monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
60 Commits 4 Branches 0 Tags
da5f61e390582af80ad72f2116eec308faf66960
Commit Graph

60 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
JY Tan
da5f61e390 fix: handle cross-mount resolv.conf symlinks in sandbox (#32) 2026-02-08 15:22:31 -08:00
JY Tan
b8b12ebe31 fix: resolve /etc/resolv.conf symlinks for DNS in sandbox (#31) 2026-02-08 13:15:16 -08:00
JY Tan
9db1ae8b54 fix: preserve argument boundaries when passing commands via -- 2026-02-05 16:55:55 -08:00
JY Tan
7cc9fb3427 Add gh CLI commands to code template 2026-02-02 12:06:55 -08:00
JY Tan
8630789c39 Add TODO comment 2026-02-02 11:53:40 -08:00
JY Tan
37b154bc94 fix(linux): remove expensive glob expansion for mandatory deny patterns 
The glob expansion using **/pattern patterns caused full filesystem walks
of the current directory for each pattern (~15 patterns = ~15 walks).
This caused hangs in directories with many files (e.g., node_modules).

The concrete paths from getMandatoryDenyPaths() are sufficient for bwrap's
--ro-bind protections. Landlock (applied via wrapper) provides additional
recursive protection.

Fixes #27
 2026-02-02 10:22:13 -08:00
JY Tan
b14f70782d Update README.md 2026-02-01 17:25:12 -08:00
JY Tan
c8621e8f6c feat: use OS-preferred config directory (#26) 2026-02-01 16:17:33 -08:00
JY Tan
7679fecf06 feat: add defaultDenyRead mode for strict filesystem isolation (#24) 2026-02-01 15:11:40 -08:00
JY Tan
cef3576076 chore: update code template for Droid (Factory CLI) 2026-02-01 12:16:31 -08:00
JY Tan
20b7718ce8 fix: handle macOS /tmp symlink in sandbox allowWrite paths (#23) 2026-01-26 14:30:54 -08:00
JY Tan
006d3b0cc6 Update README.md 2026-01-25 16:57:37 -08:00
JY Tan
0abc268968 Add CODEOWNERS file 2026-01-25 11:49:28 -08:00
JY Tan
93243e75e1 feat: shell completion script generation (#22) 2026-01-25 10:57:22 -08:00
priuatus
27dfd1da93 test: add denyRead integration tests for files and directories (#15) 2026-01-23 10:22:17 -08:00
JY Tan
9bb11a2f40 chore: update code template for OpenCode and Gemini CLI (#20) 2026-01-22 15:41:30 -08:00
JY Tan
5b57527a83 fix: filter directory-only Landlock rights for non-directory paths (#17) 2026-01-21 12:35:35 -08:00
JY Tan
5d01a01883 fix: handle files and symlinks correctly in denyRead paths (#14) 2026-01-21 02:26:51 -08:00
priuatus
06c2cc9a34 fix: network namespace detection false negative (#12) 
Co-authored-by: netixen <netixen@spaceship>
 2026-01-20 11:30:18 -08:00
JY Tan
89301f8c8a Update README.md 2026-01-19 20:45:43 -08:00
JY Tan
5ef2ce5719 Improve docs organization 2026-01-17 16:14:18 -08:00
JY Tan
20fa647ccc feat: support ssh commands (#10) 2026-01-17 15:36:51 -08:00
JY Tan
3c3f28b32c docs: add more information about nested sandboxing and integration test skip behavior 2026-01-17 13:39:03 -08:00
JY Tan
71c211c9ab fix: improve skip logic for Landlock tests in integration_linux_test.go 2026-01-17 13:15:23 -08:00
JY Tan
d53d123fb6 Update README.md 2026-01-15 15:18:35 -08:00
JY Tan
9496f7f0f0 Update README.md 2026-01-15 15:13:12 -08:00
JY Tan
f3ac2d72f4 feat: ability to import claude code settings as configs (#7) 2026-01-15 14:55:44 -08:00
JY Tan
800a50b457 Add support for config inheritance 2026-01-05 17:23:14 -08:00
JY Tan
83fa7a76ee Update templates 2025-12-29 14:45:51 -08:00
JY Tan
90cd0a0a4b Add code-relaxed template, handle wildcard network allow 2025-12-29 01:39:41 -08:00
JY Tan
d8e55d9515 Introduce built-in templates for enhanced configuration options, support JSONC format 2025-12-28 22:16:50 -08:00
JY Tan
8317bb96bc perf: add benchmarks (#5) 2025-12-28 00:38:01 -08:00
JY Tan
6c21e008c3 Handle library usage and missing network namespace gracefully 2025-12-26 16:19:07 -08:00
JY Tan
6fdd1af057 test: add integration and smoke tests (#4) 2025-12-26 14:56:20 -08:00
JY Tan
f86d9a2c82 Add environment sanitization 2025-12-25 20:47:11 -08:00
JY Tan
32d785c703 Remove unnecessary file 2025-12-25 19:20:58 -08:00
JY Tan
47de3e431c Add ability to block commands 2025-12-25 19:03:01 -08:00
JY Tan
6159bdd38a Lint linux files 2025-12-25 18:23:57 -08:00
JY Tan
08ed28f88f Enhance Linux sandbox security features with Landlock, seccomp, and eBPF monitoring 2025-12-25 17:33:55 -08:00
JY Tan
a8158a39b3 Update docs 2025-12-23 20:51:01 -08:00
JY Tan
a65c7ce308 Add install script 2025-12-23 20:31:23 -08:00
JY Tan
dcdfff1fde Update README.md 2025-12-23 18:54:01 -08:00
JY Tan
8db245f56e Refactor and improve documentation, add examples 2025-12-23 18:43:07 -08:00
JY Tan
b98b640f5a Add support for local outbound connections in sandbox configuration 2025-12-22 15:55:01 -08:00
JY Tan
10c571e7d9 Update docs 2025-12-19 21:07:55 -08:00
JY Tan
b16f76e7b7 Enhance filesystem protection in Linux sandbox 2025-12-19 12:27:17 -08:00
JY Tan
b220c42614 Refine log monitoring predicate to filter for specific session violations 2025-12-19 12:24:01 -08:00
JY Tan
34d6e51c4b Add versioning support 2025-12-19 12:22:51 -08:00
JY Tan
299adcae33 Lint tests 2025-12-18 17:58:26 -08:00
JY Tan
2abda47b0a Update README.md 2025-12-18 17:51:04 -08:00