Commit Briefs
we don't need unveil "x" in listener
not a big deal, since the pledge prohibits us to exec, but nevertheless.
[seccomp] allow fcntl F_SETFD
musl does a F_SETFD in its fdopendir
allow clock_gettime and a bit of fmt
alpine on amd64 (under OpenBSD vmd) tries to do a clock_gettime. I don't know why, but it doesn't seem a problem to allow it.
tighten the rules for fcntl
allow only the F_GETFL and F_SETFL commands
[seccomp] allow also poll
on the latest fedora we glibc uses poll. On the other linux distro I tried (void), musl is probably providing poll as a ppoll wrapper.
split into two processes: listener and executor
this way, we can sandbox the listener with seccomp (todo) or capsicum (already done) and still have CGI scripts. When we want to exec, we tell the executor what to do, the executor executes the scripts and send the fd backt to the listener.