log more details for FastCGI errors add the reported request id if there's a mismatch and both the gai error and the errno value if getnameinfo fails.

simplify error check

typo

enforce PR_SET_NO_NEW_PRIVS in the logger process otherwise landlock will refuse to enable itself and the logger process dies.

forgot include

[seccomp] allow ioctl(FIONREAD) it's needed by bufferevent_read

sync changelog

fastcgi completely asynchronous This changes the fastcgi implementation from a blocking I/O to an async implementation on top of libevent' bufferevents. Should improve the responsiveness of gmid especially when using remote fastcgi applications.

initialize mbufhead

refactor landlock refactor the landlock-related code into something more manageable. The only real difference is that before the logger process would try to landlock itself to "/" without perms, something that landlock doesn't support (now it enables landlock and then restrict itself, which is the correct move.)

mention the thanks to cage for the bugfix Since I was in a hurry, I forgot to mention it in the tag message :/

sync release

fix possible out-of-bound access While computing the parent directory it an out-of-bound access can occur, which usually means the server process dies. In particular, it can be triggered by making a request for a non-existent file in the root of a virtual host if the path matches the `cgi` pattern. Thanks cage for helping in debugging!

style

change struct initialization makes more explicit which fields we're setting. (and kill an extra empty line)