mirror of https://github.com/omar-polo/gmid.git
fix seccomp for the new event loop
add/remove syscalls from the BPF filter and move sandbox() after libevent initialisation
This commit is contained in:
parent
d090dc8491
commit
df58efff26
1
gmid.c
1
gmid.c
|
@ -200,7 +200,6 @@ listener_main(void)
|
|||
unblock_signals();
|
||||
load_default_mime(&conf.mime);
|
||||
load_vhosts();
|
||||
sandbox();
|
||||
loop(ctx, sock4, sock6);
|
||||
return 0;
|
||||
}
|
||||
|
|
22
sandbox.c
22
sandbox.c
|
@ -150,16 +150,9 @@ sandbox()
|
|||
|
||||
/* these are used to serve the files. note how we
|
||||
* allow openat but not open. */
|
||||
|
||||
#ifdef __aarch64__
|
||||
/* it seems that on aarch64 there isn't a poll(2)
|
||||
* syscall, but instead it's implemented on top of
|
||||
* ppoll(2). */
|
||||
SC_ALLOW(ppoll),
|
||||
#else
|
||||
SC_ALLOW(poll),
|
||||
#endif
|
||||
SC_ALLOW(accept),
|
||||
SC_ALLOW(epoll_pwait),
|
||||
SC_ALLOW(epoll_ctl),
|
||||
SC_ALLOW(accept4),
|
||||
SC_ALLOW(read),
|
||||
SC_ALLOW(openat),
|
||||
SC_ALLOW(fstat),
|
||||
|
@ -175,8 +168,9 @@ sandbox()
|
|||
/* XXX: ??? */
|
||||
SC_ALLOW(getpid),
|
||||
|
||||
/* alpine on amd64 does a clock_gettime(2) */
|
||||
/* alpine on amd64 */
|
||||
SC_ALLOW(clock_gettime),
|
||||
SC_ALLOW(madvise),
|
||||
|
||||
/* void on aarch64 does a gettrandom */
|
||||
SC_ALLOW(getrandom),
|
||||
|
@ -187,6 +181,12 @@ sandbox()
|
|||
SC_ALLOW(exit),
|
||||
SC_ALLOW(exit_group),
|
||||
|
||||
/* stuff used by syslog. revisit once we move
|
||||
* logging in its own process */
|
||||
SC_ALLOW(socket),
|
||||
SC_ALLOW(sendto),
|
||||
SC_ALLOW(connect),
|
||||
|
||||
/* allow only F_GETFL and F_SETFL fcntl */
|
||||
BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, __NR_fcntl, 0, 8),
|
||||
BPF_STMT(BPF_LD | BPF_W | BPF_ABS,
|
||||
|
|
Loading…
Reference in New Issue