| Age | Commit message (Collapse) | Author |
|---|
|
Now gmid doesn't touch anymore the internals of the imsg structs.
|
|
for some reason that's not entirely clear to me, __dead doesn't
seem to work on macos, so clang thinks datalen is used un-initialized.
meh
|
|
Makes parsing and handling of imsgs simpler / clearer. only crypto.c
is left as-is.
|
|
since proc_forward_imsg() never forwards a file descriptor (it's
never called actually) just use -1 there.
|
|
They're not needed on OpenBSD nor in other systems... except under
sandbox. These were added for capsicum() if I remember correctly,
but also with landlock it's better to initialize these things
earlier.
|
|
Was requested ages ago by Karl Jeacle, now that there is some better
support for configuring the logging there's no excuse to add this.
It helps with filtering from syslog.d / syslog.conf.
|
|
|
|
|
|
|
|
simplifies further handling. The stdio layer introduces its own
buffering and for the logs I'd like to avoid it. fflush(3) is an
option, but using a raw fd and dprintf(2) requires less code.
|
|
|
|
|
|
so that ge can provide its own log_request without requiring a
separate logger process.
|
|
It uses the 'common' proc.c from various OpenBSD-daemons.
gmid grew organically bit by bit and it was also the first place where I
tried to implement privsep. It wasn't done very well, in fact the
parent process (that retains root privileges) just fork()s a generation
of servers, all sharing *exactly* the same address space. No good!
Now, we fork() and re-exec() ourselves, so that each process has a fresh
address space.
Some features (require client ca for example) are temporarly disabled,
will be fixed in subsequent commits. The "ge" program is also
temporarly disabled as it needs tweaks to do privsep too.
|
|
|
|
|
|
|
|
|
