feat: add --learning mode, --template flag, and fix DNS relay · 3dd772d35a - greywall

Archived

feat: add --learning mode, --template flag, and fix DNS relay

Some checks failed

Build and test / Lint (push) Failing after 1m29s

Details

Build and test / Build (push) Successful in 13s

Details

Build and test / Test (Linux) (push) Failing after 58s

Details

Build and test / Test (macOS) (push) Has been cancelled

Details

Learning mode (--learning) traces filesystem access with strace and
generates minimal sandbox config templates. A background monitor kills
strace when the main command exits so long-lived child processes (LSP
servers, file watchers) don't cause hangs.

Other changes:
- Add 'greywall templates list/show' subcommand
- Add --template flag to load specific learned templates
- Fix DNS relay: use TCP DNS (options use-vc) instead of broken UDP
  relay through tun2socks
- Filter O_DIRECTORY opens from learned read paths
- Add docs/experience.md with development notes

This commit is contained in:

Mathieu Virbel

2026-02-11 08:22:53 -06:00

parent 631db40665

commit 3dd772d35a

14 changed files with 1854 additions and 124 deletions

									
										1

internal/sandbox/utils.go
									
												View File
												
				@@ -102,4 +102,3 @@ func DecodeSandboxedCommand(encoded string) (string, error) {

					}

					return string(data), nil

				}

1 internal/sandbox/utils.go Unescape Escape View File

1

internal/sandbox/utils.go

View File