1
0
mirror of https://git.kore.io/kore.git synced 2024-11-15 22:46:21 +01:00
Commit Graph

11 Commits

Author SHA1 Message Date
Joris Vink
8f743213aa Add my helper build scripts for building custom binaries.
Allows building Kore with several different component versions.

Eg:
	$ ./build-kore.sh 1.1.1h 3.9.0 7.72.0 1.41.0

	Will build Kore with OpenSSL 1.1.1h, Python 3.9.0, Curl 7.72.0
	and nghttp2 (for curl) 1.41.0
2020-10-08 13:53:48 +02:00
Joris Vink
1d27558e39 nicer warning 2020-09-03 19:24:26 +02:00
Joris Vink
58247eec4a I don't support x86 on Linux, remove it.
Pointed out by entitled end user.
2020-09-03 19:05:43 +02:00
Joris Vink
e38c6e5d30 Python: Several fixes for our async curl support.
- Fix the curl-extract-opt.sh generation script to work on newer
  curl releases as the header changed slightly.
- Use the correct handles when calling curl_easy_setopt() inside
  of our setopt functions exported via Python.
- Add a curl.setbody() method, allowing a body to be sent to be set.
  (eg when sending mail via SMTP).
- Regen of our python_curlopt.h from 7.71.1
2020-07-02 08:41:17 +02:00
Joris Vink
2d380cac3f Expose our async libcurl support to the Python api.
Kore already exposed parts of this via the kore.httpclient() method but
this commit takes it a bit further and exposes the libcurl interface
completely (including the setopt options).

tldr:

handle = kore.curl("ftp://ftp.eu.openbsd.org/pub/OpenBSD/README")
handle.setopt(kore.CURLOPT_TIMEOUT, 5)

data = await handle.run()
print("%s" % data.decode())
2020-01-18 19:43:38 +01:00
Joris Vink
eef1a05868 Change the way the linux syscall maps are made.
Use the syscall.h.in files from musl and generate the syscall maps
from there. Now we have proper support for x86_64, i386, arm and aarch64
to have syscall maps.
2019-11-06 11:57:25 +01:00
Joris Vink
99763d520b make sure we can run this outside the tree 2019-10-23 13:50:51 +02:00
Joris Vink
80a63fd4b1 Generate syscall maps from kernel tbl files if available.
If no tbl syscall files are available, fallback to using the dirty
/proc/kallsym trick that may or may not work.
2019-10-23 13:39:25 +02:00
Joris Vink
ec249390b1 Allow building with python3.8 2019-10-15 10:16:53 +02:00
Joris Vink
8bbdaedf94 Allow configuring seccomp on Linux via the python api.
A new hook in the koreapp class is called right before seccomp
is enabled. This hook receives a Kore seccomp object which has
the following methods:

	seccomp.allow("syscall")
	seccomp.allow_arg("syscall", arg, value)
	seccomp.allow_flag("syscall", arg, flag)
	seccomp.allow_mask("syscall", arg, mask)

	seccomp.deny("syscall")
	seccomp.deny_arg("syscall", arg, value, errno=EACCES)
	seccomp.deny_flag("syscall", arg, flag, errno=EACCES)
	seccomp.deny_mask("syscall", arg, mask, errno=EACCES)

This allows you to finetune the seccomp filters for your application
from inside your koreapp.
2019-10-04 10:59:48 +02:00
Joris Vink
cd9971247c Add seccomp syscall filtering to kore.
With this commit all Kore processes (minus the parent) are running
under seccomp.

The worker processes get the bare minimum allowed syscalls while each module
like curl, pgsql, etc will add their own filters to allow what they require.

New API functions:
    int kore_seccomp_filter(const char *name, void *filter, size_t len);

    Adds a filter into the seccomp system (must be called before
    seccomp is enabled).

New helpful macro:
    define KORE_SYSCALL_ALLOW(name)

    Allow the syscall with a given name, should be used in
    a sock_filter data structure.

New hooks:
    void kore_seccomp_hook(void);

    Called before seccomp is enabled, allows developers to add their
    own BPF filters into seccomp.
2019-09-25 14:31:20 +02:00