seccomp

3 files changed, 11 insertions, 16 deletions

diff --git a/README.md b/README.md
index f30867b..e2d2e4b 100644
--- a/README.md
+++ b/README.md
@@ -5,6 +5,7 @@ An attempt to reimplement flog, using the [kore.io](https://kore.io) framework.
 ## TODO
 
 * Dockerize.
+* seccomp/`getdents64` call?
 * Determine how to handle `lib`/dependencies.
 * Figure out how to build a statically-linked/standalone binary.
 * Upgrade to Kore 4.2.
diff --git a/conf/clog.conf b/conf/clog.conf
index 2415e5b..f0a2c41 100644
--- a/conf/clog.conf
+++ b/conf/clog.conf
@@ -1,33 +1,22 @@
 # clog configuration
 
-# server tls {
-# 	bind 127.0.0.1 8888
-# }
-
 server notls {
-	bind 127.0.0.1 8889
+	bind 127.0.0.1 8888
 	tls no
 }
 
 load ./clog.so init
 
-# tls_dhparam dh2048.pem
-
-workers 1
+workers 4
 
-seccomp_tracing yes
+seccomp_tracing no
 
 domain * {
 	attach notls
 
-# 	attach tls
-# 	certfile cert/server.pem
-# 	certkey  cert/key.pem
-
-	filemap  /static/ assets/static
+	filemap /static/ assets/static
 
 	route / posts
-	route ^/posts/[a-z0-9\-]+$ post
-
 	route /posts posts
+	route ^/posts/[a-z0-9\-]+$ post
 }
diff --git a/src/clog.c b/src/clog.c
index 7bf6012..b62b4f4 100644
--- a/src/clog.c
+++ b/src/clog.c
@@ -1,6 +1,7 @@
 #include <kore/kore.h>
 #include <kore/http.h>
 #include <kore/pgsql.h>
+#include <kore/seccomp.h>
 
 #include "assets.h"
 
@@ -11,6 +12,10 @@
 #include "../lib/md4c/src/md4c-html.h"
 #include "../lib/md4c/src/md4c-html.c"
 
+KORE_SECCOMP_FILTER("app",
+    KORE_SYSCALL_ALLOW(getdents64)
+)
+
 int init(int);
 int post(struct http_request *);
 int posts(struct http_request *);