| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-05-29 | refactor: rename module to git.theodohertyfamily.com/wg-wrap and apply ↵ | James O'Doherty | |
| public domain license - Update go.mod and all internal imports to reflect the new module path - Add LICENSE file with the Unlicense (public domain dedication) - Increase timeouts in e2e lifecycle tests to prevent flaky failures - Verify all tests, linting, and formatting pass with the new module name | |||
| 2026-05-29 | Fix DNS leaks, lifecycle race, and editor arg splitting | James O'Doherty | |
| - DNS Leak / Isolation Bypass: Blocked glibc's systemd-resolved and D-Bus socket communication within the unprivileged mount namespace by introducing BlockHostServices(). This targeted mount-blocking forces glibc to fall back to the standard resolv.conf DNS routing path and prevents host leaks. - Lifecycle Race: Reordered and protected the reference-counting cleanup routine under the profile flock to ensure that check-and-unpin operations are atomic and do not teardown namespaces actively used by parallel processes. - Editor Arguments: Split the EDITOR environment variable into discrete field tokens before invocation to support editor configurations containing command-line flags. - Testing: Added E2E regression tests for DNS leak detection, namespace unpinning concurrency, and editor argument parsing. All E2E tests now compile and pass cleanly. | |||
 |
index : wg-wrap.git | |
| wg-wrap runs commands in network namespaces configured with userspace wireguard tunnels. |
| summaryrefslogtreecommitdiff |