monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

Enhance Linux sandbox security features with Landlock, seccomp, and eBPF monitoring

Browse Source
This commit is contained in:
JY Tan
2025-12-25 17:33:55 -08:00
parent a8158a39b3
commit 08ed28f88f
20 changed files with 2820 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
internal/sandbox/macos.go
View File

@@ -550,29 +550,3 @@ func WrapCommandMacOS(cfg *config.Config, command string, httpPort, socksPort in
return ShellQuote(parts), nil
}
// ShellQuote quotes a slice of strings for shell execution.
func ShellQuote(args []string) string {
var quoted []string
for _, arg := range args {
if needsQuoting(arg) {
quoted = append(quoted, fmt.Sprintf("'%s'", strings.ReplaceAll(arg, "'", "'\\''")))
} else {
quoted = append(quoted, arg)
}
}
return strings.Join(quoted, " ")
}
func needsQuoting(s string) bool {
for _, c := range s {
if c == ' ' || c == '\t' || c == '\n' || c == '"' || c == '\'' ||
c == '\\' || c == '$' || c == '`' || c == '!' || c == '*' ||
c == '?' || c == '[' || c == ']' || c == '(' || c == ')' ||
c == '{' || c == '}' || c == '<' || c == '>' || c == '|' ||
c == '&' || c == ';' || c == '#' {
return true
}
}
return len(s) == 0
}