Commit Briefs
fix seccomp for the new event loop
add/remove syscalls from the BPF filter and move sandbox() after libevent initialisation
avoid race-condition
what if we receive a SIGHUP right after unblock_signal (or during the whole block_signals...unblock_signals) but *before* the wait_sighup? Yeah.
refactor executor_main
now it's symmetrical to listener_main().
configless: fixing the case of the implicit "."
I got bitten by the scope visibility rules. After the end of the block, the path variable is no longer valid, and in fact later load_vhosts fails to open that (because the buffer gets invalidated)
set cloexec status on the socketpair fds
the executor forks to spawn the cgi scripts, and they inherit the socket for communication with the listener process. Make that impossible.