This repository has been archived on 2026-03-13. You can view files and clone it. You cannot open issues or pull requests or push a commit.

JY Tan 37b154bc94 fix(linux): remove expensive glob expansion for mandatory deny patterns ...

The glob expansion using **/pattern patterns caused full filesystem walks
of the current directory for each pattern (~15 patterns = ~15 walks).
This caused hangs in directories with many files (e.g., node_modules).

The concrete paths from getMandatoryDenyPaths() are sufficient for bwrap's
--ro-bind protections. Landlock (applied via wrapper) provides additional
recursive protection.

Fixes #27

2026-02-02 10:22:13 -08:00

26 KiB

Raw Blame History

View Raw