Commit Briefs
landlock the server process
Trying to implement some landlock policies (rules?) where possible. The server process is, of course, the most dangerous process so start with that. The following should be equivalent to the unveil(2) call on OpenBSD: allows only to read files and directories inside the vhost roots. I'm assuming seccomp is enabled so I'm not trying to disallow actions such as LANDLOCK_ACCESS_FS_EXECUTE or LANDLOCK_ACCESS_FS_REMOVE_FILE which require syscalls that are already disallowed. I'm only trying to limit the damage that the currently allowed system calls can do. e.g. since write(2) is allowed, gmid could modify *any* file it has access to; this is now forbidden by landlock. There are still too many #ifdefs for my tastes, but it's still better than the seccomp code.
add configure check and shim for landlock
First move towards landlock support (#3). The shim is needed until libc provides the proper wrappers for the landlock APIs; I hope it doesn't take too long, but landlock was merged back in May and are still missing.
tag 1.7.3 (tags/1.7.3)
bump version number
fix syslog logging on FreeBSD
Due to capsicum(4), opening the log on-demand via syslog(3) fails. openlog(LOG_NDELAY) forces the log to be opened immediately, before we enter capsicum. This doesn't affect OpenBSD (where pledge(2) doesn't stop syslog) nor linux (where the log process is not sandboxed.) Reported by Karl Jeacle, thank you!
don't crash if -n is given without -c
If -n is given without -c, config_path is still NULL and it would crash due to a NULL deference.
don't yyerror if we can't open the file
the global var file could still be NULL and yyerror would crash.