commit - d090dc8491682f30c49da381498c283c61f2e37b
commit + df58efff26529acd6a5675d3b4044d494b138397
blob - 023dd627341e053aae8fb166f6aaf3111aeb09cd
blob + b960bfc4818a98b638f308e0fa6499d0bf377fd9
--- gmid.c
+++ gmid.c
unblock_signals();
load_default_mime(&conf.mime);
load_vhosts();
- sandbox();
loop(ctx, sock4, sock6);
return 0;
}
blob - 262d41a499218bc6c745f605f98c333f6ac65bae
blob + 2a2504f7eee13b21b8814ddb5107d9ee2dfd8382
--- sandbox.c
+++ sandbox.c
/* these are used to serve the files. note how we
* allow openat but not open. */
-
-#ifdef __aarch64__
- /* it seems that on aarch64 there isn't a poll(2)
- * syscall, but instead it's implemented on top of
- * ppoll(2). */
- SC_ALLOW(ppoll),
-#else
- SC_ALLOW(poll),
-#endif
- SC_ALLOW(accept),
+ SC_ALLOW(epoll_pwait),
+ SC_ALLOW(epoll_ctl),
+ SC_ALLOW(accept4),
SC_ALLOW(read),
SC_ALLOW(openat),
SC_ALLOW(fstat),
/* XXX: ??? */
SC_ALLOW(getpid),
- /* alpine on amd64 does a clock_gettime(2) */
+ /* alpine on amd64 */
SC_ALLOW(clock_gettime),
+ SC_ALLOW(madvise),
/* void on aarch64 does a gettrandom */
SC_ALLOW(getrandom),
SC_ALLOW(exit),
SC_ALLOW(exit_group),
+ /* stuff used by syslog. revisit once we move
+ * logging in its own process */
+ SC_ALLOW(socket),
+ SC_ALLOW(sendto),
+ SC_ALLOW(connect),
+
/* allow only F_GETFL and F_SETFL fcntl */
BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_fcntl, 0, 8),
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
blob - daeeb93d98170659954dcbe00fbbd0bc1e56e6d9
blob + d7e5108719f35024f3d9bf558fe54aaf1d648059
--- server.c
+++ server.c
server.ctx = ctx;
+ sandbox();
event_dispatch();
+ _exit(0);
}