| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Otherwise, it complains about missing syscalls on cross compilation.
(Also, fix the warnings this revealed.)
|
| |
|
|
|
|
|
| |
* add some more env vars to makefile
* remove fpermissive from GCC builds
* update Monoucha
* fix borked seccomp filter length safety check (ugh)
|
|
|
This drops libseccomp as a dependency.
Also, move the capsicum/pledge definitions from bindings to sandbox.nim
because they are only used there.
Interestingly, after integrating chaseccomp I found that the
stbi process would mysteriously crash by a getrandom(2) syscall.
Closer investigation revealed it is only called on the initialization
of glibc's malloc; presumably it had never surfaced before because
libseccomp would always allocate before entering the sandbox.
So I've added getrandom to our filter as well.
|