Commits


typo Since there was 0 reports in a month can I assume it's not actually used anywhere?


allow fstat64 used by glibc on aarch64. Found and tested by pine, thanks!


typo


style(9)-ify


typo


fix seccomp filter for ppc64le before we matched ppc64le as ppc64 (which is big ending I presume), so the seccomp filter would always kill gmid #4 related


configure: add --disable-sandbox Calling `configure' with --disable-sandbox will disable the sandbox support *completely* at compile time. gmid will still complain at compile time and during the startup. Users shouldn't disable the sandbox if possible, but instead report problem upstream so they get fixed (hopefully.) #4 related


reworked seccomp filter * SECCOMP_AUDIT_ARCH extended to support more architectures * relax fcntl policy: allow the syscall regardless of the flags * wrap every syscall in a ifdef, and add some (statx, fcntl64, ...) used in x86 Some bits were taken from dhcpcd[0], thanks! #4 related [0]: https://roy.marples.name/git/dhcpcd/blob/HEAD:/src/privsep-linux.c


allow sending fd to log on to the logger process the logger process now can receive a file descriptor to write logs to. At the moment the logic is simple, if it receives a file it logs there, otherwise it logs to syslog. This will allow to log on custom log files.


fastcgi: a first implementation Not production-ready yet, but it's a start. This adds a third ``backend'' for gmid: until now there it served local files or CGI scripts, now FastCGI applications too. FastCGI is meant to be an improvement over CGI: instead of exec'ing a script for every request, it allows to open a single connection to an ``application'' and send the requests/receive the responses over that socket using a simple binary protocol. At the moment gmid supports three different methods of opening a fastcgi connection: - local unix sockets, with: fastcgi "/path/to/sock" - network sockets, with: fastcgi tcp "host" [port] port defaults to 9000 and can be either a string or a number - subprocess, with: fastcgi spawn "/path/to/program" the fastcgi protocol is done over the executed program stdin of these, the last is only for testing and may be removed in the future. P.S.: the fastcgi rule is per-location of course :)


allow ``root'' rule to be specified per-location block


list instead of fixed-size array for vhosts and locations saves some bytes of memory and removes the limit on the maximum number of vhosts and location blocks.


[seccomp] allow prlimit64 it's needed by getdtablesize, at least on glibc


move all sandbox-related code to sandbox.c while there, add capsicum for the logger process


[seccomp] allow sendmsg