mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-06-27 14:58:30 +00:00
Add seccomp bpf sandboxing to redbean
It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
This commit is contained in:
Justine Tunney
parent
7166679620
commit
5a132f9652
79 changed files with 2271 additions and 651 deletions
|
|
@ -1,93 +1,45 @@
|
|||
#ifndef COSMOPOLITAN_LIBC_SYSV_CONSTS_LOG_H_
|
||||
#define COSMOPOLITAN_LIBC_SYSV_CONSTS_LOG_H_
|
||||
#include "libc/runtime/symbolic.h"
|
||||
|
||||
#define LOG_ALERT SYMBOLIC(LOG_ALERT)
|
||||
#define LOG_AUTH SYMBOLIC(LOG_AUTH)
|
||||
#define LOG_CONS SYMBOLIC(LOG_CONS)
|
||||
#define LOG_CRIT SYMBOLIC(LOG_CRIT)
|
||||
#define LOG_CRON SYMBOLIC(LOG_CRON)
|
||||
#define LOG_DAEMON SYMBOLIC(LOG_DAEMON)
|
||||
#define LOG_DEBUG SYMBOLIC(LOG_DEBUG)
|
||||
#define LOG_EMERG SYMBOLIC(LOG_EMERG)
|
||||
#define LOG_ERR SYMBOLIC(LOG_ERR)
|
||||
#define LOG_FACMASK SYMBOLIC(LOG_FACMASK)
|
||||
#define LOG_INFO SYMBOLIC(LOG_INFO)
|
||||
#define LOG_KERN SYMBOLIC(LOG_KERN)
|
||||
#define LOG_LOCAL0 SYMBOLIC(LOG_LOCAL0)
|
||||
#define LOG_LOCAL1 SYMBOLIC(LOG_LOCAL1)
|
||||
#define LOG_LOCAL2 SYMBOLIC(LOG_LOCAL2)
|
||||
#define LOG_LOCAL3 SYMBOLIC(LOG_LOCAL3)
|
||||
#define LOG_LOCAL4 SYMBOLIC(LOG_LOCAL4)
|
||||
#define LOG_LOCAL5 SYMBOLIC(LOG_LOCAL5)
|
||||
#define LOG_LOCAL6 SYMBOLIC(LOG_LOCAL6)
|
||||
#define LOG_LOCAL7 SYMBOLIC(LOG_LOCAL7)
|
||||
#define LOG_LPR SYMBOLIC(LOG_LPR)
|
||||
#define LOG_MAIL SYMBOLIC(LOG_MAIL)
|
||||
#define LOG_NDELAY SYMBOLIC(LOG_NDELAY)
|
||||
#define LOG_NEWS SYMBOLIC(LOG_NEWS)
|
||||
#define LOG_NFACILITIES SYMBOLIC(LOG_NFACILITIES)
|
||||
#define LOG_NOTICE SYMBOLIC(LOG_NOTICE)
|
||||
#define LOG_NOWAIT SYMBOLIC(LOG_NOWAIT)
|
||||
#define LOG_ODELAY SYMBOLIC(LOG_ODELAY)
|
||||
#define LOG_PERROR SYMBOLIC(LOG_PERROR)
|
||||
#define LOG_PID SYMBOLIC(LOG_PID)
|
||||
#define LOG_PRIMASK SYMBOLIC(LOG_PRIMASK)
|
||||
#define LOG_SELECT SYMBOLIC(LOG_SELECT)
|
||||
#define LOG_SENSE SYMBOLIC(LOG_SENSE)
|
||||
#define LOG_SYSLOG SYMBOLIC(LOG_SYSLOG)
|
||||
#define LOG_USER SYMBOLIC(LOG_USER)
|
||||
#define LOG_UUCP SYMBOLIC(LOG_UUCP)
|
||||
#define LOG_WARNING SYMBOLIC(LOG_WARNING)
|
||||
#define LOG_MASK(pri) (1 << (pri))
|
||||
#define LOG_UPTO(pri) ((1 << ((pri) + 1)) - 1)
|
||||
|
||||
/*
|
||||
* arguments to setlogmask.
|
||||
*/
|
||||
#define LOG_MASK(pri) (1 << (pri)) /* mask for one priority */
|
||||
#define LOG_UPTO(pri) ((1 << ((pri)+1)) - 1) /* all priorities through pri */
|
||||
#define LOG_EMERG 0
|
||||
#define LOG_KERN 0
|
||||
#define LOG_ALERT 1
|
||||
#define LOG_PID 1
|
||||
#define LOG_CONS 2
|
||||
#define LOG_CRIT 2
|
||||
#define LOG_ERR 3
|
||||
#define LOG_ODELAY 4
|
||||
#define LOG_WARNING 4
|
||||
#define LOG_NOTICE 5
|
||||
#define LOG_INFO 6
|
||||
#define LOG_DEBUG 7
|
||||
#define LOG_PRIMASK 7
|
||||
#define LOG_NDELAY 8
|
||||
#define LOG_USER 8
|
||||
#define LOG_MAIL 16
|
||||
#define LOG_NOWAIT 16
|
||||
#define LOG_DAEMON 24
|
||||
#define LOG_NFACILITIES 24
|
||||
#define LOG_AUTH 32
|
||||
#define LOG_PERROR 32
|
||||
#define LOG_SYSLOG 40
|
||||
#define LOG_LPR 48
|
||||
#define LOG_NEWS 56
|
||||
#define LOG_UUCP 64
|
||||
#define LOG_CRON 72
|
||||
#define LOG_SELECT 76
|
||||
#define LOG_SENSE 77
|
||||
#define LOG_LOCAL0 128
|
||||
#define LOG_LOCAL1 136
|
||||
#define LOG_LOCAL2 144
|
||||
#define LOG_LOCAL3 152
|
||||
#define LOG_LOCAL4 160
|
||||
#define LOG_LOCAL5 168
|
||||
#define LOG_LOCAL6 176
|
||||
#define LOG_LOCAL7 184
|
||||
#define LOG_FACMASK 0x03f8
|
||||
|
||||
|
||||
#if !(__ASSEMBLER__ + __LINKER__ + 0)
|
||||
COSMOPOLITAN_C_START_
|
||||
|
||||
extern const long LOG_ALERT;
|
||||
extern const long LOG_AUTH;
|
||||
extern const long LOG_CONS;
|
||||
extern const long LOG_CRIT;
|
||||
extern const long LOG_CRON;
|
||||
extern const long LOG_DAEMON;
|
||||
extern const long LOG_DEBUG;
|
||||
extern const long LOG_EMERG;
|
||||
extern const long LOG_ERR;
|
||||
extern const long LOG_FACMASK;
|
||||
extern const long LOG_INFO;
|
||||
extern const long LOG_KERN;
|
||||
extern const long LOG_LOCAL0;
|
||||
extern const long LOG_LOCAL1;
|
||||
extern const long LOG_LOCAL2;
|
||||
extern const long LOG_LOCAL3;
|
||||
extern const long LOG_LOCAL4;
|
||||
extern const long LOG_LOCAL5;
|
||||
extern const long LOG_LOCAL6;
|
||||
extern const long LOG_LOCAL7;
|
||||
extern const long LOG_LPR;
|
||||
extern const long LOG_MAIL;
|
||||
extern const long LOG_NDELAY;
|
||||
extern const long LOG_NEWS;
|
||||
extern const long LOG_NFACILITIES;
|
||||
extern const long LOG_NOTICE;
|
||||
extern const long LOG_NOWAIT;
|
||||
extern const long LOG_ODELAY;
|
||||
extern const long LOG_PERROR;
|
||||
extern const long LOG_PID;
|
||||
extern const long LOG_PRIMASK;
|
||||
extern const long LOG_SELECT;
|
||||
extern const long LOG_SENSE;
|
||||
extern const long LOG_SYSLOG;
|
||||
extern const long LOG_USER;
|
||||
extern const long LOG_UUCP;
|
||||
extern const long LOG_WARNING;
|
||||
|
||||
COSMOPOLITAN_C_END_
|
||||
#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
|
||||
#endif /* COSMOPOLITAN_LIBC_SYSV_CONSTS_LOG_H_ */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue