fix: remove unprivileged and macos

Author: evgeniy-scherbina

README.md

@@ -69,32 +69,13 @@ boundary --log-level debug --allow "domain=github.com" -- git pull  # Debug info
 
 **Log Levels:** `error`, `warn` (default), `info`, `debug`
 
-## Unprivileged Mode
-
-When you can't or don't want to run with sudo privileges, use `--unprivileged`:
-
-```bash
-# Run without network isolation (uses HTTP_PROXY/HTTPS_PROXY environment variables)
-boundary --unprivileged --allow "domain=github.com" -- npm install
-
-# Useful in containers or restricted environments
-boundary --unprivileged --allow "domain=*.npmjs.org" --allow "domain=registry.npmjs.org" -- npm install
-```
-
-**Unprivileged Mode:**
-- No network namespaces or firewall rules
-- Works without sudo privileges  
-- Uses proxy environment variables instead
-- Applications must respect HTTP_PROXY/HTTPS_PROXY settings
-- Less secure but more compatible
-
 ## Platform Support
 
 | Platform | Implementation | Sudo Required |
 |----------|----------------|---------------|
-| Linux    | Network namespaces + iptables | Yes |
-| macOS    | Process groups + PF rules | Yes |
-| Windows  | Not supported | - |
+| Linux    | Network namespaces + iptables | No             |
+| macOS    | Not supported | -             |
+| Windows  | Not supported | -             |
 
 ## Command-Line Options
 

cli/cli.go

@@ -83,12 +83,6 @@ func BaseCommand() *serpent.Command {
 				Description: "Set a directory to write logs to rather than stderr.",
 				Value:       serpent.StringOf(&config.LogDir),
 			},
-			{
-				Flag:        "unprivileged",
-				Env:         "BOUNDARY_UNPRIVILEGED",
-				Description: "Run in unprivileged mode (no network isolation, uses proxy environment variables).",
-				Value:       serpent.BoolOf(&config.Unprivileged),
-			},
 			{
 				Flag:        "proxy-port",
 				Env:         "PROXY_PORT",
@@ -211,7 +205,7 @@ func Run(ctx context.Context, config Config, args []string) error {
 		HomeDir:       homeDir,
 		ConfigDir:     configDir,
 		CACertPath:    caCertPath,
-	}, config.Unprivileged)
+	})
 	if err != nil {
 		return fmt.Errorf("failed to create jailer: %v", err)
 	}
@@ -334,11 +328,7 @@ func setupLogging(config Config) (*slog.Logger, error) {
 }
 
 // createJailer creates a new jail instance for the current platform
-func createJailer(config jail.Config, unprivileged bool) (jail.Jailer, error) {
-	if unprivileged {
-		return jail.NewUnprivileged(config)
-	}
-
+func createJailer(config jail.Config) (jail.Jailer, error) {
 	// Use the DefaultOS function for platform-specific jail creation
 	return jail.DefaultOS(config)
 }

jail/jail.go

@@ -30,8 +30,6 @@ func DefaultOS(config Config) (Jailer, error) {
 	switch runtime.GOOS {
 	case "linux":
 		return NewLinuxJail(config)
-	case "darwin":
-		return NewMacOSJail(config)
 	default:
 		return nil, fmt.Errorf("unsupported operating system: %s", runtime.GOOS)
 	}