op public repos

Commits

Commit:: 12fcba2f80034356e75d73380d22012fd72476a8
From:: Omar Polo <op@omarpolo.com>
Date:: Sun Feb 27 16:24:45 2022 UTC

use shell built-in `command' instead of which(1) it's specified by POSIX AFAIK and requires less redirections.

diff | patch | tree

Commit:: cd3e28ffe4e39716849cb289f3bb0cf76634fbc3
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Feb 26 14:19:30 2022 UTC

fix email

diff | patch | tree

Commit:: 74994ae7e58aae3846ef2d3e5acb7cc196eee5a2
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Feb 26 14:19:24 2022 UTC

sync changelog

diff | patch | tree

Commit:: e0bf950dff7271b6ef01111f5f104aab66411ccd
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Feb 26 14:13:46 2022 UTC

document the type { ... } block

diff | patch | tree

Commit:: fb1212266f366f457b0c142869b8095213fc5b96
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Feb 26 14:02:45 2022 UTC

add tests for the type block

diff | patch | tree

Commit:: ee219d702e4b1db5a985be5087f0e682b567618b
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Feb 26 14:00:20 2022 UTC

add type { ... } block to define mime types mapping The `map' rule is powerful but quite annoying to use if you have/need lots of entries (and clutters the configuration file too.) The `type' block is blatantly stolen from httpd(8) and allows for a way more nice usage: type { include "/usr/share/misc/mime.types" } or even type { text/markdown md markdown text/x-perl pl pm # ... }

diff | patch | tree

Commit:: 88971f9a4e71c199c28fac3a1e9ccf39f44279f1
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Feb 26 13:49:24 2022 UTC

add missing token include to the list of tokens

diff | patch | tree

Commit:: d98ae929b23af35e2e837c97b5c20559f48d584b
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Feb 19 18:11:05 2022 UTC

don't log errno, it's always zero after libtls returns The libevent error value is much more interesting! see github issue #13

diff | patch | tree

Commit:: ed78e81b9c19d27e0898b28f138f2536a286020d
From:: Omar Polo <op@omarpolo.com>
Date:: Fri Feb 18 09:09:23 2022 UTC

remove paragraph "locally installed libressl" + some tweaks libtls is now widely available, it's at least on gentoo, arch, void, alpine, fedora and debian sid; there's no need to show how to compile to a locally installed one.

diff | patch | tree

Commit:: c273bc0e414a3405a9c009bcf05fd8bae488bfdf
From:: Omar Polo <op@omarpolo.com>
Date:: Sun Feb 13 16:21:37 2022 UTC

sync changelog

diff | patch | tree

Commit:: 4f0e893cd3889acb8e3d40d359610749189adc25
From:: Omar Polo <op@omarpolo.com>
Date:: Sun Feb 13 16:20:27 2022 UTC

tightens seccomp filter: allow only openat(O_RDONLY) be more strict and allow an openat only with the O_RDONLY flag. This is kind of redundant with landlock, but still good to have. Landlock is not yet widely available and won't kill the process upon policy violation; furthermore, landlock can be disabled at boot time. tested on GNU and musl libc on arch and alpine amd64.

diff | patch | tree

Commit:: 94c5f99ab038efafa5f5a841d8092a995d9ee03c
From:: Omar Polo <op@omarpolo.com>
Date:: Sun Feb 13 15:32:10 2022 UTC

sort syscalls in seccomp filter

diff | patch | tree

Commit:: 67347fb02188b5cad33b647df942b38226471b9c
From:: Omar Polo <op@omarpolo.com>
Date:: Sun Feb 13 15:29:20 2022 UTC

sync changelog

diff | patch | tree

Commit:: d0e0be1e43e6628e6215e1803c7a2415dd58c9bd
From:: Tobias Berger <tobi.berger13@gmail.com>
Via:: omar-polo <op@omarpolo.com>
Date:: Sun Feb 13 14:29:33 2022 UTC

Allow Arch-Armv7 syscalls in sandbox.c

diff | patch | tree

Commit:: c6ae2561a0345a7bd98652b66d7237d8bb88db5e
From:: Omar Polo <op@omarpolo.com>
Date:: Thu Feb 10 23:14:32 2022 UTC

update the site for the release

diff | patch | tree

More ↓