMessageHtmlLink":"Make tests OS-version-specific"}},{"before":"c3cb6ad05a0659e13d8883814faf974f53d0b2ec","after":"c5e601d3e9629922c366131696a7f5a012310fa3","ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-05T00:03:12.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Make tests OS-version-specific\n\nDebian 12 now ships with glibc GLIBC_2.34 which makes binaries\nlinked on a Debian 12 unable to run on Debian 11.","shortMessageHtmlLink":"Make tests OS-version-specific"}},{"before":"cfaa1f47bbff25e2a03fc4eb42797067adfb4936","after":"c3cb6ad05a0659e13d8883814faf974f53d0b2ec","ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-04T23:56:48.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Make tests OS-version-specific\n\nDebian 12 now ships with glibc GLIBC_2.34 which makes binaries\nlinked on a Debian 12 unable to run on Debian 11.","shortMessageHtmlLink":"Make tests OS-version-specific"}},{"before":"8e7946e5ec2029425cd634a4b3875ca398bd3394","after":"cfaa1f47bbff25e2a03fc4eb42797067adfb4936","ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-04T22:12:45.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Make tests OS-version-specific\n\nDebian 12 now ships with glibc GLIBC_2.34 which makes binaries\nlinked on a Debian 12 unable to run on Debian 11.","shortMessageHtmlLink":"Make tests OS-version-specific"}},{"before":"35e4d82a0881645cc5b129ff1800af152b6bc427","after":"8e7946e5ec2029425cd634a4b3875ca398bd3394","ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-04T22:06:04.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Make tests OS-version-specific\n\nDebian 12 now ships with glibc GLIBC_2.34 which makes binaries\nlinked on a Debian 12 unable to run on Debian 11.","shortMessageHtmlLink":"Make tests OS-version-specific"}},{"before":"483d282047a1004432443f5452647fcd8504031b","after":"35e4d82a0881645cc5b129ff1800af152b6bc427","ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-04T22:00:38.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Make tests OS-version-specific\n\nDebian 12 now ships with glibc GLIBC_2.34 which makes binaries\nlinked on a Debian 12 unable to run on Debian 11.","shortMessageHtmlLink":"Make tests OS-version-specific"}},{"before":"479c35f0168ba594336a612952e83c37bbed591c","after":"483d282047a1004432443f5452647fcd8504031b","ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-04T21:52:15.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Make tests OS-version-specific\n\nDebian 12 now ships with glibc GLIBC_2.34 which makes binaries\nlinked on a Debian 12 unable to run on Debian 11.","shortMessageHtmlLink":"Make tests OS-version-specific"}},{"before":"4516a54d0953e74441ca98b299cace36bd55d42e","after":"479c35f0168ba594336a612952e83c37bbed591c","ref":"refs/heads/feat/nostdipc","pushedAt":"2023-09-04T21:42:33.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"mtth-bfft","name":"Matthieu Buffet","path":"/mtth-bfft","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/6692914?s=80&v=4"},"commit":{"message":"Make tests OS-version-specific\n\nDebian 12 now ships with glibc GLIBC_2.34 which makes binaries\nlinked on a Debian 12 unable to run on Debian 11.","shortMessageHtmlLink":"Make tests OS-version-specific"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEkJAlgQA","startCursor":null,"endCursor":null}},"title":"Activity · mtth-bfft/libiris"}