* Limit wireproxy's permissions with landlock
* Show better debug message
* Fix crash when info is null
* Fix crash when landlock ABI is outdated
* remove /dev/std{in,out,err} from landlock restriction
wireproxy needs very little permissions, we can restrict it to basically
nothing. DynamicUser means the system will generate a UID on demand
for service, also CAP_NET_BIND_SERVICE can be used to allow this user
to bind to a port < 1024 if desired. Also LoadCredential lets us read
a file with tight permissions i.e. root:root 0400 and pass it to only
wireproxy in an ephemeral and constrained manner.
Signed-off-by: J. Dekker <jdek@itanimul.li>
* fix: must close the connection after processing
I think it should help to close#80
* feat: migration to github.com/things-go/go-socks5
- preallocate config slices
- not used interfaces in consumer
- do not allocate new variables in loops
* feat: close connection after full processing
* feat: correct process sigint signal
* feat: improve build system
* fix: http proxy
* feat: update golangci-lint-action to v3.7.0
* feat: correct process routines
* fix: close http conn correctly
* feat: update golangci-lint-action to v4
* fix: goreleaser used clean now
* Update dependencies
gvisor was not updated to the latest version, because it did not
compile.
* actions: Update go version to 1.20
* docker: Update go version to 1.20
* Add support for http proxy
* add test case for http proxy
---------
Co-authored-by: octeep <github@bandersnatch.anonaddy.com>
Co-authored-by: pufferfish <74378430+pufferffish@users.noreply.github.com>
- Build the currently checked-out code, instead of cloning the repo
inside the Dockerfile. This makes it much easier to build a container
for a particular branch or commit; people working on personal forks
will be able to build containers for their forks without modifying the
Dockerfile.
- Switch from Alpine to distroless; I couldn't actually get the current
version of the Dockerfile to build, it kept dying with some error about
gvisor. Aside from building with no trouble, the new Dockerfile reduces
the size of the image from 23MB to 9MB.
- Move Dockerfile into the root; this is a matter of taste, but allows
one to simply `docker build` the directory instead of having to also
specify the path to the Dockerfile. As part of this, I removed the
`config` and `Makefile` from the `docker` directory, since they seemed
specific to someone's setup and incomplete without that context.
