Commits
- Commit:
137def5ff4c0f9720391ca88191cf9fee6d8ae9a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
reworked seccomp filter
* SECCOMP_AUDIT_ARCH extended to support more architectures
* relax fcntl policy: allow the syscall regardless of the flags
* wrap every syscall in a ifdef, and add some (statx, fcntl64, ...)
used in x86
Some bits were taken from dhcpcd[0], thanks!
#4 related
[0]: https://roy.marples.name/git/dhcpcd/blob/HEAD:/src/privsep-linux.c
- Commit:
e952c5052a0c524eee6d8151b1af96ce2c94ca18
- From:
- Omar Polo <op@omarpolo.com>
- Date:
allow sending fd to log on to the logger process
the logger process now can receive a file descriptor to write logs
to. At the moment the logic is simple, if it receives a file it logs
there, otherwise it logs to syslog. This will allow to log on custom
log files.
- Commit:
8ad1c570242cd93f0802931621b49b2510b338e7
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fastcgi: a first implementation
Not production-ready yet, but it's a start.
This adds a third ``backend'' for gmid: until now there it served
local files or CGI scripts, now FastCGI applications too.
FastCGI is meant to be an improvement over CGI: instead of exec'ing a
script for every request, it allows to open a single connection to an
``application'' and send the requests/receive the responses over that
socket using a simple binary protocol.
At the moment gmid supports three different methods of opening a
fastcgi connection:
- local unix sockets, with: fastcgi "/path/to/sock"
- network sockets, with: fastcgi tcp "host" [port]
port defaults to 9000 and can be either a string or a number
- subprocess, with: fastcgi spawn "/path/to/program"
the fastcgi protocol is done over the executed program stdin
of these, the last is only for testing and may be removed in the
future.
P.S.: the fastcgi rule is per-location of course :)
- Commit:
fdea6aa0bca24f6f947e2126ce101fd59caa7a31
- From:
- Omar Polo <op@omarpolo.com>
- Date:
allow ``root'' rule to be specified per-location block
- Commit:
b8e64ccd44290cdd34bdcd3fd85fb1a9cb7486dd
- From:
- Omar Polo <op@omarpolo.com>
- Date:
list instead of fixed-size array for vhosts and locations
saves some bytes of memory and removes the limit on the maximum number
of vhosts and location blocks.
- Commit:
e3d81f49cc4084f6af16a497cf56d15d79d1c1b8
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] allow prlimit64
it's needed by getdtablesize, at least on glibc
- Commit:
62e001b06778c96d0deebceddf1913f7b57ab2d6
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move all sandbox-related code to sandbox.c
while there, add capsicum for the logger process
- Commit:
9899a837afd7e0e35478ee9c7e5a0910205318cd
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] allow sendmsg
- Commit:
d278a0c3c50146c703b675ca4dac1d58ef286585
- From:
- Omar Polo <op@omarpolo.com>
- Date:
moving logging to its own process
- Commit:
3cb3dd4d422cdead2dd09f1e3ce3eff35a9e6dc8
- From:
- Omar Polo <op@omarpolo.com>
- Date:
accept4 -> accept
accept4(2) isn't part of any standard (even though it'll be part in
the future) and raises warnings on some linux distro. Moreover, we
don't have thread that may fork at any time, so doing a mark_nonblock
after isn't a big deal.
- Commit:
8e56d6adc423e81f47259a50ac5b11a1dd3c9877
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use fatal instead of err/fprintf+exit
fatal logs to the correct place, err only on stderr.
- Commit:
2a911637be035476640c5c65e45ff26cb6bf169a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix compilation on OSes without sandbox
- Commit:
6827d2781e8aaaa6aad1e32026a21863070c90f4
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] allow newfstatat and gettimeofday
these are required to run on arch linux (at least)
- Commit:
4c857c0afcb7d76cb03323ba7d0dfef60b27589f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] epoll_wait(2) isn't available on every arch
- Commit:
f6b9a079e378d2891906510206419fd28f3ff890
- From:
- Omar Polo <op@omarpolo.com>
- Date:
allow epoll_wait
fedora 33 issue an epoll_wait instead of pwait.