- Add KORE_SECCOMP_FILTER() as a helpful shortcut to create your
application seccomp filter. You can still roll your own and hook
into kore_seccomp_hook() yourself to load your filters.
- Add KORE_SYSCALL_ALLOW_LOG(_name)
Allows a system call but will log it.
With this commit all Kore processes (minus the parent) are running
under seccomp.
The worker processes get the bare minimum allowed syscalls while each module
like curl, pgsql, etc will add their own filters to allow what they require.
New API functions:
int kore_seccomp_filter(const char *name, void *filter, size_t len);
Adds a filter into the seccomp system (must be called before
seccomp is enabled).
New helpful macro:
define KORE_SYSCALL_ALLOW(name)
Allow the syscall with a given name, should be used in
a sock_filter data structure.
New hooks:
void kore_seccomp_hook(void);
Called before seccomp is enabled, allows developers to add their
own BPF filters into seccomp.
Allows killing of coroutines, given their task id.
The kore.task_create() method now returns the task id for a newly
created task to the caller.
While here, change the coroutine task id to a uint32 from uint64.
There is no need for it to be 64bit. (famous last words)
If built with PYTHON_CORO_DEBUG in CFLAGS Kore will spew out coroutine
traces while running. These traces include the filename, function and line
number where the coroutines are waking up, running and suspended.
- decouple pgsql from the HTTP request allowing it to be used in other
contexts as well (such as a task, etc).
- change names to dbsetup() and dbquery().
eg:
result = kore.dbquery("db", "select foo from bar")
Prevents a stall in case there is still data in the read end of the socket
but PQisBusy() told us to not fetch a result yet. In that case we end up
stalling due to epoll not giving us another EPOLLIN event due to EPOLLET.
In case libcurl instructs us to call the timeout function as soon
as possible (timeout == 0 in curl_timeout), don't try to be clever
with a timeout value of 10ms.
Instead call the timeout function once we get back in the worker
event loop. This makes things a lot snappier as we don't depend
on epoll/kqueue waiting for io for 10ms (which actually isn't 10ms...).
- If Kore is built with PYTHON=1 you can now specify the module that
should be loaded on the command-line.
eg: $ kore -frn myapp
- Add skeleton generation for python applications to kodev.
eg: $ kodev create -p myapp
This should make it a whole lot easier to get started with kore python.
1) Add @kore.prerequest python decorator.
Using this decorator on a function will cause that function
to always be executed *before* any page handler is run.
eg:
@kore.prerequest
def _check(req):
if req.method == kore.HTTP_METHOD_POST:
req.populate_post()
2) Allow attributes to be set on the pyhttp object.
