v0.1.14 — LDD and add-exec flags

feat(cli): add --ldd and --add-exec flags to auto-include binary and its libraries

This adds two optional flags to improve UX when sandboxing dynamically linked executables:

--add-exec: Automatically resolves and adds the target binary to --rox

--ldd: Runs ldd on the target binary and adds detected library paths to --rox

These help avoid common EACCES errors when users forget to include required .so files or the executable itself in --rox.

Also includes tests to validate both options in isolation and together.

v0.1.13 — File control

Access rights now adapt based on whether path is file or directory

v0.1.12

Implemented --unrestricted-network and --unrestricted-filesystem parameters, some test cleanups.

v0.1.11

support for env variable passing

v0.1.10

feat: improve Landlock sandbox fidelity and test coverage

Added missing Landlock permissions: TRUNCATE, REFER, IOCTL_DEV to better support realistic workloads

Updated test suite with deep coverage: read/write/exec, dir traversal, pipes, redirection, TCP connect, and edge cases

Added nested dir structures and test scripts for verifying sandbox edge behavior

Bumped version to 0.1.10

Improved README with a sharper pitch for landrun and its Landlock v5 capabilities

v0.1.7

Full Changelog: v0.1.5...v0.1.7

v0.1.4

Added
Introduced --rox flag to allow read-only with execution access to specified paths.
Introduced --rwx flag to allow read-write with execution access to specified paths.
New config field: ExecutablePaths to explicitly define which paths can be executed.
getExecutableRights() helper for fine-grained executable access using Landlock.
pathInSlice() utility to avoid duplicating rules for overlapping path categories.

Changed
CLI no longer uses global --exec flag. Execution permissions are now path-specific via --rox and --rwx.
Updated Landlock rule generation logic to cleanly separate executable paths from read-only and read-write ones.
Enhanced debug logging around rule registration.

Removed
--exec CLI flag deprecated and removed.

v0.1.3 — Some cleanup here and there

Highlights:

✅ Lowered Go version requirement from 1.24.1 → 1.18, allowing more developers to build from source.
🔧 CI Matrix enhanced: Now tests across Go 1.18, 1.20, 1.22, and 1.24, improving backward compatibility assurance.
🛡️ Failsafe restrictions: If no sandbox rules are provided, Landrun now applies a default deny-all sandbox, preventing accidental unsafe execution.
📦 Added --version flag support via embedded Version constant.
📉 Downgraded golang.org/x/sys to v0.26.0 for broader compatibility.

Dev / Internal:
🧪 go mod tidy added to GitHub Actions for dependency hygiene.
🧼 YAML cleanup and quoting for Go versions in CI matrix.
🧱 Version tag now shown properly in the CLI (landrun --version).