]> WPIA git - gigi.git/commit
projects / gigi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cd8500a) | patch
upd: add more sandboxing directives to gigi-proxy.service
authorLucas Werkmeister <mail@lucaswerkmeister.de>
Wed, 18 Jan 2017 13:06:39 +0000 (14:06 +0100)
committerLucas Werkmeister <mail@lucaswerkmeister.de>
Thu, 19 Jan 2017 10:28:04 +0000 (11:28 +0100)
commita9405c7e4b3aaa670f4b53da18c0b15448c87c2c
tree1d6d78c4984d69697e7d3ebe41884cdf19f57e66tree | snapshot
parentcd8500a5faf420aace24ee253a4f2407eb85588dcommit | diff
upd: add more sandboxing directives to gigi-proxy.service

Most notably, the set of permitted syscalls excludes fork and many file
system commands like unlink or rmdir.

Change-Id: I87827f6ed0025570288611cf257c6e3a01769593
debian/cacert-gigi-testing.install diff | blob | history
debian/cacert-gigi.install diff | blob | history
debian/gigi-proxy.service diff | blob | history
debian/gigi-proxy.service.d/SystemCallFilter.conf [new file with mode: 0644] blob
WPIA Certificate Web Issuance Platform