commit - d090dc8491682f30c49da381498c283c61f2e37b
commit + df58efff26529acd6a5675d3b4044d494b138397
blob - 023dd627341e053aae8fb166f6aaf3111aeb09cd
blob + b960bfc4818a98b638f308e0fa6499d0bf377fd9
--- gmid.c
+++ gmid.c
@@ -200,7 +200,6 @@ listener_main(void)
 	unblock_signals();
 	load_default_mime(&conf.mime);
 	load_vhosts();
-	sandbox();
 	loop(ctx, sock4, sock6);
 	return 0;
 }
blob - 262d41a499218bc6c745f605f98c333f6ac65bae
blob + 2a2504f7eee13b21b8814ddb5107d9ee2dfd8382
--- sandbox.c
+++ sandbox.c
@@ -150,16 +150,9 @@ sandbox()
 
 		/* these are used to serve the files.  note how we
 		 * allow openat but not open. */
-
-#ifdef __aarch64__
-		/* it seems that on aarch64 there isn't a poll(2)
-		 * syscall, but instead it's implemented on top of
-		 * ppoll(2). */
-		SC_ALLOW(ppoll),
-#else
-		SC_ALLOW(poll),
-#endif
-		SC_ALLOW(accept),
+		SC_ALLOW(epoll_pwait),
+		SC_ALLOW(epoll_ctl),
+		SC_ALLOW(accept4),
 		SC_ALLOW(read),
 		SC_ALLOW(openat),
 		SC_ALLOW(fstat),
@@ -175,8 +168,9 @@ sandbox()
 		/* XXX: ??? */
 		SC_ALLOW(getpid),
 
-		/* alpine on amd64 does a clock_gettime(2) */
+		/* alpine on amd64 */
 		SC_ALLOW(clock_gettime),
+		SC_ALLOW(madvise),
 
 		/* void on aarch64 does a gettrandom */
 		SC_ALLOW(getrandom),
@@ -187,6 +181,12 @@ sandbox()
 		SC_ALLOW(exit),
 		SC_ALLOW(exit_group),
 
+		/* stuff used by syslog.  revisit once we move
+		 * logging in its own process */
+		SC_ALLOW(socket),
+		SC_ALLOW(sendto),
+		SC_ALLOW(connect),
+
 		/* allow only F_GETFL and F_SETFL fcntl */
 		BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_fcntl, 0, 8),
 		BPF_STMT(BPF_LD  | BPF_W | BPF_ABS,
blob - daeeb93d98170659954dcbe00fbbd0bc1e56e6d9
blob + d7e5108719f35024f3d9bf558fe54aaf1d648059
--- server.c
+++ server.c
@@ -1059,5 +1059,7 @@ loop(struct tls *ctx, int sock4, int sock6)
 
 	server.ctx = ctx;
 
+	sandbox();
 	event_dispatch();
+	_exit(0);
 }