monadical/greywall
Archived
14
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

feat: add --learning mode, --template flag, and fix DNS relay
Some checks failed
Build and test / Lint (push) Failing after 1m29s
Details
Build and test / Build (push) Successful in 13s
Details
Build and test / Test (Linux) (push) Failing after 58s
Details
Build and test / Test (macOS) (push) Has been cancelled
Details

Browse Source 
Learning mode (--learning) traces filesystem access with strace and
generates minimal sandbox config templates. A background monitor kills
strace when the main command exits so long-lived child processes (LSP
servers, file watchers) don't cause hangs.

Other changes:
- Add 'greywall templates list/show' subcommand
- Add --template flag to load specific learned templates
- Fix DNS relay: use TCP DNS (options use-vc) instead of broken UDP
  relay through tun2socks
- Filter O_DIRECTORY opens from learned read paths
- Add docs/experience.md with development notes
This commit is contained in:
Mathieu Virbel
2026-02-11 08:22:53 -06:00
parent 631db40665
commit 3dd772d35a
14 changed files with 1854 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
internal/sandbox/learning_stub.go Normal file
View File

@@ -0,0 +1,21 @@
//go:build !linux
package sandbox
import "fmt"
// StraceResult holds parsed read and write paths from an strace log.
type StraceResult struct {
WritePaths []string
ReadPaths []string
}
// CheckStraceAvailable returns an error on non-Linux platforms.
func CheckStraceAvailable() error {
return fmt.Errorf("learning mode is only available on Linux (requires strace and bubblewrap)")
}
// ParseStraceLog returns an error on non-Linux platforms.
func ParseStraceLog(logPath string, debug bool) (*StraceResult, error) {
return nil, fmt.Errorf("strace log parsing is only available on Linux")
}