banger

History

Thales Maciel 235758e5b2 workspace: drop --readonly flag — advisory only against root guests --readonly ran `chmod -R a-w` over the workspace after copying, but every banger guest boots as root, and root bypasses DAC mode checks. So a user running `vm workspace prepare ... --readonly` got the mode bits set to 0444 but `echo x >> file` in the guest still succeeded. The flag promised enforcement it couldn't deliver. The feature also doesn't match the product model: workspaces are prepared precisely so the guest CAN edit them, and `workspace export` exists to pull those edits back as a patch. A "read-only workspace" contradicts that loop. Removed: - CLI flag `--readonly` on `vm workspace prepare` - api.VMWorkspacePrepareParams.ReadOnly field - model.WorkspacePrepareResult.ReadOnly field - daemon chmod dispatch in prepareVMWorkspaceGuestIO - smoke scenario pinning the (advisory) mode-bit behavior - misleading "exportbox-readonly" VM name in an unrelated export test (the test is about not mutating the real git index; renamed to exportbox-noindex-mutation) If real enforcement becomes a user need later, the right primitive is `chattr +i` (immutable bit — root CAN'T write) or a ro bind-mount. Reintroducing a new flag is cheaper than debugging what the current one actually guarantees. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-04-23 13:04:33 -03:00
..
aliases_test.go	remove vm session feature	2026-04-20 12:47:58 -03:00
banger.go	ssh-config: make the `ssh <name>.vm` shortcut opt-in	2026-04-20 13:57:26 -03:00
bangerd.go	Add Go daemon-driven VM control plane	2026-03-16 12:52:54 -03:00
cli_test.go	smoke: five more scenarios + fix exit-code propagation bug the new ones caught	2026-04-22 19:37:07 -03:00
commands_daemon.go	cli + daemon: move test seams off package globals onto injected structs	2026-04-19 19:03:55 -03:00
commands_image.go	cli + daemon: move test seams off package globals onto injected structs	2026-04-19 19:03:55 -03:00
commands_internal.go	cli + daemon: move test seams off package globals onto injected structs	2026-04-19 19:03:55 -03:00
commands_kernel.go	cli + daemon: move test seams off package globals onto injected structs	2026-04-19 19:03:55 -03:00
commands_ssh_config.go	ssh-config: make the `ssh <name>.vm` shortcut opt-in	2026-04-20 13:57:26 -03:00
commands_vm.go	workspace: drop --readonly flag — advisory only against root guests	2026-04-23 13:04:33 -03:00
completion.go	remove vm session feature	2026-04-20 12:47:58 -03:00
completion_test.go	remove vm session feature	2026-04-20 12:47:58 -03:00
daemon_lifecycle.go	cli + daemon: move test seams off package globals onto injected structs	2026-04-19 19:03:55 -03:00
deps.go	seams: move the last four package globals onto instance fields	2026-04-22 12:07:14 -03:00
formatters_test.go	remove vm session feature	2026-04-20 12:47:58 -03:00
make_bundle_test.go	banger internal make-bundle: build image bundles from flat rootfs tars	2026-04-17 15:17:50 -03:00
printers.go	remove vm session feature	2026-04-20 12:47:58 -03:00
prune_test.go	cli + daemon: move test seams off package globals onto injected structs	2026-04-19 19:03:55 -03:00
ssh.go	smoke: five more scenarios + fix exit-code propagation bug the new ones caught	2026-04-22 19:37:07 -03:00
vm_create.go	cli + daemon: move test seams off package globals onto injected structs	2026-04-19 19:03:55 -03:00
vm_run.go	noteUntrackedSkipped: fix subdir underreport + be best-effort everywhere	2026-04-22 12:42:33 -03:00
vm_spec_test.go	vm defaults: host-aware sizing + spec line on spawn + doctor check	2026-04-19 13:06:51 -03:00
workspace_preview.go	noteUntrackedSkipped: fix subdir underreport + be best-effort everywhere	2026-04-22 12:42:33 -03:00
workspace_preview_test.go	noteUntrackedSkipped: fix subdir underreport + be best-effort everywhere	2026-04-22 12:42:33 -03:00