Refactor jail architecture with integrated services #15
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
blink-so
bot
changed the title
- Updated namespace implementations to include environment setup in Command method - Migrated Execute function logic from namespaces into Command method with proper env, credentials, and I/O setup - Enhanced jail.Jail to integrate proxy server, certificate manager, rule engine, and auditor - Simplified CLI to use unified jail.Jail instead of managing separate components - Maintained all existing functionality while improving code organization - All tests pass and binary builds successfully Co-authored-by: f0ssel <[email protected]>
- Move environment preparation from Command() to Open() method in both Linux and macOS namespaces - Add preparedEnv field to store the prepared environment once during setup - Simplify Command() methods to just inject the prepared environment - Improves performance by avoiding repeated environment setup on each command - Maintains all existing functionality while improving efficiency Co-authored-by: f0ssel <[email protected]>
- Move sudo credential preparation from Command() to Open() method in both Linux and macOS namespaces - Add procAttr field to store prepared syscall.SysProcAttr with credentials - Simplify Command() methods to just use the prepared process attributes - Eliminates repeated sudo environment checks and credential parsing on each command - Further improves performance and code organization - All credential handling now happens once during setup phase Co-authored-by: f0ssel <[email protected]>
- Simplify jail.Config to only contain dependencies (Commander, ProxyServer, etc) - Move all component construction logic from jail.New into CLI - jail.New now only accepts pre-constructed dependencies and assembles them - CLI handles rule parsing, certificate manager creation, proxy server setup - Better separation of concerns: jail package focuses on orchestration, CLI handles construction - Eliminates error handling in jail.New since dependencies are pre-validated - Makes jail package more testable with dependency injection Co-authored-by: f0ssel <[email protected]>
- Remove RuleEngine, Auditor, and CertManager from jail.Config - These dependencies are only needed by ProxyServer, not by Jail directly - Simplify jail.Config to only contain CommandExecutor, ProxyServer, and Logger - Remove GetCACertPEM method since CertManager is no longer available in Jail - Clean up unused imports (audit, rules, tls packages) - CA certificate handling remains in CLI where CertManager is constructed - Further simplifies the Jail orchestration layer Co-authored-by: f0ssel <[email protected]>
- Convert preparedEnv from []string to map[string]string for better environment management - Implement SetEnv methods in both Linux and macOS namespace implementations - Add CommandExecutor accessor method to Jail for SetEnv access - Update CLI to use SetEnv method for CA certificate environment variables - Remove Env field from namespace.Config since SetEnv is used instead - Environment variables now properly managed through SetEnv interface - Allows dynamic environment variable setting after initialization - Better encapsulation and control over environment variables Co-authored-by: f0ssel <[email protected]>
- Add SetupTLSAndWriteCACert method to CertificateManager - Combines getting TLS config, CA cert PEM, and writing CA cert to file - Returns TLS config, CA cert path, and CA cert PEM in one call - Update CLI to use the new method instead of separate calls - Reduces complexity in CLI Run function - Better encapsulation of TLS-related setup logic - Remove unused filepath import from CLI - Clean separation between TLS setup and CLI orchestration Co-authored-by: f0ssel <[email protected]>
…rn value - Update SetupTLSAndWriteCACert to call tls.GetConfigDir() internally - Return config directory as part of the method's return values - Remove unused []byte (CA cert PEM) from return values since it's never used - Update CLI to handle new return signature with configDir - Remove separate GetConfigDir call from CLI - Pass empty string to NewCertificateManager since configDir is determined internally - Further simplifies CLI by removing another external dependency call - Better encapsulation of config directory management within TLS package Co-authored-by: f0ssel <[email protected]>
f0ssel
force-pushed
the
f0ssel/interfaces
branch
from
e17a782 to
4075bf7
Compare
blink-so
bot
changed the title
blink-so
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refactors the jail architecture to use the new
jail.Jailtype as a unified orchestration layer.Key Changes
jail.JailinstanceSetEnv()interface, setup moved toOpen()phase for better performanceExecute()logic toCommand()methods with prepared environments and credentialsSetupTLSAndWriteCACert()method for cleaner CLI integrationBenefits
All tests pass and binary builds successfully.