• Joined on 2025-06-02
Webstar pushed to main at Webstar/LibrePortal 2026-05-24 01:36:36 +01:00
82411f00f4 Merge claude/1
3f7622d9e3 fix(switcher): control plane is libreportal in BOTH modes (root was never intended)
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-24 01:29:02 +01:00
9ec95657b7 Merge claude/1
e9bea13d3b fix(switcher): reconcile also flips the WebUI's own (0:0) dir so it survives a switch
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-24 01:16:55 +01:00
068db94320 Merge claude/1
1dc915f642 feat(switcher): reconcileDockerOwnership — safe owner-only control-plane reconcile on mode switch
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-24 00:58:37 +01:00
e7b55be73a Merge claude/1
3d0570de14 fix(rootless): make createTouch owner-by-location (app=dockerinstall, else manager)
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-24 00:23:57 +01:00
007b39ea14 Merge claude/1
affd96fb42 fix(rootless): don't disable userland-proxy (breaks rootless bridge on Debian)
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-24 00:12:22 +01:00
fa2df5dffe Merge claude/1
68110d199c fix(rootless): slirp4netns default, manager-vs-container helper split, sysctl path
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 23:51:14 +01:00
4b17efd1b3 Merge claude/1
f1ce5e3822 harden(desudo): fix docker-cmd helper bug; convert jitsi/authelia/reset_git
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 23:48:37 +01:00
5741fe6ee9 Merge claude/1
43779a992b harden(desudo): backup engines (restic/kopia/borg) + crowdsec host helpers
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 23:47:12 +01:00
1d6e838349 Merge claude/1
d7c0d12314 harden(desudo): funnel firewall/ssh/socket/systemd system ops through runSystem
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 23:45:55 +01:00
8532aecb3f Merge claude/1
0c719b5912 harden(desudo): add runInstallOp helper + convert adguard/traefik/crowdsec/dashy
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 23:38:38 +01:00
8813ced29e Merge claude/1
ccbb2e1c47 harden(desudo): convert permission/touch helpers + network-mode processor
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 23:36:26 +01:00
fe01a1947b Merge claude/1
582664aadf harden(desudo): convert crontab daemon, db-scan, port-allocation subsystems
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 23:34:05 +01:00
6e0dc04dd7 Merge claude/1
a8248ccf7f harden(desudo): convert monitoring subsystem + global log-append idiom
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 23:26:26 +01:00
03d7a7b969 Merge claude/1
bdd73b4686 harden(desudo): append-capable runFileWrite + convert config-to-container
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 23:23:01 +01:00
a5cdbc4656 Merge claude/1
82839abea6 harden(desudo): arg-safe runFileOp + convert DNS subsystem off raw sudo
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 22:59:29 +01:00
5e8e28f33d Merge claude/1
0bf9c41c51 harden(rootless): offset userns surface with kptr/ptrace/bpf-jit sysctls
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 22:55:26 +01:00
6d781b66a8 Merge claude/1
f65ecfc5ed refactor(config): move CFG_ROOTLESS_NET to its own advanced network_rootless file
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 22:53:23 +01:00
5bf2011b1a Merge claude/1
829816b826 feat(rootless): default to pasta+implicit, disable userland-proxy, make net driver switchable
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 22:25:15 +01:00
caa197f2fa Merge claude/2
f6a51f9a19 fix(rootless): run WebUI container as userns-root with socket gid 0
Compare 2 commits »
Webstar pushed to main at Webstar/LibrePortal 2026-05-23 22:03:05 +01:00
e52938bba5 Merge claude/2
049d5de6a8 fix(rootless): start daemon with slirp4netns, not invalid pasta+builtin
Compare 2 commits »