diff options
author | bptato <nincsnevem662@gmail.com> | 2024-04-18 18:30:53 +0200 |
---|---|---|
committer | bptato <nincsnevem662@gmail.com> | 2024-04-18 18:30:53 +0200 |
commit | 38db6ab5be80b255fe40df715adc3b5852875cdd (patch) | |
tree | 328eada3b571e475903be0df61c5abf09c022d8b /src/loader | |
parent | 5bb9542045ff6dbb6c357eb4dd0a7616dba33a9a (diff) | |
download | chawan-38db6ab5be80b255fe40df715adc3b5852875cdd.tar.gz |
sandbox: seccomp support on Linux
We use libseccomp, which is now a semi-mandatory dependency on Linux. (You can still build without it, but only if you pass a scary long flag to make.) For this to work I had to disable getTimezoneOffset, which would otherwise call localtime_r which in turn reads in some files from /usr/share/zoneinfo. To allow this we would have to give unrestricted openat(2) access to buffer processes, which is unacceptable. (Giving websites access to the local timezone is a fingerprinting vector so if this ever gets fixed then it should be an opt-in config setting.) This patch also includes misc fixes to buffer cloning, and fixes the LIBEXECDIR override in the makefile so that it is actually useful.
Diffstat (limited to 'src/loader')
-rw-r--r-- | src/loader/loader.nim | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/loader/loader.nim b/src/loader/loader.nim index 207600f2..6a8e9164 100644 --- a/src/loader/loader.nim +++ b/src/loader/loader.nim @@ -258,7 +258,7 @@ proc addFd(ctx: LoaderContext; handle: LoaderHandle) = ctx.outputMap[output.ostream.fd] = output type HandleReadResult = enum - hrrDone, hrrUnregister + hrrDone, hrrUnregister, hrrBrokenPipe # Called whenever there is more data available to read. proc handleRead(ctx: LoaderContext; handle: LoaderHandle; @@ -296,7 +296,7 @@ proc handleRead(ctx: LoaderContext; handle: LoaderHandle; except ErrorAgain: # retry later break except ErrorBrokenPipe: # sender died; stop streaming - return hrrUnregister + return hrrBrokenPipe hrrDone # stream is a regular file, so we can't select on it. @@ -315,7 +315,7 @@ proc loadStreamRegular(ctx: LoaderContext; handle, cachedHandle: LoaderHandle) = output.registered = false handle.outputs.del(i) for output in handle.outputs: - if r == hrrUnregister: + if r == hrrBrokenPipe: output.ostream.sclose() output.ostream = nil elif cachedHandle != nil: @@ -823,7 +823,7 @@ proc runFileLoader*(fd: cint; config: LoaderConfig) = let handle = ctx.handleMap[event.fd] case ctx.handleRead(handle, unregWrite) of hrrDone: discard - of hrrUnregister: unregRead.add(handle) + of hrrUnregister, hrrBrokenPipe: unregRead.add(handle) if Write in event.events: ctx.handleWrite(ctx.outputMap[event.fd], unregWrite) if Error in event.events: @@ -1111,7 +1111,6 @@ proc removeClient*(loader: FileLoader; pid: int) = w.swrite(pid) stream.sclose() - when defined(freebsd): let O_DIRECTORY* {.importc, header: "<fcntl.h>", noinit.}: cint |