Kernel: Add a 'no_error' pledge promise

This makes pledge() ignore promises that would otherwise cause it to
fail with EPERM, which is very useful for allowing programs to run under
a "jail" so to speak, without having them termiate early due to a
failing pledge() call.

1 files changed, 9 insertions, 4 deletions

diff --git a/Kernel/Syscalls/pledge.cpp b/Kernel/Syscalls/pledge.cpp
index 2ed72afb80..20c39c81cd 100644
--- a/Kernel/Syscalls/pledge.cpp
+++ b/Kernel/Syscalls/pledge.cpp
@@ -46,16 +46,21 @@ ErrorOr<FlatPtr> Process::sys$pledge(Userspace<const Syscall::SC_pledge_params*>
     if (promises) {
         if (!parse_pledge(promises->view(), new_promises))
             return EINVAL;
-        if (m_protected_values.has_promises && (new_promises & ~m_protected_values.promises))
-            return EPERM;
+
+        if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error))) {
+            if (m_protected_values.has_promises && (new_promises & ~m_protected_values.promises))
+                return EPERM;
+        }
     }
 
     u32 new_execpromises = 0;
     if (execpromises) {
         if (!parse_pledge(execpromises->view(), new_execpromises))
             return EINVAL;
-        if (m_protected_values.has_execpromises && (new_execpromises & ~m_protected_values.execpromises))
-            return EPERM;
+        if (!(m_protected_values.promises & (1u << (u32)Pledge::no_error))) {
+            if (m_protected_values.has_execpromises && (new_execpromises & ~m_protected_values.execpromises))
+                return EPERM;
+        }
     }
 
     // Only apply promises after all validation has occurred, this ensures