Commit Briefs
enforce PR_SET_NO_NEW_PRIVS in the logger process
otherwise landlock will refuse to enable itself and the logger process dies.
[seccomp] allow ioctl(FIONREAD)
it's needed by bufferevent_read
fastcgi completely asynchronous
This changes the fastcgi implementation from a blocking I/O to an async implementation on top of libevent' bufferevents. Should improve the responsiveness of gmid especially when using remote fastcgi applications.
refactor landlock
refactor the landlock-related code into something more manageable. The only real difference is that before the logger process would try to landlock itself to "/" without perms, something that landlock doesn't support (now it enables landlock and then restrict itself, which is the correct move.)
mention the thanks to cage for the bugfix
Since I was in a hurry, I forgot to mention it in the tag message :/
fix possible out-of-bound access
While computing the parent directory it an out-of-bound access can occur, which usually means the server process dies. In particular, it can be triggered by making a request for a non-existent file in the root of a virtual host if the path matches the `cgi` pattern. Thanks cage for helping in debugging!
change struct initialization
makes more explicit which fields we're setting. (and kill an extra empty line)