allow sending fd to log on to the logger process the logger process now can receive a file descriptor to write logs to. At the moment the logic is simple, if it receives a file it logs there, otherwise it logs to syslog. This will allow to log on custom log files.

fastcgi: a first implementation Not production-ready yet, but it's a start. This adds a third ``backend'' for gmid: until now there it served local files or CGI scripts, now FastCGI applications too. FastCGI is meant to be an improvement over CGI: instead of exec'ing a script for every request, it allows to open a single connection to an ``application'' and send the requests/receive the responses over that socket using a simple binary protocol. At the moment gmid supports three different methods of opening a fastcgi connection: - local unix sockets, with: fastcgi "/path/to/sock" - network sockets, with: fastcgi tcp "host" [port] port defaults to 9000 and can be either a string or a number - subprocess, with: fastcgi spawn "/path/to/program" the fastcgi protocol is done over the executed program stdin of these, the last is only for testing and may be removed in the future. P.S.: the fastcgi rule is per-location of course :)

allow ``root'' rule to be specified per-location block

list instead of fixed-size array for vhosts and locations saves some bytes of memory and removes the limit on the maximum number of vhosts and location blocks.

[seccomp] allow prlimit64 it's needed by getdtablesize, at least on glibc

move all sandbox-related code to sandbox.c while there, add capsicum for the logger process

[seccomp] allow sendmsg

moving logging to its own process

accept4 -> accept accept4(2) isn't part of any standard (even though it'll be part in the future) and raises warnings on some linux distro. Moreover, we don't have thread that may fork at any time, so doing a mark_nonblock after isn't a big deal.

use fatal instead of err/fprintf+exit fatal logs to the correct place, err only on stderr.

fix compilation on OSes without sandbox

[seccomp] allow newfstatat and gettimeofday these are required to run on arch linux (at least)

[seccomp] epoll_wait(2) isn't available on every arch

allow epoll_wait fedora 33 issue an epoll_wait instead of pwait.

allow sigreturn and sigaction on linux