Add support for local outbound connections in sandbox configuration

2025-12-22 15:55:01 -08:00
parent 10c571e7d9
commit b98b640f5a
4 changed files with 30 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -71,6 +71,7 @@ Create `~/.fence.json` to configure allowed domains and filesystem access:
 | `allowUnixSockets` | List of allowed Unix socket paths (macOS) |
 | `allowAllUnixSockets` | Allow all Unix sockets |
 | `allowLocalBinding` | Allow binding to local ports |
+| `allowLocalOutbound` | Allow outbound connections to localhost, e.g., local DBs (defaults to `allowLocalBinding` if not set) |
 | `httpProxyPort` | Fixed port for HTTP proxy (default: random available port) |
 | `socksProxyPort` | Fixed port for SOCKS5 proxy (default: random available port) |

@@ -138,6 +139,12 @@ import (
 )

 func main() {
+    // Check if platform supports sandboxing (macOS/Linux)
+    if !fence.IsSupported() {
+        fmt.Println("Sandboxing not supported on this platform")
+        return
+    }
+
    // Create config
    cfg := &fence.Config{
        Network: fence.NetworkConfig{