greywall/internal/sandbox at 562f9bb65ece90281cd44b63a17f0bbe32458c40 - greywall - Gitea: Git with a cup of tea

monadical/greywall

Archived

This repository has been archived on 2026-03-13. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Files

History

Mathieu Virbel 562f9bb65e fix: preserve terminal env vars through sudo in macOS daemon mode

sudo resets the environment, stripping TERM, COLORTERM, COLUMNS, LINES,
and other terminal-related variables that TUI apps need to render. This
caused TUI apps like opencode to show a blank screen in daemon mode.

Fix by injecting terminal and proxy env vars via `env` after `sudo` in
the daemon mode command pipeline. Also move PTY device ioctl/read/write
rules into the base sandbox profile so inherited terminals work without
requiring AllowPty.

2026-02-26 17:39:33 -06:00

..

Replace built-in proxies with tun2socks transparent proxying

2026-02-09 20:41:12 -06:00

benchmark_test.go

feat: add macOS daemon support with group-based pf routing

2026-02-26 09:56:22 -06:00

command_test.go

rename Fence to Greywall as GreyHaven sandboxing component

2026-02-10 16:00:24 -06:00

command.go

rename Fence to Greywall as GreyHaven sandboxing component

2026-02-10 16:00:24 -06:00

dangerous_test.go

rename Fence to Greywall as GreyHaven sandboxing component

2026-02-10 16:00:24 -06:00

dangerous.go

feat: deny-by-default filesystem isolation

2026-02-13 11:39:18 -06:00

integration_linux_test.go

rename Fence to Greywall as GreyHaven sandboxing component

2026-02-10 16:00:24 -06:00

integration_macos_test.go

rename Fence to Greywall as GreyHaven sandboxing component

2026-02-10 16:00:24 -06:00

integration_test.go

feat: add macOS daemon support with group-based pf routing

2026-02-26 09:56:22 -06:00

learning_darwin_test.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

learning_darwin.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

learning_linux_test.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

learning_linux.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

learning_stub.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

learning_test.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

learning.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

linux_ebpf_stub.go

Add environment sanitization

2025-12-25 20:47:11 -08:00

linux_ebpf.go

rename Fence to Greywall as GreyHaven sandboxing component

2026-02-10 16:00:24 -06:00

linux_features_stub.go

feat: add dependency status to --version and document AppArmor userns fix

2026-02-11 19:31:24 -06:00

linux_features.go

fix: resolve all golangci-lint v2 warnings (29 issues)

2026-02-13 19:20:40 -06:00

linux_landlock_stub.go

rename Fence to Greywall as GreyHaven sandboxing component

2026-02-10 16:00:24 -06:00

linux_landlock.go

fix: resolve all golangci-lint v2 warnings (29 issues)

2026-02-13 19:20:40 -06:00

linux_seccomp_stub.go

Add environment sanitization

2025-12-25 20:47:11 -08:00

linux_seccomp.go

rename Fence to Greywall as GreyHaven sandboxing component

2026-02-10 16:00:24 -06:00

linux_stub.go

feat: add macOS daemon support with group-based pf routing

2026-02-26 09:56:22 -06:00

linux_test.go

rename Fence to Greywall as GreyHaven sandboxing component

2026-02-10 16:00:24 -06:00

linux.go

fix: bind-mount greywall binary for Landlock wrapper re-execution

2026-02-22 16:56:45 -06:00

macos_test.go

feat: deny-by-default filesystem isolation

2026-02-13 11:39:18 -06:00

macos.go

fix: preserve terminal env vars through sudo in macOS daemon mode

2026-02-26 17:39:33 -06:00

manager_darwin.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

manager_linux.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

manager_stub.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

manager.go

feat: switch macOS learning mode from fs_usage to eslogger

2026-02-26 17:23:43 -06:00

monitor.go

feat: add macOS daemon support with group-based pf routing

2026-02-26 09:56:22 -06:00

sanitize_test.go

Add environment sanitization

2025-12-25 20:47:11 -08:00

sanitize.go

Add environment sanitization

2025-12-25 20:47:11 -08:00

shell.go

Add environment sanitization

2025-12-25 20:47:11 -08:00

tun2socks_embed_darwin.go

feat: add macOS daemon support with group-based pf routing

2026-02-26 09:56:22 -06:00

tun2socks_embed_stub.go

feat: add macOS daemon support with group-based pf routing

2026-02-26 09:56:22 -06:00

tun2socks_embed.go

feat: add macOS daemon support with group-based pf routing

2026-02-26 09:56:22 -06:00

utils_test.go

rename Fence to Greywall as GreyHaven sandboxing component

2026-02-10 16:00:24 -06:00

utils.go

fix: preserve terminal env vars through sudo in macOS daemon mode

2026-02-26 17:39:33 -06:00