Commits
- Commit:
b8e64ccd44290cdd34bdcd3fd85fb1a9cb7486dd
- From:
- Omar Polo <op@omarpolo.com>
- Date:
list instead of fixed-size array for vhosts and locations
saves some bytes of memory and removes the limit on the maximum number
of vhosts and location blocks.
- Commit:
e3d81f49cc4084f6af16a497cf56d15d79d1c1b8
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] allow prlimit64
it's needed by getdtablesize, at least on glibc
- Commit:
62e001b06778c96d0deebceddf1913f7b57ab2d6
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move all sandbox-related code to sandbox.c
while there, add capsicum for the logger process
- Commit:
9899a837afd7e0e35478ee9c7e5a0910205318cd
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] allow sendmsg
- Commit:
d278a0c3c50146c703b675ca4dac1d58ef286585
- From:
- Omar Polo <op@omarpolo.com>
- Date:
moving logging to its own process
- Commit:
3cb3dd4d422cdead2dd09f1e3ce3eff35a9e6dc8
- From:
- Omar Polo <op@omarpolo.com>
- Date:
accept4 -> accept
accept4(2) isn't part of any standard (even though it'll be part in
the future) and raises warnings on some linux distro. Moreover, we
don't have thread that may fork at any time, so doing a mark_nonblock
after isn't a big deal.
- Commit:
8e56d6adc423e81f47259a50ac5b11a1dd3c9877
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use fatal instead of err/fprintf+exit
fatal logs to the correct place, err only on stderr.
- Commit:
2a911637be035476640c5c65e45ff26cb6bf169a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix compilation on OSes without sandbox
- Commit:
6827d2781e8aaaa6aad1e32026a21863070c90f4
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] allow newfstatat and gettimeofday
these are required to run on arch linux (at least)
- Commit:
4c857c0afcb7d76cb03323ba7d0dfef60b27589f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] epoll_wait(2) isn't available on every arch
- Commit:
f6b9a079e378d2891906510206419fd28f3ff890
- From:
- Omar Polo <op@omarpolo.com>
- Date:
allow epoll_wait
fedora 33 issue an epoll_wait instead of pwait.
- Commit:
c214d1ab67b2eee5a6424f518a795ab7883b868f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
allow sigreturn and sigaction on linux
- Commit:
df58efff26529acd6a5675d3b4044d494b138397
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix seccomp for the new event loop
add/remove syscalls from the BPF filter and move sandbox() after
libevent initialisation
- Commit:
8ef09de3d077645d29bc3e670f1d1aacab0d91cb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't include err.h, gmid.h (via config.h) does that
- Commit:
2d3f837ac587063ac967c12afbdb219ba231256c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
[seccomp] allow getrandom