Commit Diff

commit - c2e39fcfedc2bf0430f65f56534ea446595c5018
commit + ea58dab1a7936d2ddddaab9e3f018656508d2270
blob - 4cbaa86bad5ef46177ec9a1772befe21f369a925
blob + b1821c74be58bd4c6a91da5125eb0fe026b4bb88
@@ -9,8 +9,8 @@ requirements of most capsules.
 gmid was initially written to serve static files, but can also
 optionally execute CGI scripts.  It was also written with security in
-mind: on FreeBSD and OpenBSD is sandboxed via `capsicum(4)`and
-`pledge(2)`/`unveil(2)` respectively.
+mind: on Linux, FreeBSD and OpenBSD is sandboxed via `seccomp(2)`,
+`capsicum(4)`and `pledge(2)`+`unveil(2)` respectively.
 ## Features
@@ -21,7 +21,7 @@ mind: on FreeBSD and OpenBSD is sandboxed via `capsicu
  - (very) low memory footprint
  - small codebase, easily hackable
  - virtual hosts
- - sandboxed by default on OpenBSD and FreeBSD
+ - sandboxed by default on OpenBSD, Linux and FreeBSD
 ## Drawbacks
@@ -62,9 +62,13 @@ even if the presence of a sandbox.
 On OpenBSD, the listener process runs with the `stdio recvfd rpath
 inet` pledges and has `unveil(2)`ed only the directories that it
-serves. Furthermore, the executor process has `stdio sendfd proc exec`
-as pledges.
+serves; the executor has `stdio sendfd proc exec` as pledges.
-On FreeBSD, the listener process is sandboxed with `capsicum(4)`.
+On FreeBSD, the executor process is sandboxed with `capsicum(4)`.
-On linux, a seccomp filter is installed for the listener process.
+On Linux, a `seccomp(2)` filter is installed to filter the syscalls
+allowed, see [sandbox.c](sandbox.c) for more information on the BPF
+In any case, you are invited to run gmid inside some sort of