filed
Diff
Login
HomeTimelineFilesBranchesTagsTicketsWiki
Annotate Patch Side-by-side Diff

Differences From Artifact [7252b16239]:

To Artifact [61d8dcb4f5]:

21
22
23
24
25
26
27

28
29
30
31
32
33
34

21
22
23
24
25
26
27
28
29
30
31
32
33
34
35








+








 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
 * POSSIBILITY OF SUCH DAMAGE.
 */
#include <sys/sendfile.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/prctl.h>
#include <arpa/inet.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <pthread.h>
#include <strings.h>
#include <signal.h>

805
806
807
808
809
810
811






























812
813
814
815
816
817
818

806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849








+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+








	if (filed_sockettimeout_devnull_fd < 0) {
		return(-1);
	}

	return(0);
}
#endif

#include <linux/seccomp.h>
#include <linux/filter.h>
#include <linux/audit.h>
#include <sys/ptrace.h>
#include <stddef.h>

static int filed_init_seccomp(void) {
	struct sock_fprog filter;
	struct sock_filter rules[] = {
#include "filed.seccomp.h"
	};
	int prctl_ret;

	/* Do not allow any privilege changes beyond this point */
 	prctl_ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
	if (prctl_ret != 0) {
		return(-1);
	}

	filter.len = sizeof(rules) / sizeof(*rules);
	filter.filter = rules;

	prctl_ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &filter);
	if (prctl_ret != 0) {
		return(-1);
	}

	return(0);
}

/* Format time per RFC2616 */
static char *filed_format_time(char *buffer, size_t buffer_len, const time_t timeinfo) {
	struct tm timeinfo_tm, *timeinfo_tm_p;

	timeinfo_tm_p = gmtime_r(&timeinfo, &timeinfo_tm);
	if (timeinfo_tm_p == NULL) {

1933
1934
1935
1936
1937
1938
1939








1940
1941
1942
1943
1944
1945
1946

1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985








+
+
+
+
+
+
+
+








	/* Create socket termination thread */
	init_ret = filed_sockettimeout_thread_init();
	if (init_ret != 0) {
		perror("filed_sockettimeout_thread_init");

		return(7);
	}

	/* Initialize seccomp */
	init_ret = filed_init_seccomp();
	if (init_ret != 0) {
		perror("filed_init_seccomp");

		return(9);
	}

	/* Create worker threads */
	init_ret = filed_worker_threads_init(fd, thread_count, &thread_options);
	if (init_ret != 0) {
		perror("filed_worker_threads_init");

		return(5);
Powered by Fossil · RSS