Omar Polo
298e4b96dc
explain the poll mess
2021-01-20 15:44:11 +00:00
Omar Polo
94a79035ec
__NR_poll doesn't seem to be defined on aarch64
2021-01-18 23:08:16 +00:00
Omar Polo
65fba1d570
[seccomp] allow also poll
...
on the latest fedora we glibc uses poll. On the other linux distro I
tried (void), musl is probably providing poll as a ppoll wrapper.
2021-01-17 13:51:09 +00:00
Omar Polo
c2e39fcfed
we don't need to check for CGI anymore
2021-01-17 09:37:44 +00:00
Omar Polo
71b7eb2f8c
initial seccomp support
2021-01-17 09:34:27 +00:00
Omar Polo
881a9dd9c2
split into two processes: listener and executor
...
this way, we can sandbox the listener with seccomp (todo) or capsicum
(already done) and still have CGI scripts. When we want to exec, we
tell the executor what to do, the executor executes the scripts and
send the fd backt to the listener.
2021-01-16 19:41:34 +00:00
Omar Polo
dafb57b8af
sandbox also on FreeBSD with capsicum
2021-01-15 14:03:45 +00:00