Commit Graph

Select branches

Hide Pull Requests

master

Mono Color

• 327c2933e7 Add README note about ubuntu apparmor woes with bubblewrap master Kristóf Tóth 2026-04-08 09:27:40 +02:00
• 25f0037aab Filter environment variables in both sandbox modes Kristóf Tóth 2026-04-08 09:22:11 +02:00
• 12644ae31e Apply a seccomp-BPF syscall allowlist by default Kristóf Tóth 2026-04-08 08:34:34 +02:00
• 5f3b139457 Drop redundant trim() before split_whitespace() Kristóf Tóth 2026-04-08 00:23:15 +02:00
• 8010e9102e Allow disabling boolean flags from the CLI Kristóf Tóth 2026-04-08 00:22:50 +02:00
• 17f0e84005 Allow setting entrypoint from CLI Kristóf Tóth 2026-04-07 18:02:03 +02:00
• 83bd4305c7 Bind symlinked rw/ro paths at the user-written destination Kristóf Tóth 2026-04-07 17:45:38 +02:00
• f0711f2894 Ship an example config file Kristóf Tóth 2026-04-07 15:10:10 +02:00
• cab0eb74d7 Error out if no entrypoint or command is passed (drop claude default) Kristóf Tóth 2026-04-04 10:19:58 +02:00
• 062ddab5f8 Add entrypoint option Kristóf Tóth 2026-04-04 10:16:57 +02:00
• 8ecba5d6dc Add option to pass through arguments to brwap, use shlex for dry-run Kristóf Tóth 2026-04-04 08:41:40 +02:00
• 8958f79ece Document and expand test coverage of config file feature Kristóf Tóth 2026-04-04 07:46:28 +02:00
• db60fb9ddb Reject unknown config keys Kristóf Tóth 2026-04-01 23:51:47 +02:00
• c7c4c673cb Add mask option to hide paths/files from sandbox Kristóf Tóth 2026-04-01 23:19:08 +02:00
• 0119834d5a Implement config file parsing and precedence with CLI Kristóf Tóth 2026-03-31 01:22:08 +02:00
• f1d7a14b8d Ensure root filesystem is always read-only inside sandbox Kristóf Tóth 2026-03-29 16:50:59 +02:00
• 389e38a800 Add CLAUDE.md and AGENTS.md with build rules and pitfalls Kristóf Tóth 2026-03-25 23:59:37 +01:00
• 99f9395c10 Move require_run_user to lib.rs and make blacklist module private Kristóf Tóth 2026-03-25 23:54:35 +01:00
• 5fc7eb3c11 Consolidate whitelist mode setup into add_whitelist_mode Kristóf Tóth 2026-03-25 23:43:48 +01:00
• 960b034a80 Run integration tests serially to avoid /tmp race conditions Kristóf Tóth 2026-03-25 23:43:26 +01:00
• b200be9490 Add README with security model documentation Kristóf Tóth 2026-03-25 23:13:16 +01:00
• d79563d948 Add integration test for /dev/input/ being hidden in blacklist mode Kristóf Tóth 2026-03-25 23:02:24 +01:00
• 167439c156 Add fish/nushell history and /tmp leaks to SENSITIVE_PATHS Kristóf Tóth 2026-03-25 23:00:52 +01:00
• 6349709024 Add container, WM, package manager, and database sockets to SENSITIVE_PATHS Kristóf Tóth 2026-03-25 22:58:12 +01:00
• d3f8986b77 Sort dirs before files in resolve_overlays Kristóf Tóth 2026-03-25 22:54:56 +01:00
• 82f84247f1 Rework handling of /run and ${RUNUSER} in blacklist mode Kristóf Tóth 2026-03-25 22:48:39 +01:00
• 0bd91ffad2 Add /sys to whitelist mode Kristóf Tóth 2026-03-25 22:22:35 +01:00
• dccf2309a5 Add --new-session to bwrap invocation Kristóf Tóth 2026-03-25 22:15:21 +01:00
• 9f82ca21ee Add /dev/input/ to SENSITIVE_PATHS for blacklist mode Kristóf Tóth 2026-03-25 22:00:32 +01:00
• ada9da7ae7 Reject empty HOME envvar Kristóf Tóth 2026-03-20 21:43:08 +01:00
• 4112288a30 Ensure passing relative paths to CLI works Kristóf Tóth 2026-03-20 21:36:55 +01:00
• 94535b20d3 Fix blacklist bind mount order Kristóf Tóth 2026-03-20 21:02:48 +01:00
• 826c6d5531 Add ~/.claude.json to agent paths and use --bind-try Kristóf Tóth 2026-03-20 20:41:24 +01:00
• 50dafb4c37 Fix read-only /dev, /proc, /tmp, /var/tmp, /run in blacklist mode Kristóf Tóth 2026-03-20 20:40:57 +01:00
• c8e0d4813a Use --ro-bind-try for system files in whitelist mode Kristóf Tóth 2026-03-20 19:29:53 +01:00
• b4b94856ac Skip run_user overlay when runtime dir is unknown Kristóf Tóth 2026-03-20 19:29:43 +01:00
• 9da043a70e Remove redundant /etc/ssh/* glob entry Kristóf Tóth 2026-03-20 19:29:38 +01:00
• ba885b7dd6 Ensure test file is cleaned up in cwd_is_writable test case Kristóf Tóth 2026-03-20 18:52:03 +01:00
• bf53d92d49 Initial commit Kristóf Tóth 2026-03-20 18:40:08 +01:00