wg-wrap.git/tests/e2e/vulnerability_test.go, branch mainwg-wrap runs commands in network namespaces configured with userspace wireguard tunnels.
https://git.theodohertyfamily.com/wg-wrap.git/atom?h=main2026-06-08T02:57:34Zfeat(cli): introduce explicit run/exec subcommands to prevent typo-execution2026-06-08T02:57:34ZJames O'Dohertyjames@theodohertyfamily.com2026-06-08T02:57:34Zurn:sha1:f8afb7d5889f5c8b6ea256fd078fa8426d21c7be
Prevent the ambiguity where a mistyped subcommand was interpreted as the target
wrapped process.
- Introduce `run` and `exec` (alias) subcommands for launching wrapped processes.
- Promote internal test commands (`test-ns`, `test-args`, `test-lifecycle`) to explicit subcommands.
- Update CLI routing to return an error for unknown subcommands instead of falling back to the default execution path.
- Update `README.md` usage examples and all test suites to use the new subcommand structure.
refactor: decouple namespace operations and improve test coverage2026-06-05T02:57:35ZJames O'Dohertyjames@theodohertyfamily.com2026-06-05T02:57:35Zurn:sha1:04dca5dada8c2d971ff3b54eeedc5ab6e53a29ac
- Introduce `namespace.Ops` interface to decouple `Manager` from system-level namespace operations, enabling easier unit testing via mocks.
- Add unit tests for `internal/paths` to verify path resolution logic across different environment configurations.
- Implement `EnsureBinary` helper in E2E tests to gracefully skip tests when `WG_WRAP_BIN` is not set, allowing `go test ./...` to pass in non-build environments.
- Apply project-wide formatting and fix linting issues.
refactor: rename module to git.theodohertyfamily.com/wg-wrap and apply public domain license2026-05-30T03:35:21ZJames O'Dohertyjames@theodohertyfamily.com2026-05-30T03:35:21Zurn:sha1:da70b10fbd056f19d892acad542ce96c40c58389
- Update go.mod and all internal imports to reflect the new module path
- Add LICENSE file with the Unlicense (public domain dedication)
- Increase timeouts in e2e lifecycle tests to prevent flaky failures
- Verify all tests, linting, and formatting pass with the new module name
Fix DNS leaks, lifecycle race, and editor arg splitting2026-05-29T23:56:45ZJames O'Dohertyjames@theodohertyfamily.com2026-05-29T23:56:45Zurn:sha1:a7c7fa9e76c9c7015c31378062aa5d0c17b0f38f
- DNS Leak / Isolation Bypass: Blocked glibc's systemd-resolved and
D-Bus socket communication within the unprivileged mount namespace by
introducing BlockHostServices(). This targeted mount-blocking forces
glibc to fall back to the standard resolv.conf DNS routing path and
prevents host leaks.
- Lifecycle Race: Reordered and protected the reference-counting
cleanup routine under the profile flock to ensure that check-and-unpin
operations are atomic and do not teardown namespaces actively used
by parallel processes.
- Editor Arguments: Split the EDITOR environment variable into discrete
field tokens before invocation to support editor configurations
containing command-line flags.
- Testing: Added E2E regression tests for DNS leak detection,
namespace unpinning concurrency, and editor argument parsing. All E2E
tests now compile and pass cleanly.