- Add daemon CLI subcommand (install/uninstall/status/run)
- Download tun2socks for darwin platforms in Makefile
- Export ExtractTun2Socks and add darwin embed support
- Use group-based pf filtering instead of user-based for transparent proxying
- Install sudoers rule for passwordless sandbox-exec with _greywall group
- Add nolint directives for gosec false positives on sudoers 0440 perms
- Fix lint issues: lowercase errors, fmt.Fprintf, nolint comments
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sandboxed commands previously ran as `sudo -u _greywall`, breaking user
identity (home dir, SSH keys, git config). Now uses `sudo -u #<uid> -g
_greywall` so the process keeps the real user's identity while pf matches
on EGID for traffic routing.
Key changes:
- pf rules use `group <GID>` instead of `user _greywall`
- GID resolved dynamically at daemon startup (not hardcoded, since macOS
system groups like com.apple.access_ssh may claim preferred IDs)
- Sudoers rule installed at /etc/sudoers.d/greywall (validated with visudo)
- Invoking user added to _greywall group via dscl (not dseditgroup, which
clobbers group attributes)
- tun2socks device discovery scans both stdout and stderr (fixes 10s
timeout caused by STACK message going to stdout)
- Always-on daemon logging for session create/destroy events
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
