LianYaoHu
Health Uyari
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Basarisiz
- network request — Outbound network request in package-lock.json
- rm -rf — Recursive force deletion command in scripts/e2e-linux-tart.sh
- rm -rf — Recursive force deletion command in scripts/package-release.sh
Permissions Gecti
- Permissions — No dangerous permissions requested
Bu listing icin henuz AI raporu yok.
炼妖壶 — run Claude Code, Codex, or any coding agent in a deny-default sandbox with VPN-only network egress. sandbox-exec + PF on macOS, Landlock/seccomp + iptables on Linux.
LianYaoHu
Documentation: https://madeye.github.io/LianYaoHu/
LianYaoHu is a Rust CLI/TUI launcher for running Claude Code, Codex, or another
code agent with a sanitized environment and a helper-managed network guard while
forcing agent traffic through a selected VPN interface. macOS usessandbox-exec plus PF on utun*; Linux uses Landlock/seccomp plus
owner-scoped iptables/ip6tables rules on tun* or wg*.
Run directly during development:
cargo run -p lianyaohu-app -- --vpn utun5 -- claude
cargo run -p lianyaohu-app -- --vpn utun5 -- codex
cargo run -p lianyaohu-app -- --vpn tun0 -- codex
By default it:
- prompts for a supported VPN interface at startup;
- requires the default IPv4 route to use the selected VPN interface;
- on macOS, applies
sandbox-execand a PF anchor scoped to the launched
process group; - on Linux, applies a Landlock/seccomp sandbox and iptables/ip6tables OUTPUT
chains scoped to the launched process group; - asks the root helper to run the agent as the caller's UID with the dedicated
_lianyaohueffective GID; - removes host-identifying environment variables and sets
TZ=UTC; - exposes the caller's
$HOME,--cwd, and a per-launch temporary directory
as writable, so agents can maintain their own state under$HOME; - denies raw/system sockets, socket ioctls or kernel APIs, inbound sockets, and
socket binding in the process sandbox (on macOS, loopback-only listeners are
allowed so OAuth login callbacks and local dev servers work); - blocks LAN destinations and non-selected-interface egress for only the
guarded agent tree.
Root Helper
Firewall enforcement and dedicated-group isolation require root. LianYaoHu uses
a root helper at /var/run/lianyaohu-helper.sock to create/validate the hidden_lianyaohu group, install group-scoped firewall rules, drop the child touid=caller_uid,gid=_lianyaohu while keeping the caller's normal supplementary
groups, and launch the agent with the caller's stdio. On macOS the agent is
spawned through launchctl asuser so it joins the caller's security session
and keychain-backed credentials (Claude Code, gh, git credential helpers)
keep working. The helper is installed as
a LaunchDaemon on macOS and a systemd service on Linux.
Install the helper once:
scripts/install-helper.sh
Remove it:
scripts/uninstall-helper.sh
The helper authenticates requests with getpeereid, validates that the
requested interface is an active utun, and supports the default session run
path plus install, uninstall, and status for the current-UID fallback.
Because the child keeps the caller's UID, normal owner-based access to $HOME,
the working tree, keychain, and TCC state behaves like the desktop user. The
sandbox policy grants write access to $HOME so agent CLIs can maintain
their own configuration and credential state.
For inspection without applying PF:
cargo run -p lianyaohu-app -- --vpn utun5 --print-profile
cargo run -p lianyaohu-app -- --vpn tun0 --print-profile
cargo run -p lianyaohu-app -- --vpn utun5 --print-firewall
cargo run -p lianyaohu-app -- --vpn tun0 --print-firewall
cargo run -p lianyaohu-app -- --vpn utun5 --no-pf -- claude
cargo run -p lianyaohu-app -- --vpn tun0 --shared-user-firewall -- claude
Validation
cargo fmt --all -- --check
cargo clippy --all-targets -- -D warnings
cargo test
scripts/e2e-linux-tart.sh
The unit tests validate policy generation, environment filtering, PF token
parsing, route-output parsing, and selected runtime sandbox denials. The Linux
Tart e2e boots an Ubuntu VM, installs the helper, creates a temporary tun0,
and verifies group-scoped firewall, filesystem, and process-syscall
enforcement around a real launched process.
Releases
Pushing a tag like v0.1.0 runs the release workflow. It verifies formatting,
clippy, and tests, builds lianyaohu, creates alianyaohu-<version>-<target>.tar.gz package, and attaches that package plus a
SHA-256 checksum to the GitHub Release for the tag.
License
LianYaoHu is licensed under the MIT License.
Copyright (c) 2026 Max Lv.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi