| Fri, 30 Oct 2020 03:43:51 +0000 |
Roy Marples |
privsep: Send all log messages to the privileged actioneer
draft
|
| Wed, 30 Sep 2020 17:25:32 +0100 |
Roy Marples |
privsep: We now need to carry ifa_data for BSD
draft
|
| Sat, 19 Sep 2020 14:40:50 +0100 |
Roy Marples |
Linux: detect network namespace and deny udev in one
draft
|
| Thu, 20 Aug 2020 16:28:47 +0100 |
Roy Marples |
privsep: Only the master process accepts signals
draft
|
| Sun, 16 Aug 2020 19:21:48 +0100 |
Roy Marples |
Use a minimum bufsize of 1 as 0 doesn't work on some OS.
draft
|
| Sun, 16 Aug 2020 18:52:17 +0100 |
Roy Marples |
privsep: Set a zero length receive buffer for write only sockets
draft
|
| Mon, 03 Aug 2020 17:04:51 +0100 |
Roy Marples |
Revert "privsep: shutdown read end of the write only sockets"
draft
|
| Sat, 18 Jul 2020 12:40:30 +0100 |
Roy Marples |
privsep: shutdown read end of the write only sockets
draft
|
| Tue, 16 Jun 2020 20:58:17 +0100 |
Roy Marples |
privsep: Simplyfy signal handling
draft
|
| Tue, 16 Jun 2020 17:07:10 +0100 |
Roy Marples |
privsep: Use root signal_cb for all signals here.
draft
|
| Tue, 16 Jun 2020 11:58:16 +0000 |
Roy Marples |
privsep: Don't handle any signals meant for the main process
draft
|
| Wed, 10 Jun 2020 16:32:04 +0100 |
Roy Marples |
privsep: Fix a shutdown race
draft
|
| Wed, 10 Jun 2020 14:47:00 +0100 |
Roy Marples |
privsep: fix size of rdm
draft
|
| Wed, 10 Jun 2020 11:16:14 +0100 |
Roy Marples |
Try and guard against impossibly large data.
draft
|
| Tue, 09 Jun 2020 20:36:22 +0100 |
Roy Marples |
privsep: Fix bogus warnings without inet.
draft
|
| Tue, 09 Jun 2020 19:33:23 +0100 |
Roy Marples |
privsep: limit psr_datalen to SSIZE_MAX
draft
|
| Fri, 05 Jun 2020 20:24:21 +0100 |
Roy Marples |
privsep: Limit rights generically rather than Capsicum specifc
draft
|
| Fri, 05 Jun 2020 14:12:23 +0100 |
Roy Marples |
Linux: make resource limits work by using getifaddrs over privsep
draft
|
| Thu, 04 Jun 2020 21:49:37 +0100 |
Roy Marples |
Fix installing the embedded config as a file.
draft
|
| Thu, 04 Jun 2020 12:31:24 +0100 |
Roy Marples |
privsep: Log ECONNRESET errors again
draft
|
| Thu, 04 Jun 2020 12:15:20 +0100 |
Roy Marples |
privsep: Don't wait for the process to finish when stopping it
draft
|
| Thu, 04 Jun 2020 11:25:11 +0100 |
Roy Marples |
privsep: Fix returning indirect ioctl data
draft
|
| Wed, 03 Jun 2020 23:30:08 +0100 |
Roy Marples |
eloop: Just use ppoll(2)
draft
|
| Tue, 02 Jun 2020 17:48:34 +0100 |
Roy Marples |
privsep: Access the RDM monotic file via IPC
draft
|
| Tue, 02 Jun 2020 15:50:17 +0100 |
Roy Marples |
privsep: harden process handling
draft
|
| Mon, 01 Jun 2020 18:59:08 +0100 |
Roy Marples |
privsep: Only open raw sockets for the needed protocols.
draft
|
| Mon, 01 Jun 2020 13:57:31 +0100 |
Roy Marples |
privsep: Don't carry ifa_next
draft
|
| Sat, 30 May 2020 14:50:25 +0000 |
Roy Marples |
Fix compile with inet or inet6 disabled
draft
|
| Sun, 24 May 2020 14:49:41 +0100 |
Roy Marples |
privsep: Avoid the /proc/../ escape
draft
|
| Sun, 24 May 2020 12:30:13 +0100 |
Roy Marples |
Fix prior for BSD
draft
|
| Sun, 24 May 2020 11:49:58 +0100 |
Roy Marples |
privsep: Fix compile for prior without dev plugins
draft
|
| Sun, 24 May 2020 10:30:23 +0000 |
Roy Marples |
privsep: Allow dev plugins to work
draft
|
| Sun, 24 May 2020 05:47:14 +0000 |
Roy Marples |
privsep: Allow Linux to work without needing any mounts
draft
|
| Thu, 21 May 2020 18:28:27 +0100 |
Roy Marples |
dhcpcd: Move the script file from per interface to global context
draft
|
| Thu, 21 May 2020 16:53:54 +0100 |
Roy Marples |
privsep: Validate UDP ports
draft
|
| Thu, 21 May 2020 12:54:58 +0100 |
Roy Marples |
privsep: Only allow file IO to specific paths
draft
|
| Wed, 20 May 2020 18:14:38 +0100 |
Roy Marples |
privsep: Filter ioctls to a known list.
draft
|
| Wed, 20 May 2020 15:44:19 +0000 |
Roy Marples |
privsep: Ensure we don't scribble garbage to BPF
draft
|
| Tue, 19 May 2020 16:19:05 +0100 |
Roy Marples |
privsep: Enable Capsicum for all processes.
draft
|
| Thu, 14 May 2020 01:15:39 +0100 |
Roy Marples |
privsep: sockaddr len should be socklen_t
draft
|
| Wed, 13 May 2020 20:58:58 +0100 |
Roy Marples |
Remove debug.
draft
|
| Wed, 13 May 2020 20:52:24 +0100 |
Roy Marples |
privsep: Add a generic wrapper for getifaddrs(3)
draft
|
| Tue, 12 May 2020 10:58:31 +0100 |
Roy Marples |
Fix compile warnings with prior.
draft
|
| Tue, 12 May 2020 10:26:35 +0100 |
Roy Marples |
privsep: Handle all file IO in the Priviledged Actioneer
draft
|
| Sun, 10 May 2020 16:09:54 +0100 |
Roy Marples |
privsep: Implement pledge(2) support as found on OpenBSD
draft
|
| Sun, 10 May 2020 11:05:23 +0100 |
Roy Marples |
privsep: Copy back ioctl data
draft
|
| Thu, 30 Apr 2020 21:13:45 +0100 |
Roy Marples |
privsep: Add --chroot configurable
draft
|
| Thu, 23 Apr 2020 23:45:38 +0100 |
Roy Marples |
dhcpcd: Fix separation of per interface and per family
draft
|
| Mon, 06 Apr 2020 21:11:45 +0100 |
Christos Zoulas |
scripts: Run with an empty sigmask
draft
|
| Thu, 02 Apr 2020 19:54:19 +0000 |
Roy Marples |
Fix build without INET or INET6
draft
|
| Mon, 10 Feb 2020 13:26:30 +0000 |
Roy Marples |
spelling: Correct both privilege and separation
draft
|
| Wed, 22 Jan 2020 12:00:10 +0000 |
Roy Marples |
logging: Always log to syslog(3).
draft
|
| Tue, 21 Jan 2020 20:37:12 +0000 |
Roy Marples |
privsep: Fix compile on Alpine Linux
draft
|
| Tue, 21 Jan 2020 20:17:27 +0000 |
Roy Marples |
privsep: Only fetch PRIVSEP_USER at init
draft
|
| Tue, 21 Jan 2020 20:08:56 +0000 |
Roy Marples |
privsep: copy configuration file into chroot
draft
|
| Tue, 21 Jan 2020 16:17:18 +0000 |
Roy Marples |
privsep: chroot the master process
draft
|
| Wed, 08 Jan 2020 20:13:20 +0000 |
Roy Marples |
ioctl: The POSIX signature differs from BSD and glibc
draft
|
| Fri, 03 Jan 2020 13:10:48 +0000 |
Roy Marples |
Welcome to 2020!
draft
|
| Tue, 10 Dec 2019 21:00:58 +0000 |
Roy Marples |
privsep: Enable ARP BPF filtering for interesting addresses
draft
|
| Fri, 29 Nov 2019 13:55:46 +0000 |
Roy Marples |
privsep: Use another eloop instead of a blocking read.
draft
|
