Compare commits

..

5 Commits

10 changed files with 35 additions and 15 deletions

View File

@ -14,6 +14,7 @@ SOURCES+=$(wildcard handlers/*.cpp)
SOURCES+=$(wildcard database/*.cpp) SOURCES+=$(wildcard database/*.cpp)
SOURCES+=$(wildcard cache/*.cpp) SOURCES+=$(wildcard cache/*.cpp)
SOURCES+=$(wildcard sandbox/*.cpp) SOURCES+=$(wildcard sandbox/*.cpp)
SOURCES+=$(wildcard dynamic/*.cpp)
HEADERS=$(wildcard *.h) HEADERS=$(wildcard *.h)
HEADERS+=$(wildcard gateway/*.h) HEADERS+=$(wildcard gateway/*.h)
@ -21,7 +22,7 @@ HEADERS+=$(wildcard handlers/*.h)
HEADERS+=$(wildcard database/*.h) HEADERS+=$(wildcard database/*.h)
HEADERS+=$(wildcard cache/*.h) HEADERS+=$(wildcard cache/*.h)
HEADERS+=$(wildcard sandbox/*.h) HEADERS+=$(wildcard sandbox/*.h)
HEADERS+=$(wildcard dynamic/*.h)
OBJECTS=$(patsubst %.cpp, %.o, $(SOURCES)) OBJECTS=$(patsubst %.cpp, %.o, $(SOURCES))
WIKIOBJECTS=$(filter-out test.o, $(OBJECTS)) WIKIOBJECTS=$(filter-out test.o, $(OBJECTS))
@ -48,8 +49,12 @@ profile: LDFLAGS+= -pg
release: qswiki release: qswiki
profile: qswiki profile: qswiki
qswiki: $(WIKIOBJECTS)
$(CXX) $(WIKIOBJECTS) ${LDFLAGS} ${INCLUDEFLAGS} -o qswiki exile.o: submodules/exile.h/exile.c
$(CC) -std=c99 -DHAVE_LANDLOCK=0 -c submodules/exile.h/exile.c -o exile.o
qswiki: $(WIKIOBJECTS) exile.o
$(CXX) $(WIKIOBJECTS) exile.o ${LDFLAGS} ${INCLUDEFLAGS} -o qswiki
test: $(TESTOBJECTS) test: $(TESTOBJECTS)
$(CXX) $(TESTOBJECTS) ${LDFLAGS} -o test $(CXX) $(TESTOBJECTS) ${LDFLAGS} -o test
@ -63,6 +68,6 @@ gtest: $(GTESTS_TESTDIR)/*.cpp $(GTEST_OBJECTS)
version.o:version.cpp version.o:version.cpp
$(CXX) ${CXXFLAGS} ${INCLUDEFLAGS} -DGITCOMMIT=\"$(shell git rev-parse --short HEAD)\" -c -o $@ $< $(CXX) ${CXXFLAGS} ${INCLUDEFLAGS} -DGITCOMMIT=\"$(shell git rev-parse --short HEAD)\" -c -o $@ $<
clean: clean:
rm -f $(OBJECTS) $(DEPENDS) rm -f exile.o $(OBJECTS) $(DEPENDS)

View File

@ -12,6 +12,7 @@ std::string DynamicContentPostList::render()
auto pageDao = this->database->createPageDao(); auto pageDao = this->database->createPageDao();
auto revisionDao = this->database->createRevisionDao(); auto revisionDao = this->database->createRevisionDao();
QueryOption option; QueryOption option;
option.includeInvisible = false;
auto members = categoryDao->fetchMembers(this->catname, option); auto members = categoryDao->fetchMembers(this->catname, option);
std::vector<std::pair<std::string, time_t>> pageList; std::vector<std::pair<std::string, time_t>> pageList;
for(std::string &member : members) for(std::string &member : members)

View File

@ -12,18 +12,13 @@
#include <filesystem> #include <filesystem>
#include <sys/mount.h> #include <sys/mount.h>
#include <sys/capability.h> #include <sys/capability.h>
#define HAVE_LANDLOCK 0 #include <exile.hpp>
#include <exile.h>
#include "../logger.h" #include "../logger.h"
#include "../utils.h" #include "../utils.h"
#include "../random.h" #include "../random.h"
#include "sandbox-linux.h" #include "sandbox-linux.h"
/* TODO: make a whitelist approach. So far we simply blacklist
* obvious systemcalls. To whitelist, we need to analyse our
* dependencies (http library, sqlite wrapper, sqlite lib etc.) */
bool SandboxLinux::supported() bool SandboxLinux::supported()
{ {
std::fstream stream; std::fstream stream;
@ -54,7 +49,7 @@ bool SandboxLinux::enable(std::vector<std::string> fsPaths)
} }
for(unsigned int i = 0; i < fsPaths.size(); i++) for(unsigned int i = 0; i < fsPaths.size(); i++)
{ {
exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, fsPaths[i].c_str()); exile_append_path_policies(policy, EXILE_FS_ALLOW_ALL_READ | EXILE_FS_ALLOW_ALL_WRITE, fsPaths[i].c_str());
} }
policy->drop_caps = 1; policy->drop_caps = 1;
policy->not_dumpable = 1; policy->not_dumpable = 1;
@ -66,7 +61,7 @@ bool SandboxLinux::enable(std::vector<std::string> fsPaths)
if(exile_enable_policy(policy) != 0) if(exile_enable_policy(policy) != 0)
{ {
Logger::error() << "Sandbox: Activation of seccomp blacklist failed!"; Logger::error() << "Sandbox: Activation of exile failed!";
exile_free_policy(policy); exile_free_policy(policy);
return false; return false;
} }

@ -1 +1 @@
Subproject commit 4824c6eaa9043878daaba7b3778338f5bf913f06 Subproject commit f2ca26010a2bb6d9e270d6ade2e8789c02ac3b31

View File

@ -0,0 +1 @@
<ul>

View File

@ -0,0 +1 @@
</ul>

View File

@ -0,0 +1 @@
<li>{date}: <a href="{url}">{title}</a></li>

View File

@ -0,0 +1,7 @@
<entry>
<title>{qswiki:var:entrytitle}</title>
<link href="{qswiki:var:entryurl}"/>
<id>{qswiki:var:entryid}</id>
<published>{qswiki:var:entrypublished}</published>
<content type="html">{qswiki:var:entrycontent}</content>
</entry>

View File

@ -0,0 +1 @@
</feed>

View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<author>
<name>{qswiki:config:wikiownername}</name>
</author>
<title>{qswiki:config:wikiname} - {qswiki:var:subtitle}</title>
<id>{qswiki:var:atomfeeduniqueid}</id>
<updated>{qswiki:var:atomfeedupdate}</updated>