Comparar comentimentos
4 Cometimentos
c90e26a374
...
5570154113
Autor(a) | SHA1 | Data | |
---|---|---|---|
5570154113 | |||
4f6bcd27b4 | |||
bbe74a2c50 | |||
5db9305408 |
2
cache/fscache.cpp
externo
2
cache/fscache.cpp
externo
@ -46,7 +46,7 @@ void FsCache::removePrefix(std::string_view prefix)
|
||||
// TODO: lock dir
|
||||
for(auto &entry : std::filesystem::directory_iterator(std::filesystem::path{this->path}))
|
||||
{
|
||||
if(std::string_view(entry.path().filename().c_str()).starts_with(prefix) == 0)
|
||||
if(std::string_view(entry.path().filename().c_str()).starts_with(prefix))
|
||||
{
|
||||
std::filesystem::remove_all(entry);
|
||||
}
|
||||
|
@ -28,6 +28,7 @@ Response HandlerSearch::handleRequest(const Request &r)
|
||||
TemplatePage searchForm = this->templ->getPage("searchform");
|
||||
response.setBody(searchForm.render());
|
||||
response.setStatus(200);
|
||||
setGeneralVars(searchForm);
|
||||
return response;
|
||||
}
|
||||
|
||||
|
@ -60,18 +60,25 @@ bool SandboxLinux::enable(std::vector<std::string> fsPaths)
|
||||
policy->not_dumpable = 1;
|
||||
policy->no_new_privs = 1;
|
||||
policy->mount_path_policies_to_chroot = 1;
|
||||
/* TODO: as said, a whitelist approach is better. As such, this list is bound to be incomplete in the
|
||||
* sense that more could be listed here and some critical ones are probably missing */
|
||||
|
||||
/* TODO: use qssb groups */
|
||||
long blacklisted_syscalls[] = {QSSB_SYS(setuid), QSSB_SYS(connect), QSSB_SYS(chroot), QSSB_SYS(pivot_root),
|
||||
QSSB_SYS(mount), QSSB_SYS(setns), QSSB_SYS(unshare), QSSB_SYS(ptrace),
|
||||
QSSB_SYS(personality), QSSB_SYS(prctl), QSSB_SYS(execveat), QSSB_SYS(execve),
|
||||
QSSB_SYS(fork)};
|
||||
qssb_append_syscalls_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS, blacklisted_syscalls,
|
||||
sizeof(blacklisted_syscalls) / sizeof(blacklisted_syscalls[0]));
|
||||
qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_ALLOW);
|
||||
|
||||
if(qssb_append_group_syscall_policy(policy, QSSB_SYSCALL_ALLOW, QSSB_SYSCGROUP_DEFAULT_ALLOW) != 0)
|
||||
{
|
||||
Logger::error() << "Sandbox: Failed to add whitelist!";
|
||||
qssb_free_policy(policy);
|
||||
return false;
|
||||
}
|
||||
if(qssb_append_group_syscall_policy(policy, QSSB_SYSCALL_ALLOW, QSSB_SYSCGROUP_SOCKET | QSSB_SYSCGROUP_FUTEX | QSSB_SYSCGROUP_PATH | QSSB_SYSCGROUP_SCHED) != 0)
|
||||
{
|
||||
Logger::error() << "Sandbox: Failed to add socket group!";
|
||||
qssb_free_policy(policy);
|
||||
return false;
|
||||
}
|
||||
if(qssb_append_syscall_default_policy(policy, QSSB_SYSCALL_DENY_KILL_PROCESS) != 0)
|
||||
{
|
||||
Logger::error() << "Sandbox: Default policy";
|
||||
qssb_free_policy(policy);
|
||||
return false;
|
||||
}
|
||||
if(qssb_enable_policy(policy) != 0)
|
||||
{
|
||||
Logger::error() << "Sandbox: Activation of seccomp blacklist failed!";
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit 0d7c5bd6d437ae95a4900aab6b7b6cc207acbd1b
|
||||
Subproject commit d847d0f996679c77741b85959988dd9e65d63b97
|
@ -1,7 +1,6 @@
|
||||
{qswiki:include:general_header}
|
||||
<main id="content">
|
||||
<h2>Search</h2>
|
||||
|
||||
<h2>Search</h2><br>
|
||||
Search content of pages:
|
||||
<form action="{qswiki:config:wikipath}" method="GET"><input type="hidden" name="action" value="search"/><input type="text" name="q" value="search here" onfocus="this.value=''"></form>
|
||||
</main>
|
||||
|
@ -23,6 +23,7 @@ h1, h2, h3
|
||||
{
|
||||
margin: 0;
|
||||
padding: 0;
|
||||
display: inline;
|
||||
}
|
||||
|
||||
nav
|
||||
|
Carregando…
Criar uma nova questão referindo esta
Bloquear um utilizador