From 4c8cfdf1409335c5fe22891f3e153bf117d77bd0 Mon Sep 17 00:00:00 2001
From: Benjamin <benjaminpeinhardt@gmail.com>
Date: Fri, 19 Sep 2025 12:00:21 -0400
Subject: [PATCH] log dir setup

---
 cli/cli.go         | 49 ++++++++++++++++++++++++++++++++++++++--------
 jail/jail.go       |  2 +-
 jail/linux_stub.go |  2 +-
 jail/macos_stub.go |  2 +-
 4 files changed, 44 insertions(+), 11 deletions(-)

diff --git a/cli/cli.go b/cli/cli.go
index 9e8b993..d341e4c 100644
--- a/cli/cli.go
+++ b/cli/cli.go
@@ -11,6 +11,7 @@ import (
 	"strconv"
 	"strings"
 	"syscall"
+	"time"
 
 	"github.com/coder/boundary"
 	"github.com/coder/boundary/audit"
@@ -24,6 +25,7 @@ import (
 type Config struct {
 	AllowStrings []string
 	LogLevel     string
+	LogDir       string
 	Unprivileged bool
 }
 
@@ -58,20 +60,26 @@ func BaseCommand() *serpent.Command {
 		Short: "Network isolation tool for monitoring and restricting HTTP/HTTPS requests",
 		Long:  `boundary creates an isolated network environment for target processes, intercepting HTTP/HTTPS traffic through a transparent proxy that enforces user-defined allow rules.`,
 		Options: []serpent.Option{
-			serpent.Option{
+			{
 				Flag:        "allow",
 				Env:         "BOUNDARY_ALLOW",
 				Description: "Allow rule (repeatable). Format: \"pattern\" or \"METHOD[,METHOD] pattern\".",
 				Value:       serpent.StringArrayOf(&config.AllowStrings),
 			},
-			serpent.Option{
+			{
 				Flag:        "log-level",
 				Env:         "BOUNDARY_LOG_LEVEL",
 				Description: "Set log level (error, warn, info, debug).",
 				Default:     "warn",
 				Value:       serpent.StringOf(&config.LogLevel),
 			},
-			serpent.Option{
+			{
+				Flag:        "log-dir",
+				Env:         "BOUNDARY_LOG_DIR",
+				Description: "Set a directory to write logs to rather than stderr.",
+				Value:       serpent.StringOf(&config.LogDir),
+			},
+			{
 				Flag:        "unprivileged",
 				Env:         "BOUNDARY_UNPRIVILEGED",
 				Description: "Run in unprivileged mode (no network isolation, uses proxy environment variables).",
@@ -89,7 +97,10 @@ func BaseCommand() *serpent.Command {
 func Run(ctx context.Context, config Config, args []string) error {
 	ctx, cancel := context.WithCancel(ctx)
 	defer cancel()
-	logger := setupLogging(config.LogLevel)
+	logger, err := setupLogging(config)
+	if err != nil {
+		return fmt.Errorf("could not set up logging: %v", err)
+	}
 	username, uid, gid, homeDir, configDir := getUserInfo()
 
 	// Get command arguments
@@ -242,9 +253,9 @@ func getUserInfo() (string, int, int, string, string) {
 }
 
 // setupLogging creates a slog logger with the specified level
-func setupLogging(logLevel string) *slog.Logger {
+func setupLogging(config Config) (*slog.Logger, error) {
 	var level slog.Level
-	switch strings.ToLower(logLevel) {
+	switch strings.ToLower(config.LogLevel) {
 	case "error":
 		level = slog.LevelError
 	case "warn":
@@ -257,12 +268,34 @@ func setupLogging(logLevel string) *slog.Logger {
 		level = slog.LevelWarn // Default to warn if invalid level
 	}
 
+	logTarget := os.Stderr
+
+	if config.LogDir != "" {
+		// Set up the logging directory if it doesn't exist yet
+		if err := os.MkdirAll(config.LogDir, 0755); err != nil {
+			return nil, fmt.Errorf("could not set up log dir %s: %v", config.LogDir, err)
+		}
+
+		// Create a logfile (timestamp and pid to avoid race conditions with multiple boundary calls running)
+		logFilePath := fmt.Sprintf("boundary-%s-%d.log",
+			time.Now().Format("2006-01-02_15-04-05"),
+			os.Getpid())
+
+		logFile, err := os.Create(filepath.Join(config.LogDir, logFilePath))
+		if err != nil {
+			return nil, fmt.Errorf("could not create log file %s: %v", logFilePath, err)
+		}
+
+		// Set the log target to the file rather than stderr.
+		logTarget = logFile
+	}
+
 	// Create a standard slog logger with the appropriate level
-	handler := slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
+	handler := slog.NewTextHandler(logTarget, &slog.HandlerOptions{
 		Level: level,
 	})
 
-	return slog.New(handler)
+	return slog.New(handler), nil
 }
 
 // getCurrentUserInfo gets information for the current user
diff --git a/jail/jail.go b/jail/jail.go
index b59bf2d..2c2f217 100644
--- a/jail/jail.go
+++ b/jail/jail.go
@@ -34,4 +34,4 @@ func DefaultOS(config Config) (Jailer, error) {
 	default:
 		return nil, fmt.Errorf("unsupported operating system: %s", runtime.GOOS)
 	}
-}
\ No newline at end of file
+}
diff --git a/jail/linux_stub.go b/jail/linux_stub.go
index 19d32dc..fe8835e 100644
--- a/jail/linux_stub.go
+++ b/jail/linux_stub.go
@@ -9,4 +9,4 @@ import (
 // NewLinuxJail is not available on non-Linux platforms
 func NewLinuxJail(_ Config) (Jailer, error) {
 	return nil, fmt.Errorf("linux jail not supported on this platform")
-}
\ No newline at end of file
+}
diff --git a/jail/macos_stub.go b/jail/macos_stub.go
index 89f86a0..656cdc2 100644
--- a/jail/macos_stub.go
+++ b/jail/macos_stub.go
@@ -7,4 +7,4 @@ import "fmt"
 // NewMacOSJail is not available on non-macOS platforms
 func NewMacOSJail(_ Config) (Jailer, error) {
 	return nil, fmt.Errorf("macOS jail not supported on this platform")
-}
\ No newline at end of file
+}