monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

Minor changes

Browse Source
This commit is contained in:
JY Tan
2025-12-18 17:14:19 -08:00
parent 1a1eaae237
commit cc031fe176
3 changed files with 4 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -101,7 +101,7 @@ Flags:
```bash ```bash
# Block all network (default behavior) # Block all network (default behavior)
fence curl https://example.com fence curl https://example.com
# Output: curl: (7) Couldn't connect to server # Output: curl: (56) CONNECT tunnel failed, response 403
# Use a custom config # Use a custom config
fence --settings ./my-config.json npm install fence --settings ./my-config.json npm install

4
internal/sandbox/linux.go
View File

@@ -80,8 +80,8 @@ func NewLinuxBridge(httpProxyPort, socksProxyPort int, debug bool) (*LinuxBridge
return nil, fmt.Errorf("failed to start SOCKS bridge: %w", err) return nil, fmt.Errorf("failed to start SOCKS bridge: %w", err)
} }
// Wait for sockets to be created // Wait for sockets to be created, up to 5 seconds
for i := 0; i < 50; i++ { // 5 seconds max for range 50 {
httpExists := fileExists(httpSocketPath) httpExists := fileExists(httpSocketPath)
socksExists := fileExists(socksSocketPath) socksExists := fileExists(socksSocketPath)
if httpExists && socksExists { if httpExists && socksExists {

10
internal/sandbox/monitor.go
View File

@@ -107,17 +107,14 @@ var violationPattern = regexp.MustCompile(`Sandbox: (\w+)\((\d+)\) deny\(\d+\) (
// parseViolation extracts and formats a sandbox violation from a log line. // parseViolation extracts and formats a sandbox violation from a log line.
// Returns empty string if the line should be filtered out. // Returns empty string if the line should be filtered out.
func parseViolation(line string) string { func parseViolation(line string) string {
// Skip header lines
if strings.HasPrefix(line, "Filtering") || strings.HasPrefix(line, "Timestamp") { if strings.HasPrefix(line, "Filtering") || strings.HasPrefix(line, "Timestamp") {
return "" return ""
} }
// Skip duplicate report summaries
if strings.Contains(line, "duplicate report") { if strings.Contains(line, "duplicate report") {
return "" return ""
} }
// Skip CMD64 marker lines (they follow the actual violation)
if strings.HasPrefix(line, "CMD64_") { if strings.HasPrefix(line, "CMD64_") {
return "" return ""
} }
@@ -133,17 +130,14 @@ func parseViolation(line string) string {
operation := matches[3] operation := matches[3]
details := strings.TrimSpace(matches[4]) details := strings.TrimSpace(matches[4])
// Filter: only show network and file operations
if !shouldShowViolation(operation) { if !shouldShowViolation(operation) {
return "" return ""
} }
// Filter out noisy violations
if isNoisyViolation(details) { if isNoisyViolation(details) {
return "" return ""
} }
// Format the output
timestamp := time.Now().Format("15:04:05") timestamp := time.Now().Format("15:04:05")
if details != "" { if details != "" {
@@ -154,12 +148,10 @@ func parseViolation(line string) string {
// shouldShowViolation returns true if this violation type should be displayed. // shouldShowViolation returns true if this violation type should be displayed.
func shouldShowViolation(operation string) bool { func shouldShowViolation(operation string) bool {
// Show network violations
if strings.HasPrefix(operation, "network-") { if strings.HasPrefix(operation, "network-") {
return true return true
} }
// Show file read/write violations
if strings.HasPrefix(operation, "file-read") || if strings.HasPrefix(operation, "file-read") ||
strings.HasPrefix(operation, "file-write") { strings.HasPrefix(operation, "file-write") {
return true return true
@@ -193,5 +185,5 @@ func isNoisyViolation(details string) bool {
// GetSessionSuffix returns the session suffix used for filtering. // GetSessionSuffix returns the session suffix used for filtering.
// This is the same suffix used in macOS sandbox-exec profiles. // This is the same suffix used in macOS sandbox-exec profiles.
func GetSessionSuffix() string { func GetSessionSuffix() string {
return sessionSuffix // defined in macos.go return sessionSuffix
} }