diff options
| author | James O'Doherty <james@theodohertyfamily.com> | 2026-05-29 19:56:45 -0400 |
|---|---|---|
| committer | James O'Doherty <james@theodohertyfamily.com> | 2026-05-29 19:56:45 -0400 |
| commit | a7c7fa9e76c9c7015c31378062aa5d0c17b0f38f (patch) | |
| tree | f45c63ab1d8647c657175dd92ec15000dd64975e /Makefile | |
| parent | c6a1240e469ff8170cf31b39a01c1cb08fdb86f4 (diff) | |
Fix DNS leaks, lifecycle race, and editor arg splitting
- DNS Leak / Isolation Bypass: Blocked glibc's systemd-resolved and
D-Bus socket communication within the unprivileged mount namespace by
introducing BlockHostServices(). This targeted mount-blocking forces
glibc to fall back to the standard resolv.conf DNS routing path and
prevents host leaks.
- Lifecycle Race: Reordered and protected the reference-counting
cleanup routine under the profile flock to ensure that check-and-unpin
operations are atomic and do not teardown namespaces actively used
by parallel processes.
- Editor Arguments: Split the EDITOR environment variable into discrete
field tokens before invocation to support editor configurations
containing command-line flags.
- Testing: Added E2E regression tests for DNS leak detection,
namespace unpinning concurrency, and editor argument parsing. All E2E
tests now compile and pass cleanly.
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -27,10 +27,13 @@ $(BINARY): $(LAUNCHER_BIN) $(LAUNCHER_BIN): $(LAUNCHER_SRC) $(CC) $(CFLAGS) $(LAUNCHER_SRC) -o $(LAUNCHER_BIN) +# Test arguments (can be overridden from CLI: make test TEST_ARGS="-run TestName") +TEST_ARGS ?= -timeout 30s + # Run tests test: $(BINARY) @echo "Running tests with WG_WRAP_BIN=$(shell pwd)/$(BINARY)" - WG_WRAP_BIN=$(shell pwd)/$(BINARY) go test -v -race ./... + WG_WRAP_BIN=$(shell pwd)/$(BINARY) go test -v -race $(TEST_ARGS) ./... # Run fuzzing tests fuzz: clean |