Commits
- Commit:
837156014c5dc5746ecfcc00e5b02db16cb90f67
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a disclaimer
- Commit:
d29a2ee2246e1b1b0c5222a823820e42422c894e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
get rid of the CGI support
I really want to get rid of the `executor' process hack for CGI scripts
and its escalation to allow fastcgi and proxying to work on non-OpenBSD.
This drops the CGI support and the `executor' process entirely and is
the first step towards gmid 2.0. It also allows to have more secure
defaults.
On non-OpenBSD systems this means that the sandbox will be deactivated
as soon as fastcgi or proxying are used: you can't open sockets under
FreeBSD' capsicum(4) and I don't want to go thru the pain of making it
work under linux' seccomp/landlock. Patches are always welcome however.
For folks using CGI scripts (hey, I'm one of you!) not all hope is lost:
fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were
FastCGI applications.
fixes for the documentation and to the non-OpenBSD sandboxes will
follow.
- Commit:
456a4c6b6e2d1e506816be64dfc7cb36ca0c822a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a "contributing" section
- Commit:
4252e62cad7a923226723cb2f0f054c12b89b3c2
- From:
- Omar Polo <op@omarpolo.com>
- Date:
"a posix libc" can be left implicit
- Commit:
a68203f089038d253de90759aaf385f79d3ec861
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove docker section; it's already showed off in the contrib page
- Commit:
ed78e81b9c19d27e0898b28f138f2536a286020d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
remove paragraph "locally installed libressl" + some tweaks
libtls is now widely available, it's at least on gentoo, arch, void,
alpine, fedora and debian sid; there's no need to show how to compile to
a locally installed one.
- Commit:
c3eb759a7906ba3661eff53a1eb660b768316723
- From:
- Omar Polo <op@omarpolo.com>
- Date:
mention the reverse proxying
- Commit:
dcfdb969a267631fc9b787507c6ce6db7e290e48
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't list the exact pledge promises
It's easy to forgot to update the README after a code change (already
happened in the past) and they're easy to discover by reading
sandbox.c
- Commit:
67c49bc5c794c4375344ea010be608572d6f0070
- From:
- Omar Polo <op@omarpolo.com>
- Date:
mention landlock in the README
- Commit:
e58a447a28a416ee719a9e457bfc8160a9b0e771
- From:
- Anna “CyberTailor” <cyber@sysrq.in>
- Via:
- Omar Polo <op@omarpolo.com>
- Date:
gmid.1: document logging
- Commit:
dbbfd0fb9fc9eb6541d54470691033aaf941f500
- From:
- Omar Polo <op@omarpolo.com>
- Date:
point to contrib.html
- Commit:
be52e954c1d54f80485c643663db8e2ffc27510f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync readme.md with sandbox.c
- Commit:
3759d3eb56e899a8982c7e7df9555842b398b9b6
- From:
- Omar Polo <op@omarpolo.com>
- Date:
show macro usage in the example
- Commit:
74f0778b9ae93a700d8b0f759b05f24e69f54921
- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop the dependency on lex by implementing yylex by ourselves
The actual implementation is based off doas' parse.y. This gave us
various benefits, like cleaner code, \ to break long lines, better
handling of quotes etc...
- Commit:
a6c809551e8dd554898a041a00d13b03a91d77cd
- From:
- Omar Polo <op@omarpolo.com>
- Date:
mention FastCGI in the README.md