Commit Briefs

Omar Polo

add missing newline



omar-polo

add systemd-sysusers' config file


Omar Polo

use shell built-in `command' instead of which(1)

it's specified by POSIX AFAIK and requires less redirections.


Omar Polo

fix email


Omar Polo

sync changelog


Omar Polo

document the type { ... } block


Omar Polo

add tests for the type block


Omar Polo

add type { ... } block to define mime types mapping

The `map' rule is powerful but quite annoying to use if you have/need lots of entries (and clutters the configuration file too.) The `type' block is blatantly stolen from httpd(8) and allows for a way more nice usage: type { include "/usr/share/misc/mime.types" } or even type { text/markdown md markdown text/x-perl pl pm # ... }



Omar Polo

don't log errno, it's always zero after libtls returns

The libevent error value is much more interesting! see github issue #13


Omar Polo

remove paragraph "locally installed libressl" + some tweaks

libtls is now widely available, it's at least on gentoo, arch, void, alpine, fedora and debian sid; there's no need to show how to compile to a locally installed one.


Omar Polo

sync changelog


Omar Polo

tightens seccomp filter: allow only openat(O_RDONLY)

be more strict and allow an openat only with the O_RDONLY flag. This is kind of redundant with landlock, but still good to have. Landlock is not yet widely available and won't kill the process upon policy violation; furthermore, landlock can be disabled at boot time. tested on GNU and musl libc on arch and alpine amd64.


Omar Polo

sort syscalls in seccomp filter