monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
56 Commits 4 Branches 0 Tags
8630789c3962418e35882c071715501cfb336ab9
Commit Graph

13 Commits

Author SHA1 Message Date
JY Tan
8630789c39 Add TODO comment 2026-02-02 11:53:40 -08:00
JY Tan
37b154bc94 fix(linux): remove expensive glob expansion for mandatory deny patterns 
The glob expansion using **/pattern patterns caused full filesystem walks
of the current directory for each pattern (~15 patterns = ~15 walks).
This caused hangs in directories with many files (e.g., node_modules).

The concrete paths from getMandatoryDenyPaths() are sufficient for bwrap's
--ro-bind protections. Landlock (applied via wrapper) provides additional
recursive protection.

Fixes #27
 2026-02-02 10:22:13 -08:00
JY Tan
7679fecf06 feat: add defaultDenyRead mode for strict filesystem isolation (#24) 2026-02-01 15:11:40 -08:00
JY Tan
5d01a01883 fix: handle files and symlinks correctly in denyRead paths (#14) 2026-01-21 02:26:51 -08:00
JY Tan
90cd0a0a4b Add code-relaxed template, handle wildcard network allow 2025-12-29 01:39:41 -08:00
JY Tan
6c21e008c3 Handle library usage and missing network namespace gracefully 2025-12-26 16:19:07 -08:00
JY Tan
6fdd1af057 test: add integration and smoke tests (#4) 2025-12-26 14:56:20 -08:00
JY Tan
6159bdd38a Lint linux files 2025-12-25 18:23:57 -08:00
JY Tan
08ed28f88f Enhance Linux sandbox security features with Landlock, seccomp, and eBPF monitoring 2025-12-25 17:33:55 -08:00
JY Tan
b16f76e7b7 Enhance filesystem protection in Linux sandbox 2025-12-19 12:27:17 -08:00
JY Tan
cc031fe176 Minor changes 2025-12-18 17:14:19 -08:00
JY Tan
14a737a36b Lint project 2025-12-18 17:02:09 -08:00
JY Tan
c02c91f051 Initial commit 2025-12-18 13:14:41 -08:00