| Age | Commit message (Collapse) | Author |
|---|
|
It's less code, and it's potentially more efficient once
posix_spawn is a real syscall.
|
|
These new syscalls allow you to send and receive file descriptors over
a local domain socket. This will enable various privilege separation
techniques and other good stuff. :^)
|
|
ppoll() is similar() to poll(), but it takes its timeout
as timespec instead of as int, and it takes an additional
sigmask parameter.
Change the sys$poll parameters to match ppoll() and implement
poll() in terms of ppoll().
|
|
pselect() is similar() to select(), but it takes its timeout
as timespec instead of as timeval, and it takes an additional
sigmask parameter.
Change the sys$select parameters to match pselect() and implement
select() in terms of pselect().
|
|
And rewrite the timeval functions as inline functions.
Also add the non-standard but fairly common and useful
TIMEVAL_TO_TIMESPEC / TIMESPEC_TO_TIMEVAL functions.
|
|
posix_spawn() tries to present semantics as if no fork() is happening
behind the scenes, so running arbitrary atexit handlers of the parent
in the child seems like the wrong thing to do.
|
|
This isn't in posix yet, but it is implemented on some platforms
and it will be in a future version:
https://www.austingroupbugs.net/view.php?id=1208
|
|
This isn't in posix yet, but it is implemented on some platforms
and it will be in a future version:
https://www.austingroupbugs.net/view.php?id=1044
It seems useful, so add it.
|
|
|
|
|
|
|
|
This is possible now that seteuid() / setegid() are implemented.
|
|
It looks like they're considered a bad idea, so let's not add
them before we need them. I figured it's good to have them in
git history if we ever do need them though, hence the add/remove
dance.
|
|
Add seteuid()/setegid() under _POSIX_SAVED_IDS semantics,
which also requires adding suid and sgid to Process, and
changing setuid()/setgid() to honor these semantics.
The exact semantics aren't specified by POSIX and differ
between different Unix implementations. This patch makes
serenity follow FreeBSD. The 2002 USENIX paper
"Setuid Demystified" explains the differences well.
In addition to seteuid() and setegid() this also adds
setreuid()/setregid() and setresuid()/setresgid(), and
the accessors getresuid()/getresgid().
Also reorder uid/euid functions so that they are the
same order everywhere (namely, the order that
geteuid()/getuid() already have).
|
|
All the file actions stuff is still missing for now,
as is POSIX_SPAWN_SETSCHEDULER (not sure what that's
supposed to do) and POSIX_SPAWN_RESETIDS.
Implemented in userspace for now. Once there are users,
it'll likely make sense to make this a syscall for
performance reasons.
A simple test program of the form
extern char **environ;
int main(int argc, char* argv[])
{
pid_t pid;
char* args[] = { "ls", NULL };
posix_spawnp(&pid, "ls", nullptr, nullptr, args, environ);
}
works fine.
|
|
We were getting a little overly memey in some places, so let's scale
things back to business-casual.
Informal language is fine in comments, commits and debug logs,
but let's keep the runtime nice and presentable. :^)
|
|
|
|
That's not how readlink() is supposed to work: it should copy as many bytes
as fit into the buffer, and return the number of bytes copied. So do that,
but add a twist: make sys$readlink() actually return the whole size, not
the number of bytes copied. We fix up this return value in userspace, to make
LibC's readlink() behave as expected, but this will also allow other code
to allocate a buffer of just the right size.
Also, avoid an extra copy of the link target.
|
|
That's where it's supposed to be declared.
|
|
Implemented in user space for now.
|
|
Get rid of the weird old signature:
- int StringType::to_int(bool& ok) const
And replace it with sensible new signature:
- Optional<int> StringType::to_int() const
|
|
Just carry on with some debug log whining.
Gets rid of one dropbear patch. :^)
|
|
Gets rid of one dropbear patch. :^)
|
|
Gets rid of one dropbear patch. :^)
|
|
This matches what other systems have, although we don't use them.
Gets rid of one dropbear patch. :^)
|
|
This fixes terminal UI resizing in the vim port. The problem was that
vim had "#ifdef TIOCGWINSZ" around the code that figures out the size
of the terminal.
Since all of our ioctl() requests were enum values, this code was not
compiled into vim at all. This patch fixes that. :^)
|
|
Fixes https://github.com/SerenityOS/serenity/issues/91
|
|
I've been using this in the new HTML parser and it makes it much easier
to understand the state of unfinished code branches.
TODO() is for places where it's okay to end up but we need to implement
something there.
ASSERT_NOT_REACHED() is for places where it's not okay to end up, and
something has gone wrong.
|
|
.. and make travis run it.
I renamed check-license-headers.sh to check-style.sh and expanded it so
that it now also checks for the presence of "#pragma once" in .h files.
It also checks the presence of a (single) blank line above and below the
"#pragma once" line.
I also added "#pragma once" to all the files that need it: even the ones
we are not check.
I also added/removed blank lines in order to make the script not fail.
I also ran clang-format on the files I modified.
|
|
This makes it possible to change flags of a mount after the fact, with the
caveats outlined in the man page.
|
|
This adds support for MS_RDONLY, a mount flag that tells the kernel to disallow
any attempts to write to the newly mounted filesystem. As this flag is
per-mount, and different mounts of the same filesystems (such as in case of bind
mounts) can have different mutability settings, you have to go though a custody
to find out if the filesystem is mounted read-only, instead of just asking the
filesystem itself whether it's inherently read-only.
This also adds a lot of checks we were previously missing; and moves some of
them to happen after more specific checks (such as regular permission checks).
One outstanding hole in this system is sys$mprotect(PROT_WRITE), as there's no
way we can know if the original file description this region has been mounted
from had been opened through a readonly mount point. Currently, we always allow
such sys$mprotect() calls to succeed, which effectively allows anyone to
circumvent the effect of MS_RDONLY. We should solve this one way or another.
|
|
That's where the other similar definitions reside. Also, use bit shift
operations for MS_* values.
|
|
|
|
This commit also changes the mode parsing to allow specifying the modes
in any order.
|
|
And move canonicalized_path() to a static method on LexicalPath.
This is to make it clear that FileSystemPath/canonicalized_path() only
perform *lexical* canonicalization.
|
|
It's not enough to send ourselves a SIGABRT, as it may be ignored or handled
differently. We really, really want abort() to never return, as that will mess
up the assumptions of the calling code big time. So, if raise(SIGABRT) returns,
kill ourselves with SIGKILL, and if that somehow returns too, call _exit().
An alternative approach, which glibc apparently follows, is to reset SIGABRT
disposition to its default value and then send SIGABRT to yourself a second
time. That would also work, but I believe SIGKILL + _exit() to be a simpler
approach that is less likely to break in extremely weird situations.
Note that this only guarantees that abort() never returns, not that the process
actually gets killed. It's still possible to install a SIGABRT handler that
simply never returns (such as by longjmp'ing out, endlessly looping, or exec'ing
another image). That is a legitimate use case we want to support; at the same
time most software doesn't use that functionality and would benefit from hard
guarantees that abort() terminates the program. The following commit is going to
introduce means for ensuring SIGABRT handler is never reset to something
unexpected.
|
|
We already do this for exit().
|
|
We (rightfully) mark abort() noreturn, so the loop just gets compiled out.
|
|
This should fix the toolchain build, where GCC doesn't use our stddef.h
Also, Dr. POSIX says ssize_t goes in <sys/types.h> anyway. :^)
|
|
Now that ssize_t is derived from size_t, we have to
|
|
|
|
While the compiler provides __SIZE_TYPE__ for declaring size_t,
there's unfortunately no __SSIZE_TYPE__ for ssize_t.
However, we can trick the preprocessor into doing what we want anyway
by doing "#define unsigned signed" before using __SIZE_TYPE__ again.
|
|
This file is required for building the git port.
It was already added before and then removed again when the CI script
for license header checks was added as it seemed irrelevant.
|
|
When we flush a FILE, we behave differently depending on whether we reading from
the file or writing to it:
* If we're writing, we actually write out the buffered data.
* If we're reading, we just drop the buffered (read ahead) data.
After flushing, there should be no additional buffered state stdio keeps about a
FILE, compared to what is true about the underlying file. This includes file
position (offset). When flushing writes, this is taken care of automatically,
but dropping the buffer is not enough to achieve that when reading. This commit
fixes that by seeking back explicitly in that case.
One way the problem manifested itself was upon fseek(SEEK_CUR) calls, as the
position of the underlying file was oftentimes different to the logical position
of the FILE. Since FILE::seek() already calls FILE::flush() prior to actually
modifying the position, fixing FILE::flush() to sync the positions is enough to
fix that issue.
|
|
This reverts commit 2c823473930121aecbacf0422c8372a0912e581b.
|
|
This reverts commit cdbbe14062ea49f9a9d9b0e5627aba9efd07659a.
|
|
This reverts commit c1eb744ff0a82cf6c8e3470ac10e2f417c7d9de2.
|
|
I've written a large part of the new stdio, so I'm (partly) to blame for it now.
|
|
I accidentally broke this in the recent rewrite. This reinstantiates the
behavior implemented in https://github.com/SerenityOS/serenity/commit/65714685259d1ea4ba9d32bc41aee6fc8c56a645.
|
|
Make sure that userspace is always referencing "system" headers in a way
that would build on target :). This means removing the explicit
include_directories of Libraries/LibC in favor of having it export its
headers as SYSTEM. Also remove a redundant include_directories of
Libraries in the 'serenity build' part of the build script. It's already
set at the top.
This causes issues for the Kernel, and for crt0.o. These special cases
are handled individually.
|
