index.c - libgcgi - REST library for Gopher HTML git clone git://bitreich.org/libgcgi git://hg6vgqziawt5s4dj.onion/libgcgi DIR Log DIR Files DIR Refs DIR Tags DIR README DIR LICENSE --- index.c (1602B) --- 1 #include <errno.h> 2 #include <stddef.h> 3 #include <stdio.h> 4 #include <string.h> 5 #include <unistd.h> 6 7 #ifdef __linux__ 8 #include <seccomp.h> 9 #endif 10 11 #include "libgcgi.h" 12 13 static void 14 page_not_found(char **matches) 15 { 16 struct gcgi_var_list vars = {0}; 17 18 gcgi_read_var_list(&vars, "db/vars"); 19 gcgi_set_var(&vars, "page", matches[0]); 20 gcgi_template("gph/page_not_found.gph", &vars); 21 } 22 23 static struct gcgi_handler handlers[] = { 24 { "*", page_not_found }, 25 { NULL, NULL }, 26 }; 27 28 int 29 main(int argc, char **argv) 30 { 31 32 #if defined(__OpenBSD__) 33 if (unveil("gph", "r") == -1 || unveil("db", "rwc") == -1) 34 gcgi_fatal("unveil failed: %s", strerror(errno)); 35 if (pledge("stdio rpath wpath cpath", NULL) == -1) 36 gcgi_fatal("pledge failed: %s", strerror(errno)); 37 #elif defined(__linux__) 38 scmp_filter_ctx ctx; 39 if (chroot(".") == -1) 40 gcgi_fatal("chroot failed"); 41 if ((ctx = seccomp_init(SCMP_ACT_KILL)) == NULL) 42 gcgi_fatal("seccomp_init failed: %s", strerror(errno)); 43 if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0) < 0 44 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0) < 0 45 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(close), 0) < 0 46 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(read), 0) < 0 47 || seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 1, 48 SCMP_A0(SCMP_CMP_EQ, 0)) < 0) 49 gcgi_fatal("seccomp_rule_add failed"); 50 if (seccomp_load(ctx) < 0) 51 gcgi_fatal("seccomp_load failed: %s", strerror(errno)); 52 #else 53 #warning "no syscall restriction enabled" 54 #endif 55 56 /* handle the request with the handlers */ 57 gcgi_handle_request(handlers, argv, argc); 58 return 0; 59 }