monadical/greywall
Archived
14
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

feat: add macOS daemon support with group-based pf routing

Browse Source 
- Add daemon CLI subcommand (install/uninstall/status/run)
- Download tun2socks for darwin platforms in Makefile
- Export ExtractTun2Socks and add darwin embed support
- Use group-based pf filtering instead of user-based for transparent proxying
- Install sudoers rule for passwordless sandbox-exec with _greywall group
- Add nolint directives for gosec false positives on sudoers 0440 perms
- Fix lint issues: lowercase errors, fmt.Fprintf, nolint comments

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
tito
2026-02-26 09:46:33 -06:00
parent 4d9a13c1b4
commit 09120917e4
12 changed files with 91 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/greywall/main.go
View File

@@ -111,6 +111,7 @@ Configuration file format:
rootCmd.AddCommand(newCompletionCmd(rootCmd))
rootCmd.AddCommand(newTemplatesCmd())
rootCmd.AddCommand(newDaemonCmd())
if err := rootCmd.Execute(); err != nil {
fmt.Fprintf(os.Stderr, "Error: %v\n", err)
@@ -594,12 +595,12 @@ parseCommand:
// Find the executable
execPath, err := exec.LookPath(command[0])
if err != nil {
fmt.Fprintf(os.Stderr, "[greywall:landlock-wrapper] Error: command not found: %s\n", command[0])
fmt.Fprintf(os.Stderr, "[greywall:landlock-wrapper] Error: command not found: %s\n", command[0]) //nolint:gosec // logging to stderr, not web output
os.Exit(127)
}
if debugMode {
fmt.Fprintf(os.Stderr, "[greywall:landlock-wrapper] Exec: %s %v\n", execPath, command[1:])
fmt.Fprintf(os.Stderr, "[greywall:landlock-wrapper] Exec: %s %v\n", execPath, command[1:]) //nolint:gosec // logging to stderr, not web output
}
// Sanitize environment (strips LD_PRELOAD, etc.)