rdelaage
/
gmid
mirror of https://github.com/omar-polo/gmid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
182 Commits 2 Branches 28 Tags 5.6 MiB
Commit Graph

12 Commits

Author SHA1 Message Date
Omar Polo 338f06f4e5 drop seccomp.h: not needed 2021-01-21 11:55:52 +00:00
Omar Polo 61f8d630c8 fmt 2021-01-20 16:22:35 +00:00
Omar Polo f2b3a5193f allow clock_gettime and a bit of fmt 
alpine on amd64 (under OpenBSD vmd) tries to do a clock_gettime.  I
don't know why, but it doesn't seem a problem to allow it.
 2021-01-20 16:19:54 +00:00
Omar Polo 3c0375e405 fix BPF 2021-01-20 16:09:04 +00:00
Omar Polo de4f713184 tighten the rules for fcntl 
allow only the F_GETFL and F_SETFL commands
 2021-01-20 15:54:26 +00:00
Omar Polo 298e4b96dc explain the poll mess 2021-01-20 15:44:11 +00:00
Omar Polo 94a79035ec __NR_poll doesn't seem to be defined on aarch64 2021-01-18 23:08:16 +00:00
Omar Polo 65fba1d570 [seccomp] allow also poll 
on the latest fedora we glibc uses poll.  On the other linux distro I
tried (void), musl is probably providing poll as a ppoll wrapper.
 2021-01-17 13:51:09 +00:00
Omar Polo c2e39fcfed we don't need to check for CGI anymore 2021-01-17 09:37:44 +00:00
Omar Polo 71b7eb2f8c initial seccomp support 2021-01-17 09:34:27 +00:00
Omar Polo 881a9dd9c2 split into two processes: listener and executor 
this way, we can sandbox the listener with seccomp (todo) or capsicum
(already done) and still have CGI scripts.  When we want to exec, we
tell the executor what to do, the executor executes the scripts and
send the fd backt to the listener.
 2021-01-16 19:41:34 +00:00
Omar Polo dafb57b8af sandbox also on FreeBSD with capsicum 2021-01-15 14:03:45 +00:00