diff options
| author | James O'Doherty <james@theodohertyfamily.com> | 2026-06-04 22:57:35 -0400 |
|---|---|---|
| committer | James O'Doherty <james@theodohertyfamily.com> | 2026-06-04 22:57:35 -0400 |
| commit | 04dca5dada8c2d971ff3b54eeedc5ab6e53a29ac (patch) | |
| tree | a9890073a0eb21bc7db3aef2fcbe66cdc2fc9ceb /internal/namespace/namespace.go | |
| parent | 66b782e261f1cd928ad6a8482788a65fb484db45 (diff) | |
refactor: decouple namespace operations and improve test coverage
- Introduce `namespace.Ops` interface to decouple `Manager` from system-level namespace operations, enabling easier unit testing via mocks.
- Add unit tests for `internal/paths` to verify path resolution logic across different environment configurations.
- Implement `EnsureBinary` helper in E2E tests to gracefully skip tests when `WG_WRAP_BIN` is not set, allowing `go test ./...` to pass in non-build environments.
- Apply project-wide formatting and fix linting issues.
Diffstat (limited to 'internal/namespace/namespace.go')
| -rw-r--r-- | internal/namespace/namespace.go | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/internal/namespace/namespace.go b/internal/namespace/namespace.go index b05dea2..a50f70a 100644 --- a/internal/namespace/namespace.go +++ b/internal/namespace/namespace.go @@ -6,15 +6,15 @@ // scheduler, and to maintain encrypted UDP socket connectivity over the host's network, // wg-wrap employs an advanced bootstrap loop: // -// 1. Host-Bound Socket Creation: During the initial host-level start, a UDP socket is opened -// on 0.0.0.0:0 on the host, and its FD is stored in the environment (WG_WRAP_HOST_SOCKET_FD). -// 2. Helper Deployment: An embedded single-threaded C launcher is used to bridge the transition. -// 3. Namespace Transition: The process replaces itself with the C launcher via syscall.Exec. -// 4. Isolation: The launcher performs the unshare(CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWNET) -// sequence to isolate Mount, User, and Network environments. -// 5. Re-entry: The launcher then execvp's the original wg-wrap binary. -// 6. FDBind Tunnel Initialization: The second instance of wg-wrap wraps the host socket FD -// inside a custom FDBind struct to initialize wireguard-go. +// 1. Host-Bound Socket Creation: During the initial host-level start, a UDP socket is opened +// on 0.0.0.0:0 on the host, and its FD is stored in the environment (WG_WRAP_HOST_SOCKET_FD). +// 2. Helper Deployment: An embedded single-threaded C launcher is used to bridge the transition. +// 3. Namespace Transition: The process replaces itself with the C launcher via syscall.Exec. +// 4. Isolation: The launcher performs the unshare(CLONE_NEWUSER | CLONE_NEWNS | CLONE_NEWNET) +// sequence to isolate Mount, User, and Network environments. +// 5. Re-entry: The launcher then execvp's the original wg-wrap binary. +// 6. FDBind Tunnel Initialization: The second instance of wg-wrap wraps the host socket FD +// inside a custom FDBind struct to initialize wireguard-go. // // User Namespace Sequence: // To create a network namespace without root, wg-wrap follows the sequence: |