Omar Polo
9899a837af
[seccomp] allow sendmsg
2021-02-23 13:44:20 +01:00
Omar Polo
d278a0c3c5
moving logging to its own process
2021-02-23 13:40:59 +01:00
Omar Polo
3cb3dd4d42
accept4 -> accept
...
accept4(2) isn't part of any standard (even though it'll be part in
the future) and raises warnings on some linux distro. Moreover, we
don't have thread that may fork at any time, so doing a mark_nonblock
after isn't a big deal.
2021-02-12 11:59:03 +00:00
Omar Polo
8e56d6adc4
use fatal instead of err/fprintf+exit
...
fatal logs to the correct place, err only on stderr.
2021-02-11 09:07:28 +00:00
Omar Polo
2a911637be
fix compilation on OSes without sandbox
2021-02-11 09:04:47 +00:00
Omar Polo
6827d2781e
[seccomp] allow newfstatat and gettimeofday
...
these are required to run on arch linux (at least)
2021-02-10 19:20:59 +00:00
Omar Polo
4c857c0afc
[seccomp] epoll_wait(2) isn't available on every arch
2021-02-10 18:02:08 +00:00
Omar Polo
f6b9a079e3
allow epoll_wait
...
fedora 33 issue an epoll_wait instead of pwait.
2021-02-10 14:21:56 +00:00
Omar Polo
c214d1ab67
allow sigreturn and sigaction on linux
2021-02-08 18:39:23 +00:00
Omar Polo
df58efff26
fix seccomp for the new event loop
...
add/remove syscalls from the BPF filter and move sandbox() after
libevent initialisation
2021-02-08 12:46:46 +00:00
Omar Polo
8ef09de3d0
don't include err.h, gmid.h (via config.h) does that
2021-01-28 16:28:10 +00:00
Omar Polo
2d3f837ac5
[seccomp] allow getrandom
2021-01-25 15:25:04 +00:00
Omar Polo
2d3cc76f6d
we don't need unveil "x" in listener
...
not a big deal, since the pledge prohibits us to exec, but
nevertheless.
2021-01-25 14:58:54 +00:00
Omar Polo
f88311e534
[seccomp] allow fcntl F_SETFD
...
musl does a F_SETFD in its fdopendir
2021-01-24 19:12:32 +00:00
Omar Polo
1a49166de4
fix date
2021-01-23 11:29:02 +00:00
Omar Polo
e29dbd7217
added missic copyright notice
2021-01-23 11:28:44 +00:00
Omar Polo
338f06f4e5
drop seccomp.h: not needed
2021-01-21 11:55:52 +00:00
Omar Polo
61f8d630c8
fmt
2021-01-20 16:22:35 +00:00
Omar Polo
f2b3a5193f
allow clock_gettime and a bit of fmt
...
alpine on amd64 (under OpenBSD vmd) tries to do a clock_gettime. I
don't know why, but it doesn't seem a problem to allow it.
2021-01-20 16:19:54 +00:00
Omar Polo
3c0375e405
fix BPF
2021-01-20 16:09:04 +00:00
Omar Polo
de4f713184
tighten the rules for fcntl
...
allow only the F_GETFL and F_SETFL commands
2021-01-20 15:54:26 +00:00
Omar Polo
298e4b96dc
explain the poll mess
2021-01-20 15:44:11 +00:00
Omar Polo
94a79035ec
__NR_poll doesn't seem to be defined on aarch64
2021-01-18 23:08:16 +00:00
Omar Polo
65fba1d570
[seccomp] allow also poll
...
on the latest fedora we glibc uses poll. On the other linux distro I
tried (void), musl is probably providing poll as a ppoll wrapper.
2021-01-17 13:51:09 +00:00
Omar Polo
c2e39fcfed
we don't need to check for CGI anymore
2021-01-17 09:37:44 +00:00
Omar Polo
71b7eb2f8c
initial seccomp support
2021-01-17 09:34:27 +00:00
Omar Polo
881a9dd9c2
split into two processes: listener and executor
...
this way, we can sandbox the listener with seccomp (todo) or capsicum
(already done) and still have CGI scripts. When we want to exec, we
tell the executor what to do, the executor executes the scripts and
send the fd backt to the listener.
2021-01-16 19:41:34 +00:00
Omar Polo
dafb57b8af
sandbox also on FreeBSD with capsicum
2021-01-15 14:03:45 +00:00