From ea8676066c1b87565149222ebe1a17c6905aa7d7 Mon Sep 17 00:00:00 2001
From: Michael McVady <femtonaut@gmail.com>
Date: Thu, 10 Mar 2022 17:41:15 -0500
Subject: seccomp

---
 README.md      |  1 +
 conf/clog.conf | 21 +++++----------------
 src/clog.c     |  5 +++++
 3 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index f30867b..e2d2e4b 100644
--- a/README.md
+++ b/README.md
@@ -5,6 +5,7 @@ An attempt to reimplement flog, using the [kore.io](https://kore.io) framework.
 ## TODO
 
 * Dockerize.
+* seccomp/`getdents64` call?
 * Determine how to handle `lib`/dependencies.
 * Figure out how to build a statically-linked/standalone binary.
 * Upgrade to Kore 4.2.
diff --git a/conf/clog.conf b/conf/clog.conf
index 2415e5b..f0a2c41 100644
--- a/conf/clog.conf
+++ b/conf/clog.conf
@@ -1,33 +1,22 @@
 # clog configuration
 
-# server tls {
-# 	bind 127.0.0.1 8888
-# }
-
 server notls {
-	bind 127.0.0.1 8889
+	bind 127.0.0.1 8888
 	tls no
 }
 
 load ./clog.so init
 
-# tls_dhparam dh2048.pem
-
-workers 1
+workers 4
 
-seccomp_tracing yes
+seccomp_tracing no
 
 domain * {
 	attach notls
 
-# 	attach tls
-# 	certfile cert/server.pem
-# 	certkey  cert/key.pem
-
-	filemap  /static/ assets/static
+	filemap /static/ assets/static
 
 	route / posts
-	route ^/posts/[a-z0-9\-]+$ post
-
 	route /posts posts
+	route ^/posts/[a-z0-9\-]+$ post
 }
diff --git a/src/clog.c b/src/clog.c
index 7bf6012..b62b4f4 100644
--- a/src/clog.c
+++ b/src/clog.c
@@ -1,6 +1,7 @@
 #include <kore/kore.h>
 #include <kore/http.h>
 #include <kore/pgsql.h>
+#include <kore/seccomp.h>
 
 #include "assets.h"
 
@@ -11,6 +12,10 @@
 #include "../lib/md4c/src/md4c-html.h"
 #include "../lib/md4c/src/md4c-html.c"
 
+KORE_SECCOMP_FILTER("app",
+    KORE_SYSCALL_ALLOW(getdents64)
+)
+
 int init(int);
 int post(struct http_request *);
 int posts(struct http_request *);
-- 
cgit v1.2.3