fix: resolve certificate manager and environment handling issues

Fixed two critical runtime issues:

## Certificate Manager Fix
- NewCertificateManager now auto-determines config directory when empty string passed
- Resolves 'mkdir : no such file or directory' error
- CLI passes empty configDir expecting internal determination

## Environment Handling Fix
- Initialize preparedEnv map in constructors (newLinux, newMacOSJail)
- Prevents 'assignment to entry in nil map' panic
- SetEnv can now be called before Open() safely
- Simplified environment preservation logic

## Technical Details
- preparedEnv map now created in constructors
- Open() respects existing SetEnv values (doesn't overwrite)
- Cleaner, simpler code without complex preservation logic

Tested: Build succeeds, certificate errors resolved, ready for jail testing.

Co-authored-by: f0ssel <[email protected]>

Author: blink-so[bot]

namespace/linux.go

@@ -27,9 +27,10 @@ type Linux struct {
 // newLinux creates a new Linux network jail instance
 func newLinux(config Config, logger *slog.Logger) (*Linux, error) {
 	return &Linux{
-		config:    config,
-		namespace: newNamespaceName(),
-		logger:    logger,
+		config:      config,
+		namespace:   newNamespaceName(),
+		logger:      logger,
+		preparedEnv: make(map[string]string),
 	}, nil
 }
 
@@ -64,12 +65,14 @@ func (l *Linux) Open() error {
 
 	// Prepare environment once during setup
 	l.logger.Debug("Preparing environment")
-	l.preparedEnv = make(map[string]string)
 
 	// Start with current environment
 	for _, envVar := range os.Environ() {
 		if parts := strings.SplitN(envVar, "=", 2); len(parts) == 2 {
-			l.preparedEnv[parts[0]] = parts[1]
+			// Only set if not already set by SetEnv
+			if _, exists := l.preparedEnv[parts[0]]; !exists {
+				l.preparedEnv[parts[0]] = parts[1]
+			}
 		}
 	}
 

namespace/macos.go

@@ -40,6 +40,7 @@ func newMacOSJail(config Config, logger *slog.Logger) (*MacOSNetJail, error) {
 		pfRulesPath:   pfRulesPath,
 		mainRulesPath: mainRulesPath,
 		logger:        logger,
+		preparedEnv:   make(map[string]string),
 	}, nil
 }
 
@@ -63,12 +64,14 @@ func (m *MacOSNetJail) Open() error {
 
 	// Prepare environment once during setup
 	m.logger.Debug("Preparing environment")
-	m.preparedEnv = make(map[string]string)
 
 	// Start with current environment
 	for _, envVar := range os.Environ() {
 		if parts := strings.SplitN(envVar, "=", 2); len(parts) == 2 {
-			m.preparedEnv[parts[0]] = parts[1]
+			// Only set if not already set by SetEnv
+			if _, exists := m.preparedEnv[parts[0]]; !exists {
+				m.preparedEnv[parts[0]] = parts[1]
+			}
 		}
 	}
 

tls/tls.go

@@ -31,6 +31,15 @@ type CertificateManager struct {
 
 // NewCertificateManager creates a new certificate manager
 func NewCertificateManager(configDir string, logger *slog.Logger) (*CertificateManager, error) {
+	// If no configDir provided, determine it automatically
+	if configDir == "" {
+		var err error
+		configDir, err = getConfigDir()
+		if err != nil {
+			return nil, fmt.Errorf("failed to determine config directory: %v", err)
+		}
+	}
+
 	cm := &CertificateManager{
 		certCache: make(map[string]*tls.Certificate),
 		logger:    logger,