rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
590 Commits 2 Branches 28 Tags 5.5 MiB
Commit Graph

40 Commits

Author SHA1 Message Date
Omar Polo a5d822e542 typo 2021-07-09 08:12:05 +00:00
Omar Polo a8a1f43921 style(9)-ify 2021-07-07 09:46:37 +00:00
Omar Polo 4aa1dd553a typo 2021-07-03 18:30:07 +00:00
Omar Polo b24021d4a2 fix seccomp filter for ppc64le 
before we matched ppc64le as ppc64 (which is big ending I presume), so
the seccomp filter would always kill gmid

#4 related
 2021-07-03 17:38:50 +00:00
Omar Polo 8bb8cf2ad4 configure: add --disable-sandbox 
Calling `configure' with --disable-sandbox will disable the sandbox
support *completely* at compile time.  gmid will still complain at
compile time and during the startup.

Users shouldn't disable the sandbox if possible, but instead report
problem upstream so they get fixed (hopefully.)

#4 related
 2021-07-02 09:26:59 +00:00
Omar Polo 137def5ff4 reworked seccomp filter 
* SECCOMP_AUDIT_ARCH extended to support more architectures
* relax fcntl policy: allow the syscall regardless of the flags
* wrap every syscall in a ifdef, and add some (statx, fcntl64, ...)
  used in x86

Some bits were taken from dhcpcd[0], thanks!

#4 related


[0]: https://roy.marples.name/git/dhcpcd/blob/HEAD:/src/privsep-linux.c
 2021-07-02 09:11:40 +00:00
Omar Polo e952c5052a allow sending fd to log on to the logger process 
the logger process now can receive a file descriptor to write logs
to.  At the moment the logic is simple, if it receives a file it logs
there, otherwise it logs to syslog.  This will allow to log on custom
log files.
 2021-06-15 08:06:10 +00:00
Omar Polo 8ad1c57024 fastcgi: a first implementation 
Not production-ready yet, but it's a start.

This adds a third ``backend'' for gmid: until now there it served
local files or CGI scripts, now FastCGI applications too.

FastCGI is meant to be an improvement over CGI: instead of exec'ing a
script for every request, it allows to open a single connection to an
``application'' and send the requests/receive the responses over that
socket using a simple binary protocol.

At the moment gmid supports three different methods of opening a
fastcgi connection:

 - local unix sockets, with: fastcgi "/path/to/sock"
 - network sockets, with: fastcgi tcp "host" [port]
   port defaults to 9000 and can be either a string or a number
 - subprocess, with: fastcgi spawn "/path/to/program"
   the fastcgi protocol is done over the executed program stdin

of these, the last is only for testing and may be removed in the
future.

P.S.: the fastcgi rule is per-location of course :)
 2021-05-09 18:23:36 +00:00
Omar Polo fdea6aa0bc allow ``root'' rule to be specified per-location block 2021-04-30 17:16:34 +00:00
Omar Polo b8e64ccd44 list instead of fixed-size array for vhosts and locations 
saves some bytes of memory and removes the limit on the maximum number
of vhosts and location blocks.
 2021-03-31 16:32:18 +00:00
Omar Polo e3d81f49cc [seccomp] allow prlimit64 
it's needed by getdtablesize, at least on glibc
 2021-03-20 09:24:44 +00:00
Omar Polo 62e001b067 move all sandbox-related code to sandbox.c 
while there, add capsicum for the logger process
 2021-03-20 08:42:08 +00:00
Omar Polo 9899a837af
[seccomp] allow sendmsg 2021-02-23 13:44:20 +01:00
Omar Polo d278a0c3c5
moving logging to its own process 2021-02-23 13:40:59 +01:00
Omar Polo 3cb3dd4d42 accept4 -> accept 
accept4(2) isn't part of any standard (even though it'll be part in
the future) and raises warnings on some linux distro.  Moreover, we
don't have thread that may fork at any time, so doing a mark_nonblock
after isn't a big deal.
 2021-02-12 11:59:03 +00:00
Omar Polo 8e56d6adc4 use fatal instead of err/fprintf+exit 
fatal logs to the correct place, err only on stderr.
 2021-02-11 09:07:28 +00:00
Omar Polo 2a911637be fix compilation on OSes without sandbox 2021-02-11 09:04:47 +00:00
Omar Polo 6827d2781e [seccomp] allow newfstatat and gettimeofday 
these are required to run on arch linux (at least)
 2021-02-10 19:20:59 +00:00
Omar Polo 4c857c0afc [seccomp] epoll_wait(2) isn't available on every arch 2021-02-10 18:02:08 +00:00
Omar Polo f6b9a079e3 allow epoll_wait 
fedora 33 issue an epoll_wait instead of pwait.
 2021-02-10 14:21:56 +00:00
Omar Polo c214d1ab67 allow sigreturn and sigaction on linux 2021-02-08 18:39:23 +00:00
Omar Polo df58efff26 fix seccomp for the new event loop 
add/remove syscalls from the BPF filter and move sandbox() after
libevent initialisation
 2021-02-08 12:46:46 +00:00
Omar Polo 8ef09de3d0 don't include err.h, gmid.h (via config.h) does that 2021-01-28 16:28:10 +00:00
Omar Polo 2d3f837ac5 [seccomp] allow getrandom 2021-01-25 15:25:04 +00:00
Omar Polo 2d3cc76f6d we don't need unveil "x" in listener 
not a big deal, since the pledge prohibits us to exec, but
nevertheless.
 2021-01-25 14:58:54 +00:00
Omar Polo f88311e534 [seccomp] allow fcntl F_SETFD 
musl does a F_SETFD in its fdopendir
 2021-01-24 19:12:32 +00:00
Omar Polo 1a49166de4 fix date 2021-01-23 11:29:02 +00:00
Omar Polo e29dbd7217 added missic copyright notice 2021-01-23 11:28:44 +00:00
Omar Polo 338f06f4e5 drop seccomp.h: not needed 2021-01-21 11:55:52 +00:00
Omar Polo 61f8d630c8 fmt 2021-01-20 16:22:35 +00:00
Omar Polo f2b3a5193f allow clock_gettime and a bit of fmt 
alpine on amd64 (under OpenBSD vmd) tries to do a clock_gettime.  I
don't know why, but it doesn't seem a problem to allow it.
 2021-01-20 16:19:54 +00:00
Omar Polo 3c0375e405 fix BPF 2021-01-20 16:09:04 +00:00
Omar Polo de4f713184 tighten the rules for fcntl 
allow only the F_GETFL and F_SETFL commands
 2021-01-20 15:54:26 +00:00
Omar Polo 298e4b96dc explain the poll mess 2021-01-20 15:44:11 +00:00
Omar Polo 94a79035ec __NR_poll doesn't seem to be defined on aarch64 2021-01-18 23:08:16 +00:00
Omar Polo 65fba1d570 [seccomp] allow also poll 
on the latest fedora we glibc uses poll.  On the other linux distro I
tried (void), musl is probably providing poll as a ppoll wrapper.
 2021-01-17 13:51:09 +00:00
Omar Polo c2e39fcfed we don't need to check for CGI anymore 2021-01-17 09:37:44 +00:00
Omar Polo 71b7eb2f8c initial seccomp support 2021-01-17 09:34:27 +00:00
Omar Polo 881a9dd9c2 split into two processes: listener and executor 
this way, we can sandbox the listener with seccomp (todo) or capsicum
(already done) and still have CGI scripts.  When we want to exec, we
tell the executor what to do, the executor executes the scripts and
send the fd backt to the listener.
 2021-01-16 19:41:34 +00:00
Omar Polo dafb57b8af sandbox also on FreeBSD with capsicum 2021-01-15 14:03:45 +00:00