op public repos

Commits

Commit:: 1a49166de409ffcd354353450de98a7ee9885f8b
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Jan 23 11:29:02 2021 UTC

fix date

diff | patch | tree

Commit:: e29dbd7217cb1ad27be0fd47e757f5dcba74db0b
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Jan 23 11:28:44 2021 UTC

added missic copyright notice

diff | patch | tree

Commit:: 338f06f4e569807582f005f5804ca3abc412b255
From:: Omar Polo <op@omarpolo.com>
Date:: Thu Jan 21 11:55:52 2021 UTC

drop seccomp.h: not needed

diff | patch | tree

Commit:: 61f8d630c81fb92d771cf26496b25b5157c776ca
From:: Omar Polo <op@omarpolo.com>
Date:: Wed Jan 20 16:22:35 2021 UTC

fmt

diff | patch | tree

Commit:: f2b3a5193f96ab48bae4463654c67af706a18cdd
From:: Omar Polo <op@omarpolo.com>
Date:: Wed Jan 20 16:19:54 2021 UTC

allow clock_gettime and a bit of fmt alpine on amd64 (under OpenBSD vmd) tries to do a clock_gettime. I don't know why, but it doesn't seem a problem to allow it.

diff | patch | tree

Commit:: 3c0375e405857c074c428ddb3330d6286fcc47aa
From:: Omar Polo <op@omarpolo.com>
Date:: Wed Jan 20 16:09:04 2021 UTC

fix BPF

diff | patch | tree

Commit:: de4f71318422e6bd66ea7836dbb235ecb463f7f8
From:: Omar Polo <op@omarpolo.com>
Date:: Wed Jan 20 15:54:26 2021 UTC

tighten the rules for fcntl allow only the F_GETFL and F_SETFL commands

diff | patch | tree

Commit:: 298e4b96dc9ef528a058cc8a0d9561ca54588f03
From:: Omar Polo <op@omarpolo.com>
Date:: Wed Jan 20 15:44:11 2021 UTC

explain the poll mess

diff | patch | tree

Commit:: 94a79035ec810b9c529406aae80037301646500a
From:: Omar Polo <op@omarpolo.com>
Date:: Mon Jan 18 23:08:16 2021 UTC

__NR_poll doesn't seem to be defined on aarch64

diff | patch | tree

Commit:: 65fba1d570390381f99396a547094f8b33f26ebf
From:: Omar Polo <op@omarpolo.com>
Date:: Sun Jan 17 13:51:09 2021 UTC

[seccomp] allow also poll on the latest fedora we glibc uses poll. On the other linux distro I tried (void), musl is probably providing poll as a ppoll wrapper.

diff | patch | tree

Commit:: c2e39fcfedc2bf0430f65f56534ea446595c5018
From:: Omar Polo <op@omarpolo.com>
Date:: Sun Jan 17 09:37:44 2021 UTC

we don't need to check for CGI anymore

diff | patch | tree

Commit:: 71b7eb2f8c3d0a85dfdf23e08bf89d0a4ad82aaf
From:: Omar Polo <op@omarpolo.com>
Date:: Sun Jan 17 09:34:27 2021 UTC

initial seccomp support

diff | patch | tree

Commit:: 881a9dd9c2aebbf73f333dd3d8be4ce5400f717f
From:: Omar Polo <op@omarpolo.com>
Date:: Sat Jan 16 19:41:34 2021 UTC

split into two processes: listener and executor this way, we can sandbox the listener with seccomp (todo) or capsicum (already done) and still have CGI scripts. When we want to exec, we tell the executor what to do, the executor executes the scripts and send the fd backt to the listener.

diff | patch | tree

Commit:: dafb57b8af432d800219a8e17900e1ac56a65c14
From:: Omar Polo <op@omarpolo.com>
Date:: Fri Jan 15 14:03:45 2021 UTC

sandbox also on FreeBSD with capsicum

diff | patch | tree