Tree
- Tree:
7b89bda32789455e29cae756f6ea8dd5955a9510
- Date:
- Message:
- tightens seccomp filter: allow only openat(O_RDONLY) be more strict and allow an openat only with the O_RDONLY flag. This is kind of redundant with landlock, but still good to have. Landlock is not yet widely available and won't kill the process upon policy violation; furthermore, landlock can be disabled at boot time. tested on GNU and musl libc on arch and alpine amd64.
README.md
# gmid website/capsule These are the sources for the gmid website and Gemini capsule. Unlike gmid itself, to build the site you'll need OpenBSD' make (on linux `bmake` *may* work.)