wg-wrap runs commands in network namespaces configured with userspace wireguard tunnels. https://git.theodohertyfamily.com/wg-wrap.git/atom?h=main 2026-06-04T03:45:45Z 2026-06-04T03:45:45Z James O'Doherty james@theodohertyfamily.com 2026-06-04T03:45:45Z urn:sha1:51a0845adba702ac02437405988b24b3b2c9fb45 - Fix DNS resolver leaks by creating temporary resolv.conf files within the profile's runtime directory and ensuring robust cleanup. - Fix isolation block directory leaks by explicitly removing the block directory during namespace unpinning. - Improve namespace lifecycle management: - Register processes before joining an active namespace to prevent race conditions in reference counting. - Update `IsLastProcess` and corresponding tests to reflect the unregister-then-check cleanup flow. - Improve test reliability and correctness: - Convert `TestAppRun_ProfileDirInjection` to use separate binary execution, preventing process replacement and ensuring `t.TempDir()` cleanup. - Replace hardcoded test configuration paths with `t.TempDir()` in `mount_leak_test.go`. - Implement `SetEnvOverrides` helper for cleaner environment variable management in E2E tests. - Improve E2E lifecycle tests with better environment handling and output redirection. 2026-05-30T03:35:21Z James O'Doherty james@theodohertyfamily.com 2026-05-30T03:35:21Z urn:sha1:da70b10fbd056f19d892acad542ce96c40c58389 - Update go.mod and all internal imports to reflect the new module path - Add LICENSE file with the Unlicense (public domain dedication) - Increase timeouts in e2e lifecycle tests to prevent flaky failures - Verify all tests, linting, and formatting pass with the new module name 2026-05-30T01:07:46Z James O'Doherty james@theodohertyfamily.com 2026-05-30T01:07:46Z urn:sha1:d2173cdbc03884ecd9534e9369f8ebe1634f7e9c - Security: Eliminate namespace escape risk by removing `HostBind` and enforcing `FDBind` using pre-opened host socket FDs. - Security: Replace unsafe `atoi` with `strtol` and strict validation in the C launcher to prevent malformed PID joins. - Stability: Fix PID wraparound by storing session timestamps in PID files to detect recycled PIDs. - Stability: Resolve DNS mount leaks by implementing proper unmounting of `/etc/resolv.conf` during tunnel shutdown. - Performance: Optimize `FDBind` throughput by implementing batch packet processing in the receive loop. - Deployment: Implement `memfd_create` for the C launcher to support `noexec` temporary directories and reduce disk I/O. - Maintenance: Replace external `ip` CLI dependency with native `netlink` library for robust network configuration. - Quality: Fix all `golangci-lint` errors and replace remaining panics with explicit error handling. 2026-05-30T00:35:31Z James O'Doherty james@theodohertyfamily.com 2026-05-30T00:35:31Z urn:sha1:d4cec92f5690a60b3509ab718bdea72dc520110e - Replace marker-file pinning with kernel bind-mount anchors for reliable namespace persistence. - Implement atomic "last-man-out" cleanup sequence using ProfileLock, preventing namespace leaks and race conditions. - Add comprehensive resilience test suite covering: - Crash recovery from stale runtime state. - Host network change stability. - Configuration hot-swap session persistence. - Resource exhaustion and high-churn lifecycle stress. - Align documentation and test expectations with rootless session-based persistence. - Fix argument integrity and isolation leaks. - Ensure 100% pass rate for all E2E and integration tests. 2026-05-22T20:17:55Z James O'Doherty james@theodohertyfamily.com 2026-05-22T20:17:55Z urn:sha1:135f6edbd9389bc4783f13c26aed0a74d3c8aca0 - Create internal/paths package for unified config and runtime directory resolution - Implement robust WireGuard config parsing in pkg/wgconf - Implement profile management subcommands: list, import, configure, delete, stop - Fix namespace pinning path collisions (separating .ns files from pids directories) - Implement and verify namespace unpinning logic - Fix linting errors and improve error handling across the project 2026-05-22T15:20:24Z James O'Doherty james@theodohertyfamily.com 2026-05-22T15:20:24Z urn:sha1:079e4240534cbdc8751f1a127def20f2d1e58da6 2026-05-22T15:12:21Z James O'Doherty james@theodohertyfamily.com 2026-05-22T15:12:21Z urn:sha1:3b56ccecf46b83fa9b0e4b6c54be6ffda395910c