monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

Minor changes

Browse Source
This commit is contained in:
JY Tan
2025-12-18 17:14:19 -08:00
parent 1a1eaae237
commit cc031fe176
3 changed files with 4 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/sandbox/linux.go
View File

@@ -80,8 +80,8 @@ func NewLinuxBridge(httpProxyPort, socksProxyPort int, debug bool) (*LinuxBridge
return nil, fmt.Errorf("failed to start SOCKS bridge: %w", err)
}
// Wait for sockets to be created
for i := 0; i < 50; i++ { // 5 seconds max
// Wait for sockets to be created, up to 5 seconds
for range 50 {
httpExists := fileExists(httpSocketPath)
socksExists := fileExists(socksSocketPath)
if httpExists && socksExists {

10
internal/sandbox/monitor.go
View File

@@ -107,17 +107,14 @@ var violationPattern = regexp.MustCompile(`Sandbox: (\w+)\((\d+)\) deny\(\d+\) (
// parseViolation extracts and formats a sandbox violation from a log line.
// Returns empty string if the line should be filtered out.
func parseViolation(line string) string {
// Skip header lines
if strings.HasPrefix(line, "Filtering") || strings.HasPrefix(line, "Timestamp") {
return ""
}
// Skip duplicate report summaries
if strings.Contains(line, "duplicate report") {
return ""
}
// Skip CMD64 marker lines (they follow the actual violation)
if strings.HasPrefix(line, "CMD64_") {
return ""
}
@@ -133,17 +130,14 @@ func parseViolation(line string) string {
operation := matches[3]
details := strings.TrimSpace(matches[4])
// Filter: only show network and file operations
if !shouldShowViolation(operation) {
return ""
}
// Filter out noisy violations
if isNoisyViolation(details) {
return ""
}
// Format the output
timestamp := time.Now().Format("15:04:05")
if details != "" {
@@ -154,12 +148,10 @@ func parseViolation(line string) string {
// shouldShowViolation returns true if this violation type should be displayed.
func shouldShowViolation(operation string) bool {
// Show network violations
if strings.HasPrefix(operation, "network-") {
return true
}
// Show file read/write violations
if strings.HasPrefix(operation, "file-read") ||
strings.HasPrefix(operation, "file-write") {
return true
@@ -193,5 +185,5 @@ func isNoisyViolation(details string) bool {
// GetSessionSuffix returns the session suffix used for filtering.
// This is the same suffix used in macOS sandbox-exec profiles.
func GetSessionSuffix() string {
return sessionSuffix // defined in macos.go
return sessionSuffix
}