index.c - libgcgi - REST library for Gopher | |
git clone git://bitreich.org/libgcgi git://hg6vgqziawt5s4dj.onion/libgcgi | |
Log | |
Files | |
Refs | |
Tags | |
README | |
LICENSE | |
--- | |
index.c (1602B) | |
--- | |
1 #include <errno.h> | |
2 #include <stddef.h> | |
3 #include <stdio.h> | |
4 #include <string.h> | |
5 #include <unistd.h> | |
6 | |
7 #ifdef __linux__ | |
8 #include <seccomp.h> | |
9 #endif | |
10 | |
11 #include "libgcgi.h" | |
12 | |
13 static void | |
14 page_not_found(char **matches) | |
15 { | |
16 struct gcgi_var_list vars = {0}; | |
17 | |
18 gcgi_read_var_list(&vars, "db/vars"); | |
19 gcgi_set_var(&vars, "page", matches[0]); | |
20 gcgi_template("gph/page_not_found.gph", &vars); | |
21 } | |
22 | |
23 static struct gcgi_handler handlers[] = { | |
24 { "*", page_not_found }, | |
25 { NULL, NULL }, | |
26 }; | |
27 | |
28 int | |
29 main(int argc, char **argv) | |
30 { | |
31 | |
32 #if defined(__OpenBSD__) | |
33 if (unveil("gph", "r") == -1 || unveil("db", "rwc") == -1) | |
34 gcgi_fatal("unveil failed: %s", strerror(errno)); | |
35 if (pledge("stdio rpath wpath cpath", NULL) == -1) | |
36 gcgi_fatal("pledge failed: %s", strerror(errno)); | |
37 #elif defined(__linux__) | |
38 scmp_filter_ctx ctx; | |
39 if (chroot(".") == -1) | |
40 gcgi_fatal("chroot failed"); | |
41 if ((ctx = seccomp_init(SCMP_ACT_KILL)) == NULL) | |
42 gcgi_fatal("seccomp_init failed: %s", strerror(errno)); | |
43 if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0) < 0 | |
44 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0) < 0 | |
45 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0) < 0 | |
46 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0) < 0 | |
47 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, | |
48 SCMP_A0(SCMP_CMP_EQ, 0)) < 0) | |
49 gcgi_fatal("seccomp_rule_add failed"); | |
50 if (seccomp_load(ctx) < 0) | |
51 gcgi_fatal("seccomp_load failed: %s", strerror(errno)); | |
52 #else | |
53 #warning "no syscall restriction enabled" | |
54 #endif | |
55 | |
56 /* handle the request with the handlers */ | |
57 gcgi_handle_request(handlers, argv, argc); | |
58 return 0; | |
59 } |