fix: bug in config (#122)

* fix: bug in config

* fix: env vars bug in landjail

* docs: document envs behavior

Author: evgeniy-scherbina

cli/cli.go

@@ -41,9 +41,9 @@ func NewCommand() *serpent.Command {
 func BaseCommand() *serpent.Command {
 	cliConfig := config.CliConfig{}
 
-	// Set default cliConfig path if file exists - serpent will load it automatically
+	// Set default config path if file exists - serpent will load it automatically
 	if home, err := os.UserHomeDir(); err == nil {
-		defaultPath := filepath.Join(home, ".cliConfig", "coder_boundary", "cliConfig.yaml")
+		defaultPath := filepath.Join(home, ".config", "coder_boundary", "config.yaml")
 		if _, err := os.Stat(defaultPath); err == nil {
 			cliConfig.Config = serpent.YAMLConfigPath(defaultPath)
 		}
@@ -55,22 +55,22 @@ func BaseCommand() *serpent.Command {
 		Long:  `boundary creates an isolated network environment for target processes, intercepting HTTP/HTTPS traffic through a transparent proxy that enforces user-defined allow rules.`,
 		Options: []serpent.Option{
 			{
-				Flag:        "cliConfig",
+				Flag:        "config",
 				Env:         "BOUNDARY_CONFIG",
-				Description: "Path to YAML cliConfig file.",
+				Description: "Path to YAML config file.",
 				Value:       &cliConfig.Config,
 				YAML:        "",
 			},
 			{
 				Flag:        "allow",
 				Env:         "BOUNDARY_ALLOW",
-				Description: "Allow rule (repeatable). These are merged with allowlist from cliConfig file. Format: \"pattern\" or \"METHOD[,METHOD] pattern\".",
+				Description: "Allow rule (repeatable). These are merged with allowlist from config file. Format: \"pattern\" or \"METHOD[,METHOD] pattern\".",
 				Value:       &cliConfig.AllowStrings,
 				YAML:        "", // CLI only, not loaded from YAML
 			},
 			{
 				Flag:        "", // No CLI flag, YAML only
-				Description: "Allowlist rules from cliConfig file (YAML only).",
+				Description: "Allowlist rules from config file (YAML only).",
 				Value:       &cliConfig.AllowListStrings,
 				YAML:        "allowlist",
 			},

landjail/child.go

@@ -52,7 +52,6 @@ func RunChild(logger *slog.Logger, config config.AppConfig) error {
 
 	// Build command
 	cmd := exec.Command(config.TargetCMD[0], config.TargetCMD[1:]...)
-	cmd.Env = getEnvsForTargetProcess(config.UserInfo.ConfigDir, config.UserInfo.CACertPath(), int(config.ProxyPort))
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
@@ -77,6 +76,8 @@ func RunChild(logger *slog.Logger, config config.AppConfig) error {
 	return nil
 }
 
+// Returns environment variables intended to be set on the child process,
+// so they can later be inherited by the target process.
 func getEnvsForTargetProcess(configDir string, caCertPath string, httpProxyPort int) []string {
 	e := os.Environ()
 

landjail/manager.go

@@ -124,6 +124,8 @@ func (b *LandJail) RunChildProcess(command []string) error {
 
 func (b *LandJail) getChildCommand(command []string) *exec.Cmd {
 	cmd := exec.Command(command[0], command[1:]...)
+	// Set env vars for the child process; they will be inherited by the target process.
+	cmd.Env = getEnvsForTargetProcess(b.config.UserInfo.ConfigDir, b.config.UserInfo.CACertPath(), int(b.config.ProxyPort))
 	cmd.Env = append(cmd.Env, "CHILD=true")
 	cmd.Stderr = os.Stderr
 	cmd.Stdout = os.Stdout

nsjail_manager/nsjail/env.go

@@ -6,6 +6,8 @@ import (
 	"github.com/coder/boundary/util"
 )
 
+// Returns environment variables intended to be set on the child process,
+// so they can later be inherited by the target process.
 func getEnvsForTargetProcess(configDir string, caCertPath string) []string {
 	e := os.Environ()
 

nsjail_manager/nsjail/jail.go

@@ -67,6 +67,7 @@ func (l *LinuxJail) Command(command []string) *exec.Cmd {
 	l.logger.Debug("Creating command with namespace")
 
 	cmd := exec.Command(command[0], command[1:]...)
+	// Set env vars for the child process; they will be inherited by the target process.
 	cmd.Env = getEnvsForTargetProcess(l.configDir, l.caCertPath)
 	cmd.Env = append(cmd.Env, "CHILD=true")
 	cmd.Env = append(cmd.Env, fmt.Sprintf("VETH_JAIL_NAME=%v", l.vethJailName))